You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2013/12/02 02:43:05 UTC
[Bug 55834] New: Apache does not honor the openssl library path
given by --with-ssl during compile
https://issues.apache.org/bugzilla/show_bug.cgi?id=55834
Bug ID: 55834
Summary: Apache does not honor the openssl library path given
by --with-ssl during compile
Product: Apache httpd-2
Version: 2.2.26
Hardware: PC
OS: Linux
Status: NEW
Severity: major
Priority: P2
Component: Build
Assignee: bugs@httpd.apache.org
Reporter: icicimov@gmail.com
Hi all,
I've been trying to compile apache2.2.26 on two separate CentOS boxes, one with
CentOS-5.6 and one with CentOS-5.10 final. The compile process failed on both
of them with the following error message at the point of compiling the apache
tools:
/home/igorc/httpd-2.2.26/srclib/apr/libtool --silent --mode=link gcc -g -O2
-pthread -L/usr/lib64 -L/opt/openssl/lib -o ab ab.lo -lm
/home/igorc/httpd-2.2.26/srclib/pcre/libpcre.la
/home/igorc/httpd-2.2.26/srclib/apr-util/libaprutil-1.la -lexpat
/home/igorc/httpd-2.2.26/srclib/apr/libapr-1.la -luuid -lrt -lcrypt -lpthread
-ldl -lssl -lcrypto
.libs/ab.o: In function `main':
/home/igorc/httpd-2.2.26/support/ab.c:2241: undefined reference to
`TLSv1_2_client_method'
/home/igorc/httpd-2.2.26/support/ab.c:2239: undefined reference to
`TLSv1_1_client_method'
collect2: ld returned 1 exit status
make[2]: *** [ab] Error 1
make[2]: Leaving directory `/home/igorc/httpd-2.2.26/support'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/igorc/httpd-2.2.26/support'
make: *** [all-recursive] Error 1
The exact config command I used is as follows:
./configure LDFLAGS="-L/opt/openssl/lib" --prefix=/usr/local/apache2-2.2.26
--with-mpm=worker --with-included-apr --enable-info --enable-proxy
--enable-proxy-connect --enable-proxy-ftp --enable-proxy-http
--enable-proxy-balancer --enable-rewrite --enable-headers --enable-cache
--enable-mem-cache --enable-disk-cache --enable-expires --enable-dav
--enable-deflate --enable-ssl --with-ssl=/opt/openssl --with-ldap=ldap
--with-ldap-lib=/usr/lib64 --with-ldap-include=/usr/include --enable-ldap
--enable-authnz-ldap --enable-mods-shared="all ldap authnz_ldap proxy
proxy-http proxy-ftp proxy-balancer deflate info rewrite headers expires
authn_alias cache mem_cache disk_cache file_cache charset_lite dav dav_lock
ssl"
pointing apache compiler to the appropriate custom install of openss-1.0.1e
libraries under /opt/openssl. The config used for openssl compile was:
./Configure --prefix=/opt/openssl enable-tlsext linux-x86_64 threads zlib
enable-idea enable-rc5 enable-mdc2 enable-ec enable-ecdh enable-ecdsa shared
$ ls -lR /opt/openssl/lib/
/opt/openssl/lib/:
total 7060
drwxr-xr-x 2 root root 4096 Dec 2 12:00 engines
-rw-r--r-- 1 root root 3858364 Dec 2 12:00 libcrypto.a
lrwxrwxrwx 1 root root 18 Dec 2 12:00 libcrypto.so -> libcrypto.so.1.0.0
-r-xr-xr-x 1 root root 2145661 Dec 2 12:00 libcrypto.so.1.0.0
-rw-r--r-- 1 root root 729410 Dec 2 12:00 libssl.a
lrwxrwxrwx 1 root root 15 Dec 2 12:00 libssl.so -> libssl.so.1.0.0
-r-xr-xr-x 1 root root 463549 Dec 2 12:00 libssl.so.1.0.0
drwxr-xr-x 2 root root 4096 Dec 2 12:00 pkgconfig
/opt/openssl/lib/engines:
total 352
-r-xr-xr-x 1 root root 23714 Dec 2 12:00 lib4758cca.so
-r-xr-xr-x 1 root root 25611 Dec 2 12:00 libaep.so
-r-xr-xr-x 1 root root 18601 Dec 2 12:00 libatalla.so
-r-xr-xr-x 1 root root 5866 Dec 2 12:00 libcapi.so
-r-xr-xr-x 1 root root 32035 Dec 2 12:00 libchil.so
-r-xr-xr-x 1 root root 26300 Dec 2 12:00 libcswift.so
-r-xr-xr-x 1 root root 5865 Dec 2 12:00 libgmp.so
-r-xr-xr-x 1 root root 115028 Dec 2 12:00 libgost.so
-r-xr-xr-x 1 root root 16168 Dec 2 12:00 libnuron.so
-r-xr-xr-x 1 root root 5869 Dec 2 12:00 libpadlock.so
