You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by xPostings <po...@mysign.ch> on 2008/12/18 14:47:57 UTC
Can't Compile httpd 2.2.11 linked statically with ssl and zlib
I'm trying to compile an httpd on a linux system (debian etch) completly static but can't succeed.
What I did is following:
compiled zlib:
./configure
make
make install
compiled openssl 0.9.8i:
./config no-zlib shared
make
make install
compiled apache httpd:
./buildconf
./configure --prefix=/usr/local/apache2.2.11 \
--enable-static-support \
--with-mpm=worker \
--enable-mods-shared=all \
--enable-so \
--enable-deflate=static \
--with-z=/usr/local/lib \
--enable-ssl=static \
--with-ssl=/usr/local/ssl \
--enable-rewrite=static \
--enable-auth-basic=static \
--enable-authn-file=static \
--enable-authz-user=static \
--enable-authz-groupfile=static \
--enable-authz-host=static \
--enable-expires=static \
--enable-headers=static
If I look to the depencies with ldd there is a dynamically linked libz and libssl:
linux-gate.so.1 => (0xffffe000)
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7eb9000)
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7d7e000)
libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7d59000)
libaprutil-1.so.0 => /usr/local/apache2.2.11/lib/libaprutil-1.so.0 (0xb7d3d000)
libexpat.so.0 => /usr/local/apache2.2.11/lib/libexpat.so.0 (0xb7d21000)
libapr-1.so.0 => /usr/local/apache2.2.11/lib/libapr-1.so.0 (0xb7cfc000)
librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7cf3000)
libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7cc4000)
libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7cb2000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7cae000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7b7d000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7b69000)
/lib/ld-linux.so.2 (0xb7efe000)
What's going wrong? libssl and libz shouldn't be linked dynamically. With httpd 2.2.3 and the same configuration I haven't had these problems. ldd from the old 2.2.3 shows following depencies:
linux-gate.so.1 => (0xffffe000)
libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7edf000)
libaprutil-1.so.0 => /usr/local/apache2.2.3/lib/libaprutil-1.so.0 (0xb7ec9000)
libexpat.so.0 => /usr/local/apache2.2.3/lib/libexpat.so.0 (0xb7eac000)
libapr-1.so.0 => /usr/local/apache2.2.3/lib/libapr-1.so.0 (0xb7e8a000)
librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7e81000)
libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7e53000)
libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7e40000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7e3c000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7d0b000)
/lib/ld-linux.so.2 (0xb7f0a000)
Maybe someone can help.
Cheers
Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: AW: Can't Compile httpd 2.2.11 linked statically with ssl and
zlib
Posted by Morgan Gangwere <0....@gmail.com>.
xPostings wrote:
> Hi Morgan
>
> Yes, I know apt-get very well. But in this case we need to compile the httpd ourself to get exactly the build we want to, we also include the newest jk_mod and newest openssl in the build. We did this build for years now and haven't had any problems till now.
>
> cheers
> mike
>
There's a hook in Apt-get to configure FIRST then allow you to inspect
and re-configure later... i forget it at the moment as i'm not around
any of my Debian boxes as of the moment
--
Morgan Gangwere
Unknown Software
http://sonof.bandit.name/
Member, INCOSE [ incose.org ] PACA [ paca.org ] and NMUG [ nmug.net ]
FAIL: Cannot wind the coils on the Super High Power Extemely Large
Hadron Collider! (fail code 0xd34df00d). please use the /extrafunds hook
to avoid this next start.
Find me on FreeNode! irc.freenode.net ~indrora on ##linux
AW: Can't Compile httpd 2.2.11 linked statically with ssl and zlib
Posted by xPostings <po...@mysign.ch>.
Hi Morgan
Yes, I know apt-get very well. But in this case we need to compile the httpd ourself to get exactly the build we want to, we also include the newest jk_mod and newest openssl in the build. We did this build for years now and haven't had any problems till now.
cheers
mike
-----Ursprüngliche Nachricht-----
Von: Morgan Gangwere [mailto:0.fractalus@gmail.com]
Gesendet: Donnerstag, 18. Dezember 2008 15:30
An: users@httpd.apache.org
Betreff: Re: Can't Compile httpd 2.2.11 linked statically with ssl and
zlib
xPostings wrote:
> I'm trying to compile an httpd on a linux system (debian etch) completly static but can't succeed.
Why?
Debian already has stable in source control.
Simply make sure the source repositories are enabled. Go google around
"apt-get build from source" or some such.
--
Morgan Gangwere
Unknown Software
http://sonof.bandit.name/
Member, INCOSE [ incose.org ] PACA [ paca.org ] and NMUG [ nmug.net ]
FAIL: Cannot wind the coils on the Super High Power Extemely Large
Hadron Collider! (fail code 0xd34df00d). please use the /extrafunds hook
to avoid this next start.
Find me on FreeNode! irc.freenode.net ~indrora on ##linux
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Can't Compile httpd 2.2.11 linked statically with ssl and zlib
Posted by Morgan Gangwere <0....@gmail.com>.
xPostings wrote:
> I'm trying to compile an httpd on a linux system (debian etch) completly static but can't succeed.
Why?
Debian already has stable in source control.
Simply make sure the source repositories are enabled. Go google around
"apt-get build from source" or some such.
--
Morgan Gangwere
Unknown Software
http://sonof.bandit.name/
Member, INCOSE [ incose.org ] PACA [ paca.org ] and NMUG [ nmug.net ]
FAIL: Cannot wind the coils on the Super High Power Extemely Large
Hadron Collider! (fail code 0xd34df00d). please use the /extrafunds hook
to avoid this next start.
Find me on FreeNode! irc.freenode.net ~indrora on ##linux
Re: AW: [users@httpd] Can't compile libssl and libz into httpd 2.2.11
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
xPostings wrote:
> Hi Williams
>
> I understand your argument. But in my case I would like to compile libssl
> into the httpd because of the criticial SSL/TLS vulnerability. Why that?
> The answer is easy: Because I can only control the installed httpd but not
> the installation of the debian boxes itself in the production enviroment.
