httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <icici...@gmail.com>
Subject Re: [users@httpd] Compile apache 2.2.26 with openssl1.0.1e failing
Date Mon, 02 Dec 2013 02:05:09 GMT
On Mon, Dec 2, 2013 at 8:49 AM, Srinivasa Rao Katta <skatta33@hotmail.com>wrote:

> Igor,
>
> Please try to install  gcc for 4.7.2 version and put gcc in the path
> before old gcc,old gcc is under /usr/local/bin and new gcc 4.7.2 will be
> installed under /usr/local/gcc-4.7.2 and  update your profile file
> /etc/profile for /usr/local/gcc-4.7.2/bin.
>
> stil you getting the error,please keep only following libs under
> /usr/local/ssl/lib and please check for libs libcrypto.so and libssl.so in
> the  lib folders and move these libs to backup folder.
>
> Please keep following 2 libs only in the /usr/local/ssl/lib;
>
> libcrypto.a
> libssl.a
>
> and please move other libs from /usr/local/ssl/lib to some backup folder.
>
> now run,configure and make and look for compilation errors.
>
> thats it.
>
> please let me know,If You have any questions or concerns.
>
> Thanks,
> Srinivas
>
>
>
>
> Srinivasa Rao Katta(System Administrator),
> skatta33@hotmail.com,
>  <skatta74@yahoo.com>
>
>
>
> ------------------------------
> Date: Sun, 1 Dec 2013 07:27:42 -0500
> From: trawick@gmail.com
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Compile apache 2.2.26 with openssl1.0.1e
> failing
>
>
> On Sat, Nov 30, 2013 at 9:38 PM, Igor Cicimov <icicimov@gmail.com> wrote:
>
>
>
>
> On Sun, Dec 1, 2013 at 2:29 AM, Jeff Trawick <trawick@gmail.com> wrote:
>
> On Sat, Nov 30, 2013 at 4:20 AM, Igor Cicimov <icicimov@gmail.com> wrote:
>
> Hi all,
>
> Im trying to build apache2.2.26 on CentOS5.10 final x86_64, linked to
> openssl1.0.1e which is also compiled and installed from source under
> /usr/loca/lib64:
>
> $ ls -l /usr/local/lib64/
> total 7060
> drwxr-xr-x 2 root root    4096 Nov 30 18:50 engines
> -rw-r--r-- 1 root root 3858348 Nov 30 18:50 libcrypto.a
> lrwxrwxrwx 1 root root      18 Nov 30 18:50 libcrypto.so ->
> libcrypto.so.1.0.0
> -r-xr-xr-x 1 root root 2145661 Nov 30 18:50 libcrypto.so.1.0.0
> -rw-r--r-- 1 root root  729426 Nov 30 18:50 libssl.a
> lrwxrwxrwx 1 root root      15 Nov 30 18:50 libssl.so -> libssl.so.1.0.0
> -r-xr-xr-x 1 root root  463549 Nov 30 18:50 libssl.so.1.0.0
> drwxr-xr-x 2 root root    4096 Nov 30 01:21 pkgconfig
>
> I've used the following process to compile openssl1.0.1e:
>
> $ ./Configure --prefix=/usr/local --openssldir=/usr/local/openssl
> enable-tlsext linux-x86_64 threads zlib enable-idea enable-rc5 enable-mdc2
> enable-ec shared
> $ make depend
> $ make
> $ sudo make install
>
> $ openssl version
> OpenSSL 1.0.1e 11 Feb 2013
>
> $ openssl s_client -connect smtp.gmail.com:25 -starttls smtp | grep
> Protocol
> depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
> verify error:num=20:unable to get local issuer certificate
> verify return:0
> 250 CHUNKING
>     Protocol  : TLSv1.2
>
> $ openssl s_client -connect gmail.com:443 | grep Protocol
> depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
> verify error:num=20:unable to get local issuer certificate
> verify return:0
>     Protocol  : TLSv1.2
>
> So as expected the client gets to use the TLSv1.2 protocol. I guess that
> means (maybe) openssl is good to go ...
>
> The relevant part of my apache configure command:
>
> $ ./configure LDFLAGS="-L/usr/local/lib64" --enable-ssl=shared
> --with-ssl=/usr/local/lib64 .....
>
> with double attempt to point apache to the openssl libraries, but make is
> failing with following error:
>
> /home/igor.cicimov/httpd-2.2.26/srclib/apr/libtool --silent --mode=link
> gcc -g -O2 -pthread     -L/usr/lib64 -L/usr/local/lib64/lib
> -L/usr/kerberos/lib64  -L/usr/local/lib64 -o ab  ab.lo   -lm
> /home/igor.cicimov/httpd-2.2.26/srclib/pcre/libpcre.la/home/igor.cicimov/httpd-2.2.26/srclib/apr-util/
> libaprutil-1.la /home/igor.cicimov/httpd-2.2.26/srclib/apr-util/xml/expat/
> libexpat.la /home/igor.cicimov/httpd-2.2.26/srclib/apr/libapr-1.la -luuid
> -lrt -lcrypt -lpthread -ldl -lssl -lcrypto -ldl -lz
> .libs/ab.o: In function `main':
> /home/igor.cicimov/httpd-2.2.26/support/ab.c:2241: undefined reference to
> `TLSv1_2_client_method'
> /home/igor.cicimov/httpd-2.2.26/support/ab.c:2239: undefined reference to
> `TLSv1_1_client_method'
> collect2: ld returned 1 exit status
> make[2]: *** [ab] Error 1
> make[2]: Leaving directory `/home/igor.cicimov/httpd-2.2.26/support'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/home/igor.cicimov/httpd-2.2.26/support'
> make: *** [all-recursive] Error 1
>
> This is not my first time I compile apache and openssl and have never seen
> this error about apache tools. What am I missing here? Any thoughts?
>
>
> I guess it is because of the order of the system library and your local
> library dir in the linker search path:
>
> libtool --mode=link ... -L/usr/lib64 -L/usr/local/lib64/lib ...
>
>
> Yeah but that kinda beats the purpose of "--with-ssl" switch when
> compiling apache. This should tell apache to look for the openssl libraries
> in that directory and nowhere else otherwise how are we going to be able to
> build apache against specific openssl version on systems that have multiple
> versions of it installed?
>
>
> understood...  open a bug...
>
>
>
> Something is definitely wrong here, either apache does not behave as
> expected during compile time or I'm totally mistaken about the use of the
>  "--with-ssl" option.
>
> Cheers,
> Igor
>
>
>
>
> --
> Born in Roswell... married an alien...
> http://emptyhammock.com/
>