-r-xr-xr-x 1 root root 31966 Dec 2 12:00 libsureware.so
-r-xr-xr-x 1 root root 26114 Dec 2 12:00 libubsec.so
/opt/openssl/lib/pkgconfig:
total 12
-rw-r--r-- 1 root root 266 Dec 2 12:00 libcrypto.pc
-rw-r--r-- 1 root root 281 Dec 2 12:00 libssl.pc
-rw-r--r-- 1 root root 291 Dec 2 12:00 openssl.pc
$ /opt/openssl/bin/openssl version
OpenSSL 1.0.1e 11 Feb 2013
Additionally to this I have set my $PATH and $LD_LIBRARY_PATH to point to this
location as well in the shell terminal I ran the compile from:
$ export PATH=/opt/openssl/bin:$PATH
$ export LD_LIBRARY_PATH=/opt/openssl/lib:$LD_LIBRARY_PATH
and on top of that I've put /opt/openssl/lib in /etc/ld.so.conf file and ran
ldconfig.
My guess the problem is that during the compile time the order of the libraries
as given just before the error "-L/usr/lib64 -L/opt/openssl/lib" makes the
compiler to pick up the wrong version of openssl.
My understanding is that apache should look for ssl libraries only in the path
given by "--with-ssl" switch but that is not the case here.
# lsb_release -a
LSB Version:
:core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-ia32:printing-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 5.6 (Final)
Release: 5.6
Codename: Final
# gcc -v
Using built-in specs.
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --enable-shared --enable-threads=posix
--enable-checking=release --with-system-zlib --enable-__cxa_atexit
--disable-libunwind-exceptions --enable-libgcj-multifile
--enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk
--disable-dssi --disable-plugin
--with-java-home=/usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/jre --with-cpu=generic
--host=x86_64-redhat-linux
Thread model: posix
gcc version 4.1.2 20080704 (Red Hat 4.1.2-50)
Please let me know if any more info needed.
Thanks,
Igor
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 55834] Apache does not honor the openssl library path given by
--with-ssl during compile
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55834
--- Comment #2 from Igor Cicimov <ic...@gmail.com> ---
Ok, the problem was obviously with apache apr/libtoll which probably comes with
some hard coded library paths in libtool.
The solution, omit the "--with-included-apr" from your configure options to
by-pass the apache apr and use the system provided one. After that apache
builds and installs fine.
Additionally, you need to include the openssl library path into
$LD_LIBRARY_PATH of the user that is starting apache so for me I put:
export LD_LIBRARY_PATH=/opt/openssl/lib:$LD_LIBRARY_PATH
in the /root/.bashrc for the root user.
Just as confirmation, here it is up and running:
[Mon Dec 02 15:08:27 2013] [warn] Init: Name-based SSL virtual hosts only work
for clients with TLS server name indication support (RFC 4366)
[Mon Dec 02 15:08:27 2013] [notice] Digest: generating secret for digest
authentication ...
[Mon Dec 02 15:08:27 2013] [notice] Digest: done
[Mon Dec 02 15:08:28 2013] [warn] Init: Name-based SSL virtual hosts only work
for clients with TLS server name indication support (RFC 4366)
[Mon Dec 02 15:08:28 2013] [warn] pid file
/usr/local/apache2-2.2.26/logs/httpd.pid overwritten -- Unclean shutdown of
previous Apache run?
[Mon Dec 02 15:08:28 2013] [notice] Apache/2.2.26 (Unix) DAV/2 mod_ssl/2.2.26
OpenSSL/1.0.1e configured -- resuming normal operations
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 55834] Apache does not honor the openssl library path given by
--with-ssl during compile
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55834
--- Comment #1 from Igor Cicimov <ic...@gmail.com> ---
$ libtool --version
ltmain.sh (GNU libtool) 1.5.22 (1.1220.2.365 2005/12/18 22:14:06)
Copyright (C) 2005 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org