> So the only way to enforce that the right libssl is in place is to compile
> it into httpd. So maybe the reason for my a little bit strange question is
> now much clearer.
> So, can anybody help me how I can compile the libssl and libz into httpd?
Dirt simple stupid answer, build and libssl and libz into a directory that
you explicitly reference --with-openssl= --with-zlib=, but build only the
static objects.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
AW: [users@httpd] Can't compile libssl and libz into httpd 2.2.11
Posted by xPostings <po...@mysign.ch>.
Hi Williams
I understand your argument. But in my case I would like to compile libssl
into the httpd because of the criticial SSL/TLS vulnerability. Why that?
The answer is easy: Because I can only control the installed httpd but not
the installation of the debian boxes itself in the production enviroment.
So the only way to enforce that the right libssl is in place is to compile
it into httpd. So maybe the reason for my a little bit strange question is
now much clearer.
So, can anybody help me how I can compile the libssl and libz into httpd?
cheers
mike
> -----Ursprüngliche Nachricht-----
> Von: William A. Rowe, Jr. [mailto:wrowe@rowe-clan.net]
> Gesendet: Freitag, 2. Januar 2009 15:48
> An: users@httpd.apache.org
> Betreff: Re: [users@httpd] Can't compile libssl and libz into httpd
> 2.2.11
>
>
> xPostings wrote:
> >
> > I really don't know if it's only a config problem on my side or
> > if it's a change from apache 2.2.8 to 2.2.11:
> > How can I compile httpd WITHOUT any linkings to libssl and libz
> > (that means compile it into httpd). Also the httpd 2.2.8 is bigger
> > in filesize than 2.2.11 (bacause libz and libssl is not
> compiled into...)
> >
> > My box is a debian etch only basic netinstall with
>
> There were libz security flaws back in the early 1.1 and 1.2
> series and
> periodic security updates to libssl. If you have the debian
> folks offering
> you updated / patched / secured flavor, why on earth would
> you want to lock
> into the flavor of the day and deprive yourself of the fixes
> to criticial
> SSL/TLS vulnerability fixes as more are discovered in the future?
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Can't compile libssl and libz into httpd 2.2.11
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
xPostings wrote:
>
> I really don't know if it's only a config problem on my side or
> if it's a change from apache 2.2.8 to 2.2.11:
> How can I compile httpd WITHOUT any linkings to libssl and libz
> (that means compile it into httpd). Also the httpd 2.2.8 is bigger
> in filesize than 2.2.11 (bacause libz and libssl is not compiled into...)
>
> My box is a debian etch only basic netinstall with
There were libz security flaws back in the early 1.1 and 1.2 series and
periodic security updates to libssl. If you have the debian folks offering
you updated / patched / secured flavor, why on earth would you want to lock
into the flavor of the day and deprive yourself of the fixes to criticial
SSL/TLS vulnerability fixes as more are discovered in the future?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Can't compile libssl and libz into httpd 2.2.11
Posted by xPostings <po...@mysign.ch>.
Hi
I really don't know if it's only a config problem on my side or
if it's a change from apache 2.2.8 to 2.2.11:
How can I compile httpd WITHOUT any linkings to libssl and libz
(that means compile it into httpd). Also the httpd 2.2.8 is bigger
in filesize than 2.2.11 (bacause libz and libssl is not compiled into...)
if I ldd the "old" 2.2.8 it shows the following:
linux-gate.so.1 => (0xffffe000)
libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7f0a000)
libaprutil-1.so.0 => /usr/local/apache2.2.8/lib/libaprutil-1.so.0 (0xb7ef4000)
libexpat.so.0 => /usr/local/apache2.2.8/lib/libexpat.so.0 (0xb7ed8000)
libapr-1.so.0 => /usr/local/apache2.2.8/lib/libapr-1.so.0 (0xb7eb5000)
librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7eac000)
libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7e7e000)
libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7e6b000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7e67000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7d36000)
/lib/ld-linux.so.2 (0xb7f39000)
the 2.2.11 shows
linux-gate.so.1 => (0xffffe000)
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7eb9000)
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7d7e000)
libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7d59000)
libaprutil-1.so.0 => /usr/local/apache2.2.11/lib/libaprutil-1.so.0 (0xb7d3d000)
libexpat.so.0 => /usr/local/apache2.2.11/lib/libexpat.so.0 (0xb7d21000)
libapr-1.so.0 => /usr/local/apache2.2.11/lib/libapr-1.so.0 (0xb7cfc000)
librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7cf3000)
libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7cc4000)
libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7cb2000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7cae000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7b7d000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7b69000)
/lib/ld-linux.so.2 (0xb7efe000)
I compiled the versions with following ./configure:
./configure --prefix=/usr/local/apache2.2.11 \
--enable-static-support \
--with-mpm=worker \
--enable-mods-shared=all \
--enable-so \
--enable-deflate=static \
--with-z=/usr/local \
--enable-ssl=static \
--with-ssl=/usr/local/ssl \
--enable-rewrite=static \
--enable-auth-basic=static \
--enable-authn-file=static \
--enable-authz-user=static \
--enable-authz-groupfile=static \
--enable-authz-host=static \
--enable-expires=static \
--enable-headers=static
so mod_deflate as mod_ssl are part of the httpd.
Can anybody help me?
My box is a debian etch only basic netinstall with
apt-get install build-essential
apt-get install autoconf automake libtool
cheers
mike
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: Can't Compile httpd 2.2.11 linked statically with ssl and zlib
Posted by xPostings <po...@mysign.ch>.
