httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <icici...@gmail.com>
Subject Re: [users@httpd] Compile apache 2.2.26 with openssl1.0.1e failing
Date Mon, 02 Dec 2013 02:45:14 GMT
On Mon, Dec 2, 2013 at 1:05 PM, Igor Cicimov <icicimov@gmail.com> wrote:

>
> On Mon, Dec 2, 2013 at 8:49 AM, Srinivasa Rao Katta <skatta33@hotmail.com>wrote:
>
>> Igor,
>>
>> Please try to install  gcc for 4.7.2 version and put gcc in the path
>> before old gcc,old gcc is under /usr/local/bin and new gcc 4.7.2 will be
>> installed under /usr/local/gcc-4.7.2 and  update your profile file
>> /etc/profile for /usr/local/gcc-4.7.2/bin.
>>
>> stil you getting the error,please keep only following libs under
>> /usr/local/ssl/lib and please check for libs libcrypto.so and libssl.so in
>> the  lib folders and move these libs to backup folder.
>>
>> Please keep following 2 libs only in the /usr/local/ssl/lib;
>>
>> libcrypto.a
>> libssl.a
>>
>> and please move other libs from /usr/local/ssl/lib to some backup folder.
>>
>> now run,configure and make and look for compilation errors.
>>
>> thats it.
>>
>> please let me know,If You have any questions or concerns.
>>
>> Thanks,
>> Srinivas
>>
>>
>>
>>
>> Srinivasa Rao Katta(System Administrator),
>> skatta33@hotmail.com,
>>  <skatta74@yahoo.com>
>>
>>
>>
>> ------------------------------
>> Date: Sun, 1 Dec 2013 07:27:42 -0500
>> From: trawick@gmail.com
>> To: users@httpd.apache.org
>> Subject: Re: [users@httpd] Compile apache 2.2.26 with openssl1.0.1e
>> failing
>>
>>
>> On Sat, Nov 30, 2013 at 9:38 PM, Igor Cicimov <icicimov@gmail.com> wrote:
>>
>>
>>
>>
>> On Sun, Dec 1, 2013 at 2:29 AM, Jeff Trawick <trawick@gmail.com> wrote:
>>
>> On Sat, Nov 30, 2013 at 4:20 AM, Igor Cicimov <icicimov@gmail.com> wrote:
>>
>> Hi all,
>>
>> Im trying to build apache2.2.26 on CentOS5.10 final x86_64, linked to
>> openssl1.0.1e which is also compiled and installed from source under
>> /usr/loca/lib64:
>>
>> $ ls -l /usr/local/lib64/
>> total 7060
>> drwxr-xr-x 2 root root    4096 Nov 30 18:50 engines
>> -rw-r--r-- 1 root root 3858348 Nov 30 18:50 libcrypto.a
>> lrwxrwxrwx 1 root root      18 Nov 30 18:50 libcrypto.so ->
>> libcrypto.so.1.0.0
>> -r-xr-xr-x 1 root root 2145661 Nov 30 18:50 libcrypto.so.1.0.0
>> -rw-r--r-- 1 root root  729426 Nov 30 18:50 libssl.a
>> lrwxrwxrwx 1 root root      15 Nov 30 18:50 libssl.so -> libssl.so.1.0.0
>> -r-xr-xr-x 1 root root  463549 Nov 30 18:50 libssl.so.1.0.0
>> drwxr-xr-x 2 root root    4096 Nov 30 01:21 pkgconfig
>>
>> I've used the following process to compile openssl1.0.1e:
>>
>> $ ./Configure --prefix=/usr/local --openssldir=/usr/local/openssl
>> enable-tlsext linux-x86_64 threads zlib enable-idea enable-rc5 enable-mdc2
>> enable-ec shared
>> $ make depend
>> $ make
>> $ sudo make install
>>
>> $ openssl version
>> OpenSSL 1.0.1e 11 Feb 2013
>>
>> $ openssl s_client -connect smtp.gmail.com:25 -starttls smtp | grep
>> Protocol
>> depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
>> verify error:num=20:unable to get local issuer certificate
>> verify return:0
>> 250 CHUNKING
>>     Protocol  : TLSv1.2
>>
>> $ openssl s_client -connect gmail.com:443 | grep Protocol
>> depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
>> verify error:num=20:unable to get local issuer certificate
>> verify return:0
>>     Protocol  : TLSv1.2
>>
>> So as expected the client gets to use the TLSv1.2 protocol. I guess that
>> means (maybe) openssl is good to go ...
>>
>> The relevant part of my apache configure command:
>>
>> $ ./configure LDFLAGS="-L/usr/local/lib64" --enable-ssl=shared
>> --with-ssl=/usr/local/lib64 .....
>>
>> with double attempt to point apache to the openssl libraries, but make is
>> failing with following error:
>>
>> /home/igor.cicimov/httpd-2.2.26/srclib/apr/libtool --silent --mode=link
>> gcc -g -O2 -pthread     -L/usr/lib64 -L/usr/local/lib64/lib
>> -L/usr/kerberos/lib64  -L/usr/local/lib64 -o ab  ab.lo   -lm
>> /home/igor.cicimov/httpd-2.2.26/srclib/pcre/libpcre.la/home/igor.cicimov/httpd-2.2.26/srclib/apr-util/