Srinivas,

I don't think the problem here is about compiler version or openssl
install. It is about apache not picking up the ssl libraries from the right
spot it's been pointed to during the configuration phase. I have confirmed
this on two separate CentOS systems with CentOS-5.6 final and CentOS-5.10
final. On both of them I get the same error:

/home/igorc/httpd-2.2.26/srclib/apr/libtool --silent --mode=link gcc -g -O2
-pthread    * -L/usr/lib64  -L/opt/openssl/lib* -o ab  ab.lo   -lm
/home/igorc/httpd-2.2.26/srclib/pcre/libpcre.la/home/igorc/httpd-2.2.26/srclib/apr-util/
libaprutil-1.la -lexpat
/home/igorc/httpd-2.2.26/srclib/apr/libapr-1.la-luuid -lrt -lcrypt
-lpthread -ldl -lssl -lcrypto
.libs/ab.o: In function `main':
/home/igorc/httpd-2.2.26/support/ab.c:2241: undefined reference to
`TLSv1_2_client_method'
/home/igorc/httpd-2.2.26/support/ab.c:2239: undefined reference to
`TLSv1_1_client_method'
collect2: ld returned 1 exit status
make[2]: *** [ab] Error 1
make[2]: Leaving directory `/home/igorc/httpd-2.2.26/support'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/igorc/httpd-2.2.26/support'
make: *** [all-recursive] Error 1

My assumption is that although I have pointed apache to /opt/openssl where
my custom build of openssl-1.0.1e is apache is not picking up the ssl
libraries from the right spot but from the /usr/lib64 instead.

Some other possibilities are:
- a bug in libtool
- apache-2.2.26 has some issues with the openssl-1.0.1e libraries

Anyway, I have opened a bug report so lets see what happens. More details
there.

https://issues.apache.org/bugzilla/show_bug.cgi?id=55834

Cheers,
Igor

Mime
View raw message