You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Martin Sebor <se...@roguewave.com> on 2005/07/17 23:02:01 UTC

SSL is not supported

I'm wondering if someone could help explain what I might be doing
wrong building subversion-1.2.1. I have OpenSSL 0.9.8 (archives
only) installed in /usr/local/openssl-0.9.8 on a relatively clean
Solaris 9 box. I configured svn with the command below:

   ./configure --with-ssl=/usr/local/openssl-0.9.8 \
               --with-libs=/usr/local/openssl-0.9.8 \
               --prefix=/usr/local/subversion-1.2.1

Everything configured, built, and installed fine but when using svn
with https I get an error about SSL not being supported:

$ svn ls https://...
svn: SSL is not supported

It seems that the neon library was configured w/o SSL after all
(the NEON_SSL macro doesn't appear to be defined anywhere). Am
I missing some other required library/component that I need in
order to use https?

Thanks
Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: More OpenSSL build adventures

Posted by Martin Sebor <se...@roguewave.com>.

Matthew Sanderson wrote:
> Hi guys,
> 
> This is mostly for Google's benefit: my own woes building OpenSSL in order
> to build SVN.
> 
> When building OpenSSL for use in neon/SVN on Solaris 2.7/i86pc, instead
> of the previously-mentioned OpenSSL config command:
> # ./config threads zlib shared
> I originally did:
> # ./config threads zlib
> ie, no shared, because the static lib was all SVN needed.
> 
> But the OpenSSL static lib later on gets linked into some shared object
> or other (I suppose either a neon or a SVN lib). So it was trying to link
> the non-PIC code in libssl.a into a shared object, which should contain
> only PIC code. This caused obscure messages from Sun's ld, from memory
> something like "relocations remain against allocated but non-writable
> sections", which AFAIK is SunSpeak for "you need to use PIC and you
> aren't".
> 
> The solution was to rebuild OpenSSL with:
> # ./config threads zlib -fPIC -DPIC
> and then rebuild Subversion. Those flags are for GCC; I don't know what
> the Sun Workshop or whatever other compilers need in this situation.
> 
> Hope this helps somebody,

It sure helps me! :)

I ran into these errors while trying to avoid the other problems
I mentioned in a separate thread last week (Re: SSL not supported).
I didn't investigate them but I meant to post a follow-up and let
y'all know that I overcame my configuration problems by creating
a couple of temporary symlinks like this:

/usr/local/lib/libcrypto.a --> /usr/local/openssl-0.9.8/lib/libcrypto.a
/usr/local/lib/libssl.a --> /usr/local/openssl-0.9.8/lib/libssl.a

Then I was able to successfully configure svn using

     ./configure --with-ssl \
                 --with-libs=/usr/local/openssl-0.9.8 \
                 --prefix=/usr/local/subversion-1.2.1

After building but before typing make instal, I also had to define
     LD_LIBRARY_PATH=/usr/local/openssl-0.9.8/lib
to prevent the subversion installation from failing (it seems that
it should know to do so by itself).

Then I could delete the symlinks.

AFAICT, this is a neon configuration bug (I was able to reproduce
it in neon 0.25.2).

Martin

PS In addition to finally building 1.2.1 on Solaris 9, I also
succeeded in installing it on AIX 5.3 (with XLC/C++ 7.0) and
on Red Hat AS 4/IA64 (with gcc 3.2.3). My build on HP-UX 11.23
failed with both cc (SIGSEGV) and aCC 3.63 with the error below:

/usr/bin/ld: Invalid loader fixup in text space needed in output file
for symbol "$0000041F" in input file: ".libs/ne_locks.o". Make sure
it was compiled with +z/+Z..

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

More OpenSSL build adventures

Posted by Matthew Sanderson <ma...@formtrap.com>.

Hi guys,

This is mostly for Google's benefit: my own woes building OpenSSL in order
to build SVN.

When building OpenSSL for use in neon/SVN on Solaris 2.7/i86pc, instead
of the previously-mentioned OpenSSL config command:
# ./config threads zlib shared
I originally did:
# ./config threads zlib
ie, no shared, because the static lib was all SVN needed.