Hi
I think the main problem is not, that the httpd has a depency to libz and libssl. In my "old" compilation with httpd 2.2.3 and also 2.2.8 there was NO depency to libz and libssl, it was compiled INTO httpd, also the httpd was bigger than the 2.2.11. But I used exactly the same confs and parameters. So maybe the correct question should be: How can I compile libz and libssl (with mod_ssl) into httpd?
cheers
mike
> -----Ursprüngliche Nachricht-----
> Von: Tom Evans [mailto:tevans.uk@googlemail.com]
> Gesendet: Freitag, 19. Dezember 2008 14:01
> An: users@httpd.apache.org
> Betreff: Re: AW: Can't Compile httpd 2.2.11 linked statically with ssl
> and zlib
>
>
> On Fri, 2008-12-19 at 10:56 +0100, xPostings wrote:
> > > > compiled zlib:
> > > > ./configure
> > > > make
> > > > make install
> > >
> > > What's your prefix here? It'd probably default to /usr/local
> >
> > default prefix is /usr/local (compiled library will be in
> /usr/local/lib and include files are in /usr/local/include)
> >
> > > > compiled openssl 0.9.8i:
> > > > ./config no-zlib shared
> > > > make
> > > > make install
> > >
> > > Again, what's the prefix? And, specifying 'shared' will build the
> > > *.so libraries which are then picked up by the Apache
> build system.
> >
> > default prefix is /usr/local/ssl
> > If I do not use "shared" the ./configure of apache fails.
> To compile mod_ssl statically into httpd can't be done
> without having compiled the shared libs of openssl.
> >
> > > >
> > > > compiled apache httpd:
> > > > ./buildconf
> > > > ./configure --prefix=/usr/local/apache2.2.11 \
> > > > --enable-static-support \
> > > > --with-mpm=worker \
> > > > --enable-mods-shared=all \
> > > > --enable-so \
> > > > --enable-deflate=static \
> > > > --with-z=/usr/local/lib \
> > >
> > > Usually, you point to the top of the zlib installation which
> > > would be /
> > > usr/local, under which the compiler finds the include/headers
> > > and the
> > > linker finds the lib/libraries.
> >
> > You're right, that was a mistake, I recompiled with
> --with-z=/usr/local, but the result is the same.
> >
> >
> > > > --enable-ssl=static \
> > > > --with-ssl=/usr/local/ssl \
> > >
> > > This must match your prefix above, or the default.
> >
> > that's correct.
> >
> > >
> > > > --enable-rewrite=static \
> > > > --enable-auth-basic=static \
> > > > --enable-authn-file=static \
> > > > --enable-authz-user=static \
> > > > --enable-authz-groupfile=static \
> > > > --enable-authz-host=static \
> > > > --enable-expires=static \
> > > > --enable-headers=static
> > > >
> > > > If I look to the depencies with ldd there is a
> dynamically linked
> > > > libz and libssl:
> > > >
> > > > linux-gate.so.1 => (0xffffe000)
> > > > libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8
> > > > (0xb7eb9000)
> > > > libcrypto.so.0.9.8 =>
> /usr/lib/i686/cmov/libcrypto.so.0.9.8
> > > > (0xb7d7e000)
> > >
> > > That's your system installation of openssl 0.9.8*. Two things may
> > > have happened:
> > >
> > > 1) You linked against the .so shared libraries in your
> installation,
> > > but at runtime you're picking up the system copy. It seems that
> > > embedding the hard path to the shared libraries in the
> > > calling binary
> > > doesn't work too well on Linnicks. This can be remedied
> by adding /
> > > usr/local/ssl/lib (or whatever, see the discussion on prefix
> > > above) to
> > > the LD_LIBRARY_PATH environment variable when you start
> > > Apache. This
> > > can be done in the script that starts the server, or on
> the command
> > > line for testing.
> >
> > We do use the compiled versions of httpd on other machines
> (production), that's the reason we do not wan't to have
> dynamic linked binaries. It was never necessary to modify
> LD_LIBRARY_PATH before because everything httpd needs (zlib
> and ssl) should be compiled into httpd.
> >
> > >
> > > 2) The System openssl was found in favor of yours when
> configuring.
> > > This should not happen. Study your ./configure output where
> > > it tries
> > > to find the proper openssl library and see what exactly
> happens there.
> >
> >
> > The output of ./configure seems to be correct:
> >
> > checking for SSL/TLS toolkit base... /usr/local/ssl
> > adding "-I/usr/local/ssl/include" to CPPFLAGS
> > adding "-I/usr/local/ssl/include" to INCLUDES
> > adding "-L/usr/local/ssl/lib" to LDFLAGS
> > checking for OpenSSL version... checking openssl/opensslv.h
> usability... yes
> > checking openssl/opensslv.h presence... yes
> > checking for openssl/opensslv.h... yes
> > checking openssl/ssl.h usability... yes
> > checking openssl/ssl.h presence... yes
> > checking for openssl/ssl.h... yes
> > OK
> > forcing SSL_LIBS to "-lssl -lcrypto -lrt -lcrypt -lpthread -ldl"
> > adding "-lssl" to LIBS
> > adding "-lcrypto" to LIBS
> > adding "-lrt" to LIBS
> > adding "-lcrypt" to LIBS
> > adding "-lpthread" to LIBS
> > adding "-ldl" to LIBS
> > checking openssl/engine.h usability... yes
> > checking openssl/engine.h presence... yes
> > checking for openssl/engine.h... yes
> > checking for SSLeay_version... yes
> > checking for SSL_CTX_new... yes
> > checking for ENGINE_init... yes
> > checking for ENGINE_load_builtin_engines... yes
> > checking for SSL_set_cert_store... no
> > forcing MOD_SSL_LDADD to "$(SSL_LIBS)"
> > checking whether Distcache is required... no (default)
> > checking whether to enable mod_ssl... yes
> > adding "-I$(top_srcdir)/modules/ssl" to INCLUDES
> >
> > >
> > > >
> > > > libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7d59000)
> > > > libaprutil-1.so.0 => /usr/local/apache2.2.11/lib/
> > > > libaprutil-1.so.0 (0xb7d3d000)
> > > > libexpat.so.0 =>
> /usr/local/apache2.2.11/lib/libexpat.so.0
> > > > (0xb7d21000)
> > > > libapr-1.so.0 =>
> /usr/local/apache2.2.11/lib/libapr-1.so.0
> > > > (0xb7cfc000)
> > > > librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7cf3000)
> > > > libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1
> > > (0xb7cc4000)
> > > > libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0
> > > > (0xb7cb2000)
> > > > libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7cae000)
> > > > libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7b7d000)
> > > > libz.so.1 => /usr/lib/libz.so.1 (0xb7b69000)
> > >
> > > Again, that's the system copy. Same story, plus it may not
> > > have found
> > > yours because your parameter was off. Again, see your ./configure
> > > output.