>> libaprutil-1.la/home/igor.cicimov/httpd-2.2.26/srclib/apr-util/xml/expat/
>> libexpat.la /home/igor.cicimov/httpd-2.2.26/srclib/apr/libapr-1.la-luuid -lrt -lcrypt
-lpthread -ldl -lssl -lcrypto -ldl -lz
>> .libs/ab.o: In function `main':
>> /home/igor.cicimov/httpd-2.2.26/support/ab.c:2241: undefined reference to
>> `TLSv1_2_client_method'
>> /home/igor.cicimov/httpd-2.2.26/support/ab.c:2239: undefined reference to
>> `TLSv1_1_client_method'
>> collect2: ld returned 1 exit status
>> make[2]: *** [ab] Error 1
>> make[2]: Leaving directory `/home/igor.cicimov/httpd-2.2.26/support'
>> make[1]: *** [all-recursive] Error 1
>> make[1]: Leaving directory `/home/igor.cicimov/httpd-2.2.26/support'
>> make: *** [all-recursive] Error 1
>>
>> This is not my first time I compile apache and openssl and have never
>> seen this error about apache tools. What am I missing here? Any thoughts?
>>
>>
>> I guess it is because of the order of the system library and your local
>> library dir in the linker search path:
>>
>> libtool --mode=link ... -L/usr/lib64 -L/usr/local/lib64/lib ...
>>
>>
>> Yeah but that kinda beats the purpose of "--with-ssl" switch when
>> compiling apache. This should tell apache to look for the openssl libraries
>> in that directory and nowhere else otherwise how are we going to be able to
>> build apache against specific openssl version on systems that have multiple
>> versions of it installed?
>>
>>
>> understood...  open a bug...
>>
>>
>>
>> Something is definitely wrong here, either apache does not behave as
>> expected during compile time or I'm totally mistaken about the use of the
>>  "--with-ssl" option.
>>
>> Cheers,
>> Igor
>>
>>
>>
>>
>> --
>> Born in Roswell... married an alien...
>> http://emptyhammock.com/
>>
>
> Srinivas,
>
> I don't think the problem here is about compiler version or openssl
> install. It is about apache not picking up the ssl libraries from the right
> spot it's been pointed to during the configuration phase. I have confirmed
> this on two separate CentOS systems with CentOS-5.6 final and CentOS-5.10
> final. On both of them I get the same error:
>
> /home/igorc/httpd-2.2.26/srclib/apr/libtool --silent --mode=link gcc -g
> -O2 -pthread    * -L/usr/lib64  -L/opt/openssl/lib* -o ab  ab.lo   -lm
> /home/igorc/httpd-2.2.26/srclib/pcre/libpcre.la/home/igorc/httpd-2.2.26/srclib/apr-util/
> libaprutil-1.la -lexpat /home/igorc/httpd-2.2.26/srclib/apr/libapr-1.la-luuid -lrt -lcrypt
-lpthread -ldl -lssl -lcrypto
> .libs/ab.o: In function `main':
> /home/igorc/httpd-2.2.26/support/ab.c:2241: undefined reference to
> `TLSv1_2_client_method'
> /home/igorc/httpd-2.2.26/support/ab.c:2239: undefined reference to
> `TLSv1_1_client_method'
> collect2: ld returned 1 exit status
> make[2]: *** [ab] Error 1
> make[2]: Leaving directory `/home/igorc/httpd-2.2.26/support'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/home/igorc/httpd-2.2.26/support'
> make: *** [all-recursive] Error 1
>
> My assumption is that although I have pointed apache to /opt/openssl where
> my custom build of openssl-1.0.1e is apache is not picking up the ssl
> libraries from the right spot but from the /usr/lib64 instead.
>
> Some other possibilities are:
> - a bug in libtool
> - apache-2.2.26 has some issues with the openssl-1.0.1e libraries
>
> Anyway, I have opened a bug report so lets see what happens. More details
> there.
>
> https://issues.apache.org/bugzilla/show_bug.cgi?id=55834
>
> Cheers,
> Igor
>
>
>
>
Ok, the problem was right in front of my eyes but I couldn't see it. Here
it is:

*/home/igorc/httpd-2.2.26/srclib/apr/libtool *

It is the apache apr library, it obviously comes with hard coded paths in
libtool. Duh!

The solution, omit the "*--with-included-apr*" from your configure options
to by-pass the STUPID apr that comes with apache and use the system
provided one.

Can't believe I lost so much time on this. Hope it helps someone else.

This also means the bug is valid.

Cheers,
Igor

Mime
View raw message