But the OpenSSL static lib later on gets linked into some shared object
or other (I suppose either a neon or a SVN lib). So it was trying to link
the non-PIC code in libssl.a into a shared object, which should contain
only PIC code. This caused obscure messages from Sun's ld, from memory
something like "relocations remain against allocated but non-writable
sections", which AFAIK is SunSpeak for "you need to use PIC and you
aren't".

The solution was to rebuild OpenSSL with:
# ./config threads zlib -fPIC -DPIC
and then rebuild Subversion. Those flags are for GCC; I don't know what
the Sun Workshop or whatever other compilers need in this situation.

Hope this helps somebody,

--matt

Matthew Sanderson
Senior Programmer (UNIX)
TCG Information Systems Pty Ltd
Sydney, Australia
matthew@formtrap.com
http://www.formtrap.com/
+61 (02) 8303 2407

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: SSL is not supported

Posted by Martin Sebor <se...@roguewave.com>.

I was able to overcome these problems by following the steps below.
Hopefully someone can suggest how to simplify this whole process.

I defined these variables in my environment prior to configuring
and installing subversion:

     LDFLAGS=-L/usr/local/openssl-0.9.8
     LIBS=-lcrypto -lssl

(It turns out that the LDFLAGS variable should not be used to
specify additional libraries: LIBS should.)

To overcome subsequent linker errors caused by my OpenSSL not having
been built with thread support (I had originally configured OpenSSL
without any arguments), I reconfigured OpenSSL like so:

     ./config --prefix=/usr/local/openssl-0.9.8 threads zlib shared

I then added OpenSLL to the runtime linker's search path:

     LD_LIBRARY_PATH=/usr/local/openssl-0.9.8/lib

That allowed me to configure, build, and install subversion.
Unfortunately, even after all this svn fails at runtime with
the following error:

$ svn ls https://...
ld.so.1: svn: fatal: relocation error: file 
/usr/local/subversion-1.2.1/lib/libneon.so.24: symbol 
SSL_load_error_strings: referenced symbol not found

Somehow ld.so.1 is not loading libssl.so early enough (it shows up
after libneon.so on the list of svn's dependencies). I solved this
error by telling the linker to preload the library before any other:

     LD_PRELOAD=libssl.so

Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: SSL is not supported

Posted by "S. William Schulz" <sw...@astrum.com>.

Martin Sebor wrote:
> S. William Schulz wrote:
> 
>>
>>> -----Original Message-----
>>> From: Martin Sebor [mailto:sebor@roguewave.com]
>>> Sent: Monday, July 18, 2005 2:40 PM
>>> To: users@subversion.tigris.org
>>> Subject: Re: SSL is not supported
>>>
>>>>>> I'm wondering if someone could help explain what I might be doing
>>>>>> wrong building subversion-1.2.1. I have OpenSSL 0.9.8 (archives
>>>>>> only) installed in /usr/local/openssl-0.9.8 on a relatively clean
>>>>>> Solaris 9 box. I configured svn with the command below:
>>>>>>
>>>>>>  ./configure --with-ssl=/usr/local/openssl-0.9.8 \
>>>>>>              --with-libs=/usr/local/openssl-0.9.8 \
>>>>>>              --prefix=/usr/local/subversion-1.2.1
>>
>>
>>
>> I ran into the same issue this past weekend building 1.2.1 against the
>> default OpenSSL libs on a CentOS system.  The solution for me there
>> (since
>> the docs specifically mention that neon will not check in /usr/lib or
>> /usr/local, was to use the --with-libs flag. 
>> I ended up with --with-ssl --with-libs=/usr/lib/kerberos .  This is
>> working
>> successfully.  No idea why I had to go around the end to get there,
>> but that
>> is what worked for me.
> 
> 
> Thanks for the tip. Unfortunately, we don't have OpenSSL installed
> under /usr/kerberos (we don't have /usr/lib/kerberos, either, but
> I assume that was just a typo).

