You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Martin Kraemer <ma...@apache.org> on 2006/01/23 16:55:41 UTC

OpenSSL with zlib support breaks SSL detection in apache-2.3-dev

Hi everyone,

While debugging a recent openssl library which was built with zlib
support (that is, openssl combines compression and encryption), 
I noticed that such a lib breaks the current OpenSSL detection code
in apache-2.3 (at least, probably others too).

The configure program prints...
  checking whether to enable mod_ssl... checking dependencies
  checking for SSL/TLS toolkit base... /home/dev-apache/apache-deejai/openssl
  checking for OpenSSL version... checking openssl/opensslv.h usability... yes
  checking openssl/opensslv.h presence... yes
  checking for openssl/opensslv.h... yes
  checking openssl/ssl.h usability... yes
  checking openssl/ssl.h presence... yes
  checking for openssl/ssl.h... yes
  OK
  checking openssl/engine.h usability... yes
  checking openssl/engine.h presence... yes
  checking for openssl/engine.h... yes
  checking for SSLeay_version in -lcrypto... yes
  checking for SSL_CTX_new in -lssl... no
  checking for ENGINE_init... yes
  checking for ENGINE_load_builtin_engines... yes
  checking for SSL_set_cert_store... no
  configure: error: ... Error, SSL/TLS libraries were missing or unusable
and then stops. Looking at the config.lig file, I see the following
snippets:
--snip--
configure:10229: checking for zlib library
configure:10250: gcc -o conftest   -g -Wall  -D_THREAD_SAFE -D_REENTRANT -L/home/dev-apache/apache-deejai/openssl -L/usr/local/lib conftest.c -lm -lz >&5
configure: In function `main':
configure:10242: warning: unused variable `i'
configure:10253: $? = 0
configure:10256: test -s conftest
configure:10259: $? = 0
configure:10261: result: found
...
configure:13213: checking for SSLeay_version in -lcrypto
configure:13246: gcc -o conftest   -g -Wall  -D_THREAD_SAFE -D_REENTRANT -L/home/dev-apache/apache-deejai/openssl -L/usr/local/lib -L/home/dev-apache/apache-deejai/openssl/lib conftest.c -lcrypto   -lm  -lcrypt  >&5
configure:13249: $? = 0
configure:13252: test -s conftest
configure:13255: $? = 0
configure:13266: result: yes
configure:13280: checking for SSL_CTX_new in -lssl
configure:13313: gcc -o conftest   -g -Wall  -D_THREAD_SAFE -D_REENTRANT -L/home/dev-apache/apache-deejai/openssl -L/usr/local/lib -L/home/dev-apache/apache-deejai/openssl/lib conftest.c -lssl  -lcrypto  -lm  -lcrypt  >&5
/home/dev-apache/apache-deejai/openssl/libcrypto.a(c_zlib.o): In function `zlib_stateful_init':
c_zlib.o(.text+0x67): undefined reference to `inflateInit_'
c_zlib.o(.text+0xb5): undefined reference to `deflateInit_'
/home/dev-apache/apache-deejai/openssl/libcrypto.a(c_zlib.o): In function `zlib_stateful_compress_block':
c_zlib.o(.text+0x1ee): undefined reference to `deflate'
/home/dev-apache/apache-deejai/openssl/libcrypto.a(c_zlib.o): In function `zlib_stateful_expand_block':
c_zlib.o(.text+0x266): undefined reference to `inflate'
/home/dev-apache/apache-deejai/openssl/libcrypto.a(c_zlib.o): In function `zlib_stateful_free_ex_data':
c_zlib.o(.text+0x299): undefined reference to `inflateEnd'
c_zlib.o(.text+0x2a5): undefined reference to `deflateEnd'
configure:13316: $? = 1
...
configure:13333: result: no
--snip--

So, while zlib was detected first, it was not available in the $LIBS
variable when the openssl checks were performed.

So my question is: should another zlib-test be added (the zlib test
above is meant for testing mod_deflate compilability only) or should
libs like libz be made generally available for all other config checks,
by permanently adding them to the global $LIBS?

My personal workaround for now is to manually add -lz to LIBS by
patching the generated configure. I tried setting
  $ LIBS=-lz ./configure ...
but it did not help (why?).

   Martin
-- 
<Ma...@Fujitsu-Siemens.com>         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-48332 | 81730  Munich,  Germany

Re: OpenSSL with zlib support breaks SSL detection in apache-2.3-dev

Posted by Justin Erenkrantz <ju...@erenkrantz.com>.

On Mon, Jan 23, 2006 at 04:55:41PM +0100, Martin Kraemer wrote:
> Hi everyone,
> 
> While debugging a recent openssl library which was built with zlib
> support (that is, openssl combines compression and encryption), 
> I noticed that such a lib breaks the current OpenSSL detection code
> in apache-2.3 (at least, probably others too).

Sounds like OpenSSL's pkgconfig code isn't reporting zlib.  -- justin