> >
> > Output seems to be correct:
> > checking whether to enable mod_deflate... checking dependencies
> > adding "-I/usr/local/include" to INCLUDES
> > adding "-L/usr/local/lib" to LDFLAGS
> > adding "-lz" to LIBS
> > checking for zlib library... found
> > forcing MOD_DEFLATE_LDADD to "-lz"
> > removed "-lz" from LIBS
> > checking whether to enable mod_deflate... yes
> >
> > >
> > > >
> > > > /lib/ld-linux.so.2 (0xb7efe000)
> > > >
> > > > What's going wrong? libssl and libz shouldn't be linked
> > > dynamically.
> > > > With httpd 2.2.3 and the same configuration I haven't had these
> > > > problems. ldd from the old 2.2.3 shows following depencies:
> > > >
> > > > linux-gate.so.1 => (0xffffe000)
> > > > libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7edf000)
> > > > libaprutil-1.so.0 => /usr/local/apache2.2.3/lib/
> > > > libaprutil-1.so.0 (0xb7ec9000)
> > > > libexpat.so.0 => /usr/local/apache2.2.3/lib/libexpat.so.0
> > > > (0xb7eac000)
> > > > libapr-1.so.0 => /usr/local/apache2.2.3/lib/libapr-1.so.0
> > > > (0xb7e8a000)
> > > > librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7e81000)
> > > > libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1
> > > (0xb7e53000)
> > > > libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0
> > > > (0xb7e40000)
> > > > libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7e3c000)
> > > > libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7d0b000)
> > > > /lib/ld-linux.so.2 (0xb7f0a000)
> > >
> > > No openssl libraries linked to this one. Are you sure
> they weren't
> > > just linked into mod_ssl.so?
> >
> > I'm pretty sure, in this case there's no mod_ssl.so because
> it's compiled into httpd,
> >
> > cheers
> > mike
> >
> configure just builds up the list of locations where to find libraries
> that have the features it needs. So, you tell it SSL is
> in /usr/local/ssl, it goes away and looks there and says
> "you're right,
> theres SSL libraries there, adding /usr/local/ssl/lib to
> LDPATH, /usr/local/ssl/include to CFLAGS".
> When it comes to build/link the components though, it has no idea that
> it is supposed to be using the SSL libraries from /usr/local/ssl, just
> that it has a list of folders which it CAN use. It searches them in
> order, looking for a library that works in the manner
> required. Once the
> linker has found a suitable library, it links it in.
>
> Your problem is that your system SSL libraries are picked up
> before your
> custom built ones are found. A simple way to fix this is to modify the
> makefile rules for those modules, to remove the dynamic linking
> statements and add some dirty static linking.
>
> Eg, I just grabbed 2.2.11, ran
> ./configure \
> --prefix=/tmp/foobar \
> --enable-so \
> --enable-mods-shared="ssl deflate"
> built and installed it. This gave me an httpd binary and module files
> linked like so (this is FreeBSD, so YMMV):
> bin/httpd:
> libm.so.5 => /lib/libm.so.5 (0x280f3000)
> libaprutil-1.so.3 => /usr/local/lib/libaprutil-1.so.3
> (0x28108000)
> libdb-4.2.so.2 => /usr/local/lib/libdb-4.2.so.2 (0x28124000)
> libexpat.so.6 => /usr/local/lib/libexpat.so.6 (0x281f8000)
> libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28218000)
> libapr-1.so.3 => /usr/local/lib/libapr-1.so.3 (0x2830d000)
> libcrypt.so.4 => /lib/libcrypt.so.4 (0x28331000)
> libthr.so.3 => /lib/libthr.so.3 (0x2834a000)
> libc.so.7 => /lib/libc.so.7 (0x2835d000)
> modules/mod_deflate.so:
> libz.so.4 => /lib/libz.so.4 (0x28187000)
> libc.so.7 => /lib/libc.so.7 (0x28080000)
> modules/mod_ssl.so:
> libssl.so.5 => /usr/lib/libssl.so.5 (0x281ac000)
> libcrypto.so.5 => /lib/libcrypto.so.5 (0x281ed000)
> libcrypt.so.4 => /lib/libcrypt.so.4 (0x28347000)
> libthr.so.3 => /lib/libthr.so.3 (0x28360000)
> libc.so.7 => /lib/libc.so.7 (0x28080000)
>
> I dont want to use dynamic libz in mod_deflate, and I dont want to use
> dynamic libssl in mod_ssl. I therefore edit (from apache top build
> directory) build/config_vars.mk and make these changes:
>
> --- build/config_vars.mk.orig
> +++ build/config_vars.mk
> @@ -50,5 +50,5 @@
> MOD_INCLUDE_LDADD =
> MOD_FILTER_LDADD =
> -MOD_DEFLATE_LDADD = -lz
> +MOD_DEFLATE_LDADD = /usr/lib/libz.a
> MOD_LOG_CONFIG_LDADD =
> MOD_ENV_LDADD =
> @@ -60,5 +60,5 @@
> MOD_PROXY_AJP_LDADD =
> MOD_PROXY_BALANCER_LDADD =
> -SSL_LIBS = -lssl -lcrypto -lcrypt -lpthread
> +SSL_LIBS = /usr/lib/libssl.a -lcrypto -lcrypt -lpthread
> MOD_SSL_LDADD = $(SSL_LIBS) -export-symbols-regex ssl_module
> MPM_NAME = prefork
>
> and clean, rebuild and reinstall (make clean all && make install). You
> should get warnings about this not being portable - and it isnt. These
> binaries probably wont run on differently setup boxes. This then gives
> me the modules built like so:
> bin/httpd:
> libm.so.5 => /lib/libm.so.5 (0x280f3000)
> libaprutil-1.so.3 => /usr/local/lib/libaprutil-1.so.3
> (0x28108000)
> libdb-4.2.so.2 => /usr/local/lib/libdb-4.2.so.2 (0x28124000)
> libexpat.so.6 => /usr/local/lib/libexpat.so.6 (0x281f8000)
> libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28218000)
> libapr-1.so.3 => /usr/local/lib/libapr-1.so.3 (0x2830d000)
> libcrypt.so.4 => /lib/libcrypt.so.4 (0x28331000)
> libthr.so.3 => /lib/libthr.so.3 (0x2834a000)
> libc.so.7 => /lib/libc.so.7 (0x2835d000)
> modules/mod_deflate.so:
> libc.so.7 => /lib/libc.so.7 (0x28080000)
> modules/mod_ssl.so:
> libcrypto.so.5 => /lib/libcrypto.so.5 (0x281e2000)
> libcrypt.so.4 => /lib/libcrypt.so.4 (0x2833c000)
> libthr.so.3 => /lib/libthr.so.3 (0x28355000)
> libc.so.7 => /lib/libc.so.7 (0x28080000)
>
> HTH
>
> Tom
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: AW: Can't Compile httpd 2.2.11 linked statically with ssl and
zlib
Posted by Tom Evans <te...@googlemail.com>.
