You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Stephen Collyer <sc...@netspinner.co.uk> on 2005/11/26 11:57:11 UTC
[users@httpd] Apache 2 start_ssl - missing symbol
I've built Apache 2 from source on a SuSE 9.1 box with
the following versions:
1. httpd-2.0.55
2. openssl-0.9.8a
and no non-standard modules (e.g. no PHP or mod_perl).
The configure build process was:
> cd httpd-2.0.55/
>
> ./configure \
> --prefix=/usr/local/apache2-ssl \
> --enable-mods-shared=all \
> --enable-ssl \
> --with-ssl=/home/stephen/apache/openssl-0.9.8a
>
> make
> make install
This build fine against the previously built openssl 0.9.8a.
When I start Apache, I get this:
> root@alpha $ bin/apachectl startssl
> Syntax error on line 251 of /usr/local/apache2-ssl/conf/httpd.conf:
> Cannot load /usr/local/apache2-ssl/modules/mod_ssl.so into server:
>/usr/local/apache2-ssl/modules/mod_ssl.so: undefined symbol:
X509_STORE_CTX_set_depth
nm tells me that X509_STORE_CTX_set_depth appears as a text
symbol in openssl-0.9.8a/crypto/x509/x509_vfy.o and also
the static library openssl-0.9.8a/libcrypto.a so I guess it's
some link error, but I'm not sure what.
Anyone got any ideas as to what I've screwed up ?
--
Regards
Stephen Collyer
Netspinner Ltd
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2 start_ssl - missing symbol
Posted by Stephen Collyer <sc...@netspinner.co.uk>.
Joe Orton wrote:
> On Sun, Nov 27, 2005 at 12:27:52PM +0000, Stephen Collyer wrote:
>
>>httpd is linking against libcrypto 0.9.7 in /usr/lib which is
>>missing the symbol in question. So now the question is why did
>>my configure not force linking against my local copy of 0.9.8a ?
>
> ...
>
>>Is -with-ssl not supported anymore, or am I screwing up in some
>>other way ?
>
>
> Can you try setting:
>
> export PKG_CONFIG_PATH=/home/stephen/apache/openssl-0.9.8a/lib/pkgconfig
>
> before running configure?
I've tried this but it's made no difference - httpd is still
linking against the stuff in /usr/lib
Got any suggestions for hand-mangling the makefiles, maybe ?
--
Regards
Stephen Collyer
Netspinner Ltd
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2 start_ssl - missing symbol
Posted by Joe Orton <jo...@redhat.com>.
On Sun, Nov 27, 2005 at 12:27:52PM +0000, Stephen Collyer wrote:
> httpd is linking against libcrypto 0.9.7 in /usr/lib which is
> missing the symbol in question. So now the question is why did
> my configure not force linking against my local copy of 0.9.8a ?
...
> Is -with-ssl not supported anymore, or am I screwing up in some
> other way ?
Can you try setting:
export PKG_CONFIG_PATH=/home/stephen/apache/openssl-0.9.8a/lib/pkgconfig
before running configure?
joe
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2 start_ssl - missing symbol
Posted by Stephen Collyer <sc...@netspinner.co.uk>.
Nick Kew wrote:
> ldd your httpd and your mod_ssl.so to find out what they link to.
Thanks for this. I now see the problem:
root@alpha $ ldd bin/httpd
linux-gate.so.1 => (0xffffe000)
libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0x40018000)
libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0x40048000)
...
httpd is linking against libcrypto 0.9.7 in /usr/lib which is
missing the symbol in question. So now the question is why did
my configure not force linking against my local copy of 0.9.8a ?
The configure command was:
./configure \
--prefix=/usr/local/apache2-ssl \
--enable-mods-shared=all \
--enable-ssl \
--with-ssl=/home/stephen/apache/openssl-0.9.8a
Is -with-ssl not supported anymore, or am I screwing up in some
other way ?
> I installed openssl-0.9.8 and found its build didn't in fact install anything
> except the manpages! I had to install the libs and headers by hand.
> Having done that, apache loads OK with it.
I didn't try an install - I'm happy to link against the
build of 0.9.8a where I dumped it. Still install wouldn't
have helped as the ldd o/p above shows.
--
Regards
Stephen Collyer
Netspinner Ltd
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2 start_ssl - missing symbol
Posted by Joe Orton <jo...@redhat.com>.
On Sun, Nov 27, 2005 at 11:58:42AM +0000, Nick Kew wrote:
> On Sunday 27 November 2005 11:42, Stephen Collyer wrote:
> > Stephen Collyer wrote:
> > > Joe Orton wrote:
> > >> In 2.0.x you can't build mod_ssl as a DSO against OpenSSL if OpenSSL
> > >> is only available as static libraries.