Yes, typo.  I haven't fully investigated either, and on this system, the
ssl libs are in /usr/lib and the openssl headers are all in
/usr/include/openssl.  Had it not specifically been mentioned in the
docs, I would never thought of having to pass in the path to kerberos,
darn sure never have to include SSL support in any other application
I've built.

Hope you get it worked out.

S


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: SSL is not supported

Posted by Martin Sebor <se...@roguewave.com>.

S. William Schulz wrote:
> 
>>-----Original Message-----
>>From: Martin Sebor [mailto:sebor@roguewave.com]
>>Sent: Monday, July 18, 2005 2:40 PM
>>To: users@subversion.tigris.org
>>Subject: Re: SSL is not supported
>>
>>>>>I'm wondering if someone could help explain what I might be doing
>>>>>wrong building subversion-1.2.1. I have OpenSSL 0.9.8 (archives
>>>>>only) installed in /usr/local/openssl-0.9.8 on a relatively clean
>>>>>Solaris 9 box. I configured svn with the command below:
>>>>>
>>>>>  ./configure --with-ssl=/usr/local/openssl-0.9.8 \
>>>>>              --with-libs=/usr/local/openssl-0.9.8 \
>>>>>              --prefix=/usr/local/subversion-1.2.1
> 
> 
> I ran into the same issue this past weekend building 1.2.1 against the
> default OpenSSL libs on a CentOS system.  The solution for me there (since
> the docs specifically mention that neon will not check in /usr/lib or
> /usr/local, was to use the --with-libs flag.  
> 
> I ended up with --with-ssl --with-libs=/usr/lib/kerberos .  This is working
> successfully.  No idea why I had to go around the end to get there, but that
> is what worked for me.

Thanks for the tip. Unfortunately, we don't have OpenSSL installed
under /usr/kerberos (we don't have /usr/lib/kerberos, either, but
I assume that was just a typo).

Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

RE: SSL is not supported

Posted by "S. William Schulz" <sw...@astrum.com>.


> -----Original Message-----
> From: Martin Sebor [mailto:sebor@roguewave.com]
> Sent: Monday, July 18, 2005 2:40 PM
> To: users@subversion.tigris.org
> Subject: Re: SSL is not supported
> >>
> >>> I'm wondering if someone could help explain what I might be doing
> >>> wrong building subversion-1.2.1. I have OpenSSL 0.9.8 (archives
> >>> only) installed in /usr/local/openssl-0.9.8 on a relatively clean
> >>> Solaris 9 box. I configured svn with the command below:
> >>>
> >>>   ./configure --with-ssl=/usr/local/openssl-0.9.8 \
> >>>               --with-libs=/usr/local/openssl-0.9.8 \
> >>>               --prefix=/usr/local/subversion-1.2.1

I ran into the same issue this past weekend building 1.2.1 against the
default OpenSSL libs on a CentOS system.  The solution for me there (since
the docs specifically mention that neon will not check in /usr/lib or
/usr/local, was to use the --with-libs flag.  

I ended up with --with-ssl --with-libs=/usr/lib/kerberos .  This is working
successfully.  No idea why I had to go around the end to get there, but that
is what worked for me.

SWS



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: SSL is not supported

Posted by Martin Sebor <se...@roguewave.com>.

Martin Sebor wrote:
> Ben Collins-Sussman wrote:
> 
>> Martin Sebor wrote:
>>
>>> I'm wondering if someone could help explain what I might be doing
>>> wrong building subversion-1.2.1. I have OpenSSL 0.9.8 (archives
>>> only) installed in /usr/local/openssl-0.9.8 on a relatively clean
>>> Solaris 9 box. I configured svn with the command below:
>>>
>>>   ./configure --with-ssl=/usr/local/openssl-0.9.8 \
>>>               --with-libs=/usr/local/openssl-0.9.8 \
>>>               --prefix=/usr/local/subversion-1.2.1
>>
>>
>>
>>
>> Neon's configure script wants simply "--with-ssl", not 
>> "--with-ssl=/path".  Pass "--with-ssl" to subversion's configure, and 
>> the option will be automatically passed down to neon's configure.
> 
> 
> I started with that but configure failed due to the error below.
> Specifying --with-ssl=/usr/local/openssl-0.9.8 let me get around
> that error but, ovbviously, didn't have desired effect.