On Fri, 2008-12-19 at 10:56 +0100, xPostings wrote:
> > > compiled zlib:
> > > ./configure
> > > make
> > > make install
> >
> > What's your prefix here? It'd probably default to /usr/local
>
> default prefix is /usr/local (compiled library will be in /usr/local/lib and include files are in /usr/local/include)
>
> > > compiled openssl 0.9.8i:
> > > ./config no-zlib shared
> > > make
> > > make install
> >
> > Again, what's the prefix? And, specifying 'shared' will build the
> > *.so libraries which are then picked up by the Apache build system.
>
> default prefix is /usr/local/ssl
> If I do not use "shared" the ./configure of apache fails. To compile mod_ssl statically into httpd can't be done without having compiled the shared libs of openssl.
>
> > >
> > > compiled apache httpd:
> > > ./buildconf
> > > ./configure --prefix=/usr/local/apache2.2.11 \
> > > --enable-static-support \
> > > --with-mpm=worker \
> > > --enable-mods-shared=all \
> > > --enable-so \
> > > --enable-deflate=static \
> > > --with-z=/usr/local/lib \
> >
> > Usually, you point to the top of the zlib installation which
> > would be /
> > usr/local, under which the compiler finds the include/headers
> > and the
> > linker finds the lib/libraries.
>
> You're right, that was a mistake, I recompiled with --with-z=/usr/local, but the result is the same.
>
>
> > > --enable-ssl=static \
> > > --with-ssl=/usr/local/ssl \
> >
> > This must match your prefix above, or the default.
>
> that's correct.
>
> >
> > > --enable-rewrite=static \
> > > --enable-auth-basic=static \
> > > --enable-authn-file=static \
> > > --enable-authz-user=static \
> > > --enable-authz-groupfile=static \
> > > --enable-authz-host=static \
> > > --enable-expires=static \
> > > --enable-headers=static
> > >
> > > If I look to the depencies with ldd there is a dynamically linked
> > > libz and libssl:
> > >
> > > linux-gate.so.1 => (0xffffe000)
> > > libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8
> > > (0xb7eb9000)
> > > libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8
> > > (0xb7d7e000)
> >
> > That's your system installation of openssl 0.9.8*. Two things may
> > have happened:
> >
> > 1) You linked against the .so shared libraries in your installation,
> > but at runtime you're picking up the system copy. It seems that
> > embedding the hard path to the shared libraries in the
> > calling binary
> > doesn't work too well on Linnicks. This can be remedied by adding /
> > usr/local/ssl/lib (or whatever, see the discussion on prefix
> > above) to
> > the LD_LIBRARY_PATH environment variable when you start
> > Apache. This
> > can be done in the script that starts the server, or on the command
> > line for testing.
>
> We do use the compiled versions of httpd on other machines (production), that's the reason we do not wan't to have dynamic linked binaries. It was never necessary to modify LD_LIBRARY_PATH before because everything httpd needs (zlib and ssl) should be compiled into httpd.
>
> >
> > 2) The System openssl was found in favor of yours when configuring.
> > This should not happen. Study your ./configure output where
> > it tries
> > to find the proper openssl library and see what exactly happens there.
>
>
> The output of ./configure seems to be correct:
>
> checking for SSL/TLS toolkit base... /usr/local/ssl
> adding "-I/usr/local/ssl/include" to CPPFLAGS
> adding "-I/usr/local/ssl/include" to INCLUDES
> adding "-L/usr/local/ssl/lib" to LDFLAGS
> checking for OpenSSL version... checking openssl/opensslv.h usability... yes
> checking openssl/opensslv.h presence... yes
> checking for openssl/opensslv.h... yes
> checking openssl/ssl.h usability... yes
> checking openssl/ssl.h presence... yes
> checking for openssl/ssl.h... yes
> OK
> forcing SSL_LIBS to "-lssl -lcrypto -lrt -lcrypt -lpthread -ldl"
> adding "-lssl" to LIBS
> adding "-lcrypto" to LIBS
> adding "-lrt" to LIBS
> adding "-lcrypt" to LIBS
> adding "-lpthread" to LIBS
> adding "-ldl" to LIBS
> checking openssl/engine.h usability... yes
> checking openssl/engine.h presence... yes
> checking for openssl/engine.h... yes
> checking for SSLeay_version... yes
> checking for SSL_CTX_new... yes
> checking for ENGINE_init... yes
> checking for ENGINE_load_builtin_engines... yes
> checking for SSL_set_cert_store... no
> forcing MOD_SSL_LDADD to "$(SSL_LIBS)"
> checking whether Distcache is required... no (default)
> checking whether to enable mod_ssl... yes
> adding "-I$(top_srcdir)/modules/ssl" to INCLUDES
>
> >
> > >
> > > libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7d59000)
> > > libaprutil-1.so.0 => /usr/local/apache2.2.11/lib/
> > > libaprutil-1.so.0 (0xb7d3d000)
> > > libexpat.so.0 => /usr/local/apache2.2.11/lib/libexpat.so.0
> > > (0xb7d21000)
> > > libapr-1.so.0 => /usr/local/apache2.2.11/lib/libapr-1.so.0
> > > (0xb7cfc000)
> > > librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7cf3000)
> > > libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1
> > (0xb7cc4000)
> > > libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0
> > > (0xb7cb2000)
> > > libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7cae000)
> > > libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7b7d000)
> > > libz.so.1 => /usr/lib/libz.so.1 (0xb7b69000)
> >
> > Again, that's the system copy. Same story, plus it may not
> > have found
> > yours because your parameter was off. Again, see your ./configure
> > output.