> > >>
> > >> You can either build OpenSSL shared libraries, or upgrade to 2.1.x,
> > >> where this should work OK (though I wouldn't recommend it at all).
>
> Joe, what exactly would you not recommend at all? Using 2.1.x+ssl, or
> building a dynamic mod_ssl against a static libssl, or???
I don't recommend building a mod_ssl DSO which statically links OpenSSL.
joe
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2 start_ssl - missing symbol
Posted by Nick Kew <ni...@webthing.com>.
On Sunday 27 November 2005 11:42, Stephen Collyer wrote:
> Stephen Collyer wrote:
> > Joe Orton wrote:
> >> In 2.0.x you can't build mod_ssl as a DSO against OpenSSL if OpenSSL
> >> is only available as static libraries.
> >>
> >> You can either build OpenSSL shared libraries, or upgrade to 2.1.x,
> >> where this should work OK (though I wouldn't recommend it at all).
Joe, what exactly would you not recommend at all? Using 2.1.x+ssl, or
building a dynamic mod_ssl against a static libssl, or???
> OK, I've now rebuilt openssl to generate a shared library,
> and it's present in the top level of the openssl directory.
> (in my case it's openssl-0.9.8a/libssl.so which is symlinked
> to libssl.so.0.9.8)
>
> I've rebuilt http 2.0.55 (after a make clean) and I still
> have the same problem when I start it - missing X509_STORE_CTX_set_depth
> symbol. It looks like the build isn't seeing the shared library
> for some reason.
ldd your httpd and your mod_ssl.so to find out what they link to.
I installed openssl-0.9.8 and found its build didn't in fact install anything
except the manpages! I had to install the libs and headers by hand.
Having done that, apache loads OK with it.
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2 start_ssl - missing symbol
Posted by Stephen Collyer <sc...@netspinner.co.uk>.
Stephen Collyer wrote:
> Joe Orton wrote:
>
>>
>> In 2.0.x you can't build mod_ssl as a DSO against OpenSSL if OpenSSL
>> is only available as static libraries.
>>
>> You can either build OpenSSL shared libraries, or upgrade to 2.1.x,
>> where this should work OK (though I wouldn't recommend it at all).
>>
>> joe
>
>
> Joe
>
> Thanks for that. I notice now that openssl doesn't build
> shared libraries by default, so that looks like the problem.
>
OK, I've now rebuilt openssl to generate a shared library,
and it's present in the top level of the openssl directory.
(in my case it's openssl-0.9.8a/libssl.so which is symlinked
to libssl.so.0.9.8)
I've rebuilt http 2.0.55 (after a make clean) and I still
have the same problem when I start it - missing X509_STORE_CTX_set_depth
symbol. It looks like the build isn't seeing the shared library
for some reason.
Any suggestions (before I have to go digging through the makefiles) ?
--
Regards
Stephen Collyer
Netspinner Ltd
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2 start_ssl - missing symbol
Posted by Stephen Collyer <sc...@netspinner.co.uk>.
Joe Orton wrote:
>
> In 2.0.x you can't build mod_ssl as a DSO against OpenSSL if OpenSSL is
> only available as static libraries.
>
> You can either build OpenSSL shared libraries, or upgrade to 2.1.x,
> where this should work OK (though I wouldn't recommend it at all).
>
> joe
Joe
Thanks for that. I notice now that openssl doesn't build
shared libraries by default, so that looks like the problem.
--
Regards
Stephen Collyer
Netspinner Ltd
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2 start_ssl - missing symbol
Posted by Joe Orton <jo...@redhat.com>.
On Sat, Nov 26, 2005 at 10:57:11AM +0000, Stephen Collyer wrote:
> When I start Apache, I get this:
>
> >root@alpha $ bin/apachectl startssl
> >Syntax error on line 251 of /usr/local/apache2-ssl/conf/httpd.conf:
> >Cannot load /usr/local/apache2-ssl/modules/mod_ssl.so into server:
> >/usr/local/apache2-ssl/modules/mod_ssl.so: undefined symbol:
> X509_STORE_CTX_set_depth
>
> nm tells me that X509_STORE_CTX_set_depth appears as a text
> symbol in openssl-0.9.8a/crypto/x509/x509_vfy.o and also
> the static library openssl-0.9.8a/libcrypto.a so I guess it's
> some link error, but I'm not sure what.
>
> Anyone got any ideas as to what I've screwed up ?
In 2.0.x you can't build mod_ssl as a DSO against OpenSSL if OpenSSL is
only available as static libraries.
You can either build OpenSSL shared libraries, or upgrade to 2.1.x,
where this should work OK (though I wouldn't recommend it at all).
joe
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org