Here's some additional information:

I reproduced the same problem on a Linux box with OpenSSL installed
in /package/1/ia64/ssl/openssl/0.9.7g (i.e., not in /usr/local/lib),
so it's not specific to the platform but rather to the way OpenSSL
is installed.

It looks to me like the configure test for SSL_library_init is doing
the wrong thing: first, while it passes -L/usr/local/openssl-0.9.8/lib
it fails to specify the openssl libraries on the linker line.

I tried to help it by setting LDFLAGS like so:
export LDFLAGS="-L/usr/local/openssl-0.9.8/lib -lcrypto -lssl"
but that didn't help because the script specifies LDFLAGS on the
linker line *before* the source file instead of after it. Here's
the relevant portion of the cript:

configure:15528: checking for library containing SSL_library_init
configure:15557: gcc -o conftest -g -O2 
-I/usr/local/openssl-0.9.8/include   -L
/usr/local/openssl-0.9.8/lib -L/usr/local/openssl-0.9.8/lib -lcrypto 
-lssl conftest.c  >&5
Undefined                       first referenced
  symbol                             in file
SSL_library_init                    /var/tmp//ccahNJqr.o
ld: fatal: Symbol referencing errors. No output written to conftest
collect2: ld returned 1 exit status
configure:15563: $? = 1
configure: failed program was:
| /* confdefs.h.  */

Martin

> 
> checking for library containing RSA_new... -lcrypto
> checking for library containing SSL_library_init... not found
> configure: error: could not find library containing SSL_library_init
> configure failed for neon
> 
> Do you have any other suggestions on how to proceed?
> 
> Thanks
> Martin
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: SSL is not supported

Posted by Martin Sebor <se...@roguewave.com>.

Ben Collins-Sussman wrote:
> Martin Sebor wrote:
> 
>> I'm wondering if someone could help explain what I might be doing
>> wrong building subversion-1.2.1. I have OpenSSL 0.9.8 (archives
>> only) installed in /usr/local/openssl-0.9.8 on a relatively clean
>> Solaris 9 box. I configured svn with the command below:
>>
>>   ./configure --with-ssl=/usr/local/openssl-0.9.8 \
>>               --with-libs=/usr/local/openssl-0.9.8 \
>>               --prefix=/usr/local/subversion-1.2.1
> 
> 
> 
> Neon's configure script wants simply "--with-ssl", not 
> "--with-ssl=/path".  Pass "--with-ssl" to subversion's configure, and 
> the option will be automatically passed down to neon's configure.

I started with that but configure failed due to the error below.
Specifying --with-ssl=/usr/local/openssl-0.9.8 let me get around
that error but, ovbviously, didn't have desired effect.

checking for library containing RSA_new... -lcrypto
checking for library containing SSL_library_init... not found
configure: error: could not find library containing SSL_library_init
configure failed for neon

Do you have any other suggestions on how to proceed?

Thanks
Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: SSL is not supported

Posted by Ben Collins-Sussman <su...@collab.net>.

Martin Sebor wrote:
> I'm wondering if someone could help explain what I might be doing
> wrong building subversion-1.2.1. I have OpenSSL 0.9.8 (archives
> only) installed in /usr/local/openssl-0.9.8 on a relatively clean
> Solaris 9 box. I configured svn with the command below:
> 
>   ./configure --with-ssl=/usr/local/openssl-0.9.8 \
>               --with-libs=/usr/local/openssl-0.9.8 \
>               --prefix=/usr/local/subversion-1.2.1


Neon's configure script wants simply "--with-ssl", not 
"--with-ssl=/path".  Pass "--with-ssl" to subversion's configure, and 
the option will be automatically passed down to neon's configure.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org