>
> Output seems to be correct:
> checking whether to enable mod_deflate... checking dependencies
> adding "-I/usr/local/include" to INCLUDES
> adding "-L/usr/local/lib" to LDFLAGS
> adding "-lz" to LIBS
> checking for zlib library... found
> forcing MOD_DEFLATE_LDADD to "-lz"
> removed "-lz" from LIBS
> checking whether to enable mod_deflate... yes
>
> >
> > >
> > > /lib/ld-linux.so.2 (0xb7efe000)
> > >
> > > What's going wrong? libssl and libz shouldn't be linked
> > dynamically.
> > > With httpd 2.2.3 and the same configuration I haven't had these
> > > problems. ldd from the old 2.2.3 shows following depencies:
> > >
> > > linux-gate.so.1 => (0xffffe000)
> > > libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7edf000)
> > > libaprutil-1.so.0 => /usr/local/apache2.2.3/lib/
> > > libaprutil-1.so.0 (0xb7ec9000)
> > > libexpat.so.0 => /usr/local/apache2.2.3/lib/libexpat.so.0
> > > (0xb7eac000)
> > > libapr-1.so.0 => /usr/local/apache2.2.3/lib/libapr-1.so.0
> > > (0xb7e8a000)
> > > librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7e81000)
> > > libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1
> > (0xb7e53000)
> > > libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0
> > > (0xb7e40000)
> > > libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7e3c000)
> > > libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7d0b000)
> > > /lib/ld-linux.so.2 (0xb7f0a000)
> >
> > No openssl libraries linked to this one. Are you sure they weren't
> > just linked into mod_ssl.so?
>
> I'm pretty sure, in this case there's no mod_ssl.so because it's compiled into httpd,
>
> cheers
> mike
>
configure just builds up the list of locations where to find libraries
that have the features it needs. So, you tell it SSL is
in /usr/local/ssl, it goes away and looks there and says "you're right,
theres SSL libraries there, adding /usr/local/ssl/lib to
LDPATH, /usr/local/ssl/include to CFLAGS".
When it comes to build/link the components though, it has no idea that
it is supposed to be using the SSL libraries from /usr/local/ssl, just
that it has a list of folders which it CAN use. It searches them in
order, looking for a library that works in the manner required. Once the
linker has found a suitable library, it links it in.
Your problem is that your system SSL libraries are picked up before your
custom built ones are found. A simple way to fix this is to modify the
makefile rules for those modules, to remove the dynamic linking
statements and add some dirty static linking.
Eg, I just grabbed 2.2.11, ran
./configure \
--prefix=/tmp/foobar \
--enable-so \
--enable-mods-shared="ssl deflate"
built and installed it. This gave me an httpd binary and module files
linked like so (this is FreeBSD, so YMMV):
bin/httpd:
libm.so.5 => /lib/libm.so.5 (0x280f3000)
libaprutil-1.so.3 => /usr/local/lib/libaprutil-1.so.3 (0x28108000)
libdb-4.2.so.2 => /usr/local/lib/libdb-4.2.so.2 (0x28124000)
libexpat.so.6 => /usr/local/lib/libexpat.so.6 (0x281f8000)
libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28218000)
libapr-1.so.3 => /usr/local/lib/libapr-1.so.3 (0x2830d000)
libcrypt.so.4 => /lib/libcrypt.so.4 (0x28331000)
libthr.so.3 => /lib/libthr.so.3 (0x2834a000)
libc.so.7 => /lib/libc.so.7 (0x2835d000)
modules/mod_deflate.so:
libz.so.4 => /lib/libz.so.4 (0x28187000)
libc.so.7 => /lib/libc.so.7 (0x28080000)
modules/mod_ssl.so:
libssl.so.5 => /usr/lib/libssl.so.5 (0x281ac000)
libcrypto.so.5 => /lib/libcrypto.so.5 (0x281ed000)
libcrypt.so.4 => /lib/libcrypt.so.4 (0x28347000)
libthr.so.3 => /lib/libthr.so.3 (0x28360000)
libc.so.7 => /lib/libc.so.7 (0x28080000)
I dont want to use dynamic libz in mod_deflate, and I dont want to use
dynamic libssl in mod_ssl. I therefore edit (from apache top build
directory) build/config_vars.mk and make these changes:
--- build/config_vars.mk.orig
+++ build/config_vars.mk
@@ -50,5 +50,5 @@
MOD_INCLUDE_LDADD =
MOD_FILTER_LDADD =
-MOD_DEFLATE_LDADD = -lz
+MOD_DEFLATE_LDADD = /usr/lib/libz.a
MOD_LOG_CONFIG_LDADD =
MOD_ENV_LDADD =
@@ -60,5 +60,5 @@
MOD_PROXY_AJP_LDADD =
MOD_PROXY_BALANCER_LDADD =
-SSL_LIBS = -lssl -lcrypto -lcrypt -lpthread
+SSL_LIBS = /usr/lib/libssl.a -lcrypto -lcrypt -lpthread
MOD_SSL_LDADD = $(SSL_LIBS) -export-symbols-regex ssl_module
MPM_NAME = prefork
and clean, rebuild and reinstall (make clean all && make install). You
should get warnings about this not being portable - and it isnt. These
binaries probably wont run on differently setup boxes. This then gives
me the modules built like so:
bin/httpd:
libm.so.5 => /lib/libm.so.5 (0x280f3000)
libaprutil-1.so.3 => /usr/local/lib/libaprutil-1.so.3 (0x28108000)
libdb-4.2.so.2 => /usr/local/lib/libdb-4.2.so.2 (0x28124000)
libexpat.so.6 => /usr/local/lib/libexpat.so.6 (0x281f8000)
libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28218000)
libapr-1.so.3 => /usr/local/lib/libapr-1.so.3 (0x2830d000)
libcrypt.so.4 => /lib/libcrypt.so.4 (0x28331000)
libthr.so.3 => /lib/libthr.so.3 (0x2834a000)
libc.so.7 => /lib/libc.so.7 (0x2835d000)
modules/mod_deflate.so:
libc.so.7 => /lib/libc.so.7 (0x28080000)
modules/mod_ssl.so:
libcrypto.so.5 => /lib/libcrypto.so.5 (0x281e2000)
libcrypt.so.4 => /lib/libcrypt.so.4 (0x2833c000)
libthr.so.3 => /lib/libthr.so.3 (0x28355000)
libc.so.7 => /lib/libc.so.7 (0x28080000)
HTH
Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
AW: Can't Compile httpd 2.2.11 linked statically with ssl and zlib
Posted by xPostings <po...@mysign.ch>.
