You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2006/05/26 21:35:45 UTC
DO NOT REPLY [Bug 39668] New: - system libs still used for httpd when built with local openssl install
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39668>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39668
Summary: system libs still used for httpd when built with local
openssl install
Product: Apache httpd-2
Version: 2.2.2
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Build
AssignedTo: bugs@httpd.apache.org
ReportedBy: brectanu@gmail.com
Apache httpd 2.2.2 build against local openssl lib does not use that lib for all
components. The httpd binary uses the system default, but mod_ssl.so uses the
local version of openssl.
On use, the Server header states that openssl is version 0.9.7.a (system wide
default), but was compiled w/0.9.8.a in /usr/local/openssl. Further
investigation shows that httpd is linked against system openssl, but mod_ssl.so
is linked against local install.
$ ldd /usr/local/apache/bin/httpd
/etc/libcwait.so => /etc/libcwait.so (0x00a1f000)
libm.so.6 => /lib/tls/libm.so.6 (0x00df4000)
libaprutil-1.so.0 => /usr/local/apache/lib/libaprutil-1.so.0 (0x00e7e000)
libldap.so.2 => /usr/lib/libldap.so.2 (0x00a7e000)
liblber.so.2 => /usr/lib/liblber.so.2 (0x00b3e000)
libexpat.so.0 => /usr/lib/libexpat.so.0 (0x00d4d000)
libapr-1.so.0 => /usr/local/apache/lib/libapr-1.so.0 (0x007ca000)
libuuid.so.1 => /lib/libuuid.so.1 (0x00c3b000)
librt.so.1 => /lib/tls/librt.so.1 (0x009e5000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x005d9000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00ad7000)
libdl.so.2 => /lib/libdl.so.2 (0x00a3c000)
libc.so.6 => /lib/tls/libc.so.6 (0x00625000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x0030a000)
libsasl.so.7 => /usr/lib/libsasl.so.7 (0x0015c000)
libssl.so.4 => /lib/libssl.so.4 (0x00111000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0x00168000)
libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x00145000)
libpam.so.0 => /lib/libpam.so.0 (0x008a2000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00259000)
libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0x009bf000)
libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x00355000)
libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x0091e000)
libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x00cae000)
libz.so.1 => /usr/lib/libz.so.1 (0x0014c000)
liblaus.so.1 => /lib/liblaus.so.1 (0x005d6000)
$ ldd /usr/local/apache/modules/mod_ssl.so
/etc/libcwait.so => /etc/libcwait.so (0x00ee5000)
libssl.so.0.9.8 => /usr/local/openssl/lib/libssl.so.0.9.8 (0x002ae000)
libcrypto.so.0.9.8 => /usr/local/openssl/lib/libcrypto.so.0.9.8 (0x0014a000)
libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0x004a7000)
libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x002e8000)
libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x0057c000)
libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x00de6000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00be0000)
libdl.so.2 => /lib/libdl.so.2 (0x00ebb000)
libz.so.1 => /usr/lib/libz.so.1 (0x00c97000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00d6a000)
libc.so.6 => /lib/tls/libc.so.6 (0x0070d000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x009d9000)
I have build apache 2.2.2 as follows on RedHat AS3 (x86):
Versions:
gcc (GCC) 3.2.3 20030502 (Red Hat Linux 3.2.3-42)
GNU Make version 3.79.1, by Richard Stallman and Roland McGrath.
GNU ld version 2.14.90.0.4 20030523
PREFIX=/usr/local/apache
SSL_DIR=/apps/local/openssl
LDAP_DIR=/apps/local/openldap
export CFLAGS="-O2"
export LDFLAGS="-L$SSL_DIR/lib -L$LDAP_DIR/lib"
export CPPFLAGS="-I$SSL_DIR/include -I$LDAP_DIR/include"
export LD_LIBRARY_PATH="$SSL_DIR/lib:$LDAP_DIR/lib:$LD_LIBRARY_PATH"
./configure \
--with-ldap-include=$LDAP_DIR/include \
--with-ldap-lib=$LDAP_DIR/lib \
--with-ldap \
--with-ssl=$SSL_DIR \
--with-mpm=worker \
--enable-mods-shared=all \
--enable-ssl=shared \
--enable-proxy=shared \
--enable-proxy_balancer=shared \
--enable-proxy_ajp=shared \
--enable-proxy_ftp=shared \
--enable-proxy_http=shared \
--enable-authnz-ldap=shared \
--enable-ldap \
--prefix=$PREFIX
make && make install
Startup with:
export
LD_LIBRARY_PATH="/usr/local/openssl/lib:/usr/local/openldap/lib:/usr/local/sasl2/lib:/usr/local/libxml/lib:$LD_LIBRARY_PATH"
export SASL_PATH="/usr/local/sasl2/lib/sasl2"
What am I missing here? Is this a bug?
-B
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39668] - system libs still used for httpd when built with local openssl install
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39668>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39668
sander@temme.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
------- Additional Comments From sander@temme.net 2006-05-26 21:34 -------
One inconsistency: in the description of your build process, you set SSL_DIR to /apps/local/openssl.
Yet, your mod_ssl gets linked to /usr/local/openssl, and your httpd to /lib. Then, you set your
LD_LIBRARY_PATH TO /usr/local/openssl.
If I recall correctly (although ld.so(8) doesn't mention this), the linked binary keeps reference to the
absolute paths of the libraries it was linked against. What happens to the ldd calls if you unset
LD_LIBRARY_PATH?
Could you paste the config.log and config.status document from your build?
You will find that the Server: response header is set by mod_ssl itself (in modules/ssl/ssl_engine_init.c),
and it aks the SSL library for version information at runtime. You can rest assured that httpd and
mod_ssl are using the same SSL library: unless I'm mistaken horrible things would happen if they tried
to load a different one.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39668] - system libs still used for httpd when built with local openssl install
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39668>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39668
rpluem@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |RESOLVED
Resolution| |INVALID
------- Additional Comments From rpluem@apache.org 2006-05-26 22:03 -------
The problem is that at least one of the delivered ldap libraries (either
libldap.so.2 or liblber.so.2) on RH3 are compiled against the system openssl
library. It is not a wise idea to mix this. If you want to use a different
openssl version on RH3 you need to check all system libraries of RH3 that are
linked against httpd if they are linked against the system openssl. To avoid
trouble you need to recompile each of these libaries yourself against your
openssl and compile httpd later against your openssl and these libraries.
Sorry, but this is not a bug of httpd.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org