> > compiled zlib:
> > ./configure
> > make
> > make install
>
> What's your prefix here? It'd probably default to /usr/local
default prefix is /usr/local (compiled library will be in /usr/local/lib and include files are in /usr/local/include)
> > compiled openssl 0.9.8i:
> > ./config no-zlib shared
> > make
> > make install
>
> Again, what's the prefix? And, specifying 'shared' will build the
> *.so libraries which are then picked up by the Apache build system.
default prefix is /usr/local/ssl
If I do not use "shared" the ./configure of apache fails. To compile mod_ssl statically into httpd can't be done without having compiled the shared libs of openssl.
> >
> > compiled apache httpd:
> > ./buildconf
> > ./configure --prefix=/usr/local/apache2.2.11 \
> > --enable-static-support \
> > --with-mpm=worker \
> > --enable-mods-shared=all \
> > --enable-so \
> > --enable-deflate=static \
> > --with-z=/usr/local/lib \
>
> Usually, you point to the top of the zlib installation which
> would be /
> usr/local, under which the compiler finds the include/headers
> and the
> linker finds the lib/libraries.
You're right, that was a mistake, I recompiled with --with-z=/usr/local, but the result is the same.
> > --enable-ssl=static \
> > --with-ssl=/usr/local/ssl \
>
> This must match your prefix above, or the default.
that's correct.
>
> > --enable-rewrite=static \
> > --enable-auth-basic=static \
> > --enable-authn-file=static \
> > --enable-authz-user=static \
> > --enable-authz-groupfile=static \
> > --enable-authz-host=static \
> > --enable-expires=static \
> > --enable-headers=static
> >
> > If I look to the depencies with ldd there is a dynamically linked
> > libz and libssl:
> >
> > linux-gate.so.1 => (0xffffe000)
> > libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8
> > (0xb7eb9000)
> > libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8
> > (0xb7d7e000)
>
> That's your system installation of openssl 0.9.8*. Two things may
> have happened:
>
> 1) You linked against the .so shared libraries in your installation,
> but at runtime you're picking up the system copy. It seems that
> embedding the hard path to the shared libraries in the
> calling binary
> doesn't work too well on Linnicks. This can be remedied by adding /
> usr/local/ssl/lib (or whatever, see the discussion on prefix
> above) to
> the LD_LIBRARY_PATH environment variable when you start
> Apache. This
> can be done in the script that starts the server, or on the command
> line for testing.
We do use the compiled versions of httpd on other machines (production), that's the reason we do not wan't to have dynamic linked binaries. It was never necessary to modify LD_LIBRARY_PATH before because everything httpd needs (zlib and ssl) should be compiled into httpd.
>
> 2) The System openssl was found in favor of yours when configuring.
> This should not happen. Study your ./configure output where
> it tries
> to find the proper openssl library and see what exactly happens there.
The output of ./configure seems to be correct:
checking for SSL/TLS toolkit base... /usr/local/ssl
adding "-I/usr/local/ssl/include" to CPPFLAGS
adding "-I/usr/local/ssl/include" to INCLUDES
adding "-L/usr/local/ssl/lib" to LDFLAGS
checking for OpenSSL version... checking openssl/opensslv.h usability... yes
checking openssl/opensslv.h presence... yes
checking for openssl/opensslv.h... yes
checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
OK
forcing SSL_LIBS to "-lssl -lcrypto -lrt -lcrypt -lpthread -ldl"
adding "-lssl" to LIBS
adding "-lcrypto" to LIBS
adding "-lrt" to LIBS
adding "-lcrypt" to LIBS
adding "-lpthread" to LIBS
adding "-ldl" to LIBS
checking openssl/engine.h usability... yes
checking openssl/engine.h presence... yes
checking for openssl/engine.h... yes
checking for SSLeay_version... yes
checking for SSL_CTX_new... yes
checking for ENGINE_init... yes
checking for ENGINE_load_builtin_engines... yes
checking for SSL_set_cert_store... no
forcing MOD_SSL_LDADD to "$(SSL_LIBS)"
checking whether Distcache is required... no (default)
checking whether to enable mod_ssl... yes
adding "-I$(top_srcdir)/modules/ssl" to INCLUDES
>
> >
> > libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7d59000)
> > libaprutil-1.so.0 => /usr/local/apache2.2.11/lib/
> > libaprutil-1.so.0 (0xb7d3d000)
> > libexpat.so.0 => /usr/local/apache2.2.11/lib/libexpat.so.0
> > (0xb7d21000)
> > libapr-1.so.0 => /usr/local/apache2.2.11/lib/libapr-1.so.0
> > (0xb7cfc000)
> > librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7cf3000)
> > libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1
> (0xb7cc4000)
> > libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0
> > (0xb7cb2000)
> > libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7cae000)
> > libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7b7d000)
> > libz.so.1 => /usr/lib/libz.so.1 (0xb7b69000)
>
> Again, that's the system copy. Same story, plus it may not
> have found
> yours because your parameter was off. Again, see your ./configure
> output.
Output seems to be correct:
checking whether to enable mod_deflate... checking dependencies
adding "-I/usr/local/include" to INCLUDES
adding "-L/usr/local/lib" to LDFLAGS
adding "-lz" to LIBS
checking for zlib library... found
forcing MOD_DEFLATE_LDADD to "-lz"
removed "-lz" from LIBS
checking whether to enable mod_deflate... yes
>
> >
> > /lib/ld-linux.so.2 (0xb7efe000)
> >
> > What's going wrong? libssl and libz shouldn't be linked
> dynamically.
> > With httpd 2.2.3 and the same configuration I haven't had these
> > problems. ldd from the old 2.2.3 shows following depencies:
> >
> > linux-gate.so.1 => (0xffffe000)
> > libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7edf000)
> > libaprutil-1.so.0 => /usr/local/apache2.2.3/lib/
> > libaprutil-1.so.0 (0xb7ec9000)
> > libexpat.so.0 => /usr/local/apache2.2.3/lib/libexpat.so.0
> > (0xb7eac000)
> > libapr-1.so.0 => /usr/local/apache2.2.3/lib/libapr-1.so.0
> > (0xb7e8a000)
> > librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7e81000)
> > libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1
> (0xb7e53000)
> > libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0
> > (0xb7e40000)
> > libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7e3c000)
> > libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7d0b000)
> > /lib/ld-linux.so.2 (0xb7f0a000)
>
> No openssl libraries linked to this one. Are you sure they weren't
> just linked into mod_ssl.so?
I'm pretty sure, in this case there's no mod_ssl.so because it's compiled into httpd,
cheers
mike
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Can't Compile httpd 2.2.11 linked statically with ssl and zlib
Posted by Sander Temme <sc...@apache.org>.
On Dec 18, 2008, at 5:47 AM, xPostings wrote:
> compiled zlib:
> ./configure
> make
> make install
What's your prefix here? It'd probably default to /usr/local
> compiled openssl 0.9.8i:
> ./config no-zlib shared
> make
> make install
Again, what's the prefix? And, specifying 'shared' will build the
*.so libraries which are then picked up by the Apache build system.
>
> compiled apache httpd:
> ./buildconf
> ./configure --prefix=/usr/local/apache2.2.11 \
> --enable-static-support \
> --with-mpm=worker \
> --enable-mods-shared=all \
> --enable-so \
> --enable-deflate=static \
> --with-z=/usr/local/lib \
Usually, you point to the top of the zlib installation which would be /
usr/local, under which the compiler finds the include/headers and the
linker finds the lib/libraries.
> --enable-ssl=static \
> --with-ssl=/usr/local/ssl \
This must match your prefix above, or the default.
> --enable-rewrite=static \
> --enable-auth-basic=static \
> --enable-authn-file=static \
> --enable-authz-user=static \
> --enable-authz-groupfile=static \
> --enable-authz-host=static \
> --enable-expires=static \
> --enable-headers=static
>
> If I look to the depencies with ldd there is a dynamically linked
> libz and libssl:
>
> linux-gate.so.1 => (0xffffe000)
> libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8
> (0xb7eb9000)
> libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8
> (0xb7d7e000)
That's your system installation of openssl 0.9.8*. Two things may
have happened:
1) You linked against the .so shared libraries in your installation,
but at runtime you're picking up the system copy. It seems that
embedding the hard path to the shared libraries in the calling binary
doesn't work too well on Linnicks. This can be remedied by adding /
usr/local/ssl/lib (or whatever, see the discussion on prefix above) to
the LD_LIBRARY_PATH environment variable when you start Apache. This
can be done in the script that starts the server, or on the command
line for testing.
2) The System openssl was found in favor of yours when configuring.
This should not happen. Study your ./configure output where it tries
to find the proper openssl library and see what exactly happens there.
>
> libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7d59000)
> libaprutil-1.so.0 => /usr/local/apache2.2.11/lib/
> libaprutil-1.so.0 (0xb7d3d000)
> libexpat.so.0 => /usr/local/apache2.2.11/lib/libexpat.so.0
> (0xb7d21000)
> libapr-1.so.0 => /usr/local/apache2.2.11/lib/libapr-1.so.0
> (0xb7cfc000)
> librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7cf3000)
> libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7cc4000)
> libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0
> (0xb7cb2000)
> libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7cae000)
> libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7b7d000)
> libz.so.1 => /usr/lib/libz.so.1 (0xb7b69000)
Again, that's the system copy. Same story, plus it may not have found
yours because your parameter was off. Again, see your ./configure
output.
>
> /lib/ld-linux.so.2 (0xb7efe000)
>
> What's going wrong? libssl and libz shouldn't be linked dynamically.
> With httpd 2.2.3 and the same configuration I haven't had these
> problems. ldd from the old 2.2.3 shows following depencies:
>
> linux-gate.so.1 => (0xffffe000)
> libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7edf000)
> libaprutil-1.so.0 => /usr/local/apache2.2.3/lib/
> libaprutil-1.so.0 (0xb7ec9000)
> libexpat.so.0 => /usr/local/apache2.2.3/lib/libexpat.so.0
> (0xb7eac000)
> libapr-1.so.0 => /usr/local/apache2.2.3/lib/libapr-1.so.0
> (0xb7e8a000)
> librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7e81000)
> libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7e53000)
> libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0
> (0xb7e40000)
> libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7e3c000)
> libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7d0b000)
> /lib/ld-linux.so.2 (0xb7f0a000)
No openssl libraries linked to this one. Are you sure they weren't
just linked into mod_ssl.so?
S.
--
Sander Temme
sctemme@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF