Just to point out the obvious, it would be a Very Bad Idea(tm) to build httpd against the dynamic apr-util linked statically to bits and pieces of the libssl.a and libcrypto.a, only to then attempt to build httpd with mod_ssl compiled-in against libssl.a/libcrypto.a again. Unix dl logic doesn't usually play well, this isn't multiple-depth namespace.
It sounds a bit like the comedy routine, "Doctor, it hurts when I move this way..." so could you explain better why you are trying to accomplish what you are trying to accomplish? If you rebuild and reinstall ssl in reaction to a critical vulnerability, the vulnerability will still be present in your httpd with mod_ssl compiled in. For that reason and many others, dynamic libs are generally your friends. The error you encountered in ./configure is that it will attempt to compile, link and run a short stub based on all the input parameters. When the flags aren't correct to resolve the headers or libraries or run time loadable objects, then configure fails. It is usually helpful to go through the config.log results to see just what it tried to do when it failed. On Wed, Apr 29, 2015 at 10:56 AM, Kaspar Brand <httpd-dev.2...@velox.ch> wrote: > On 29.04.2015 15:06, Tom Browder wrote: > > On Wed, Apr 29, 2015 at 12:57 AM, Kaspar Brand <httpd-dev.2...@velox.ch> > wrote: > >> On 28.04.2015 14:04, Tom Browder wrote: > >>> I have no system installed openssl, > >> > >> Hmm, what platform is this? Are you sure there are no libcrypto/libssl > >> libraries somewhere under /usr? > > > > I used a netinst installation of Debian 7. But I find I do have those > > libraries: > > > > /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 > > /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 > > Ok. Debian has separate packages for the libraries and the command-line > tool, so "no system installed openssl" is true as far as the "openssl" > package is concerned. I'd bet that Debian is barely usable when the > "libssl1.0.0" package is missing, though. > > > configure: error: Crypto was requested but no crypto library could be > > enabled; specify the location of a crypto library using > > --with-openssl, --with-nss, etc. > > This is actually APR-util configure stuff, so does not apply to mod_ssl > itself. Unless you really have a need for mod_session_crypto, just leave > out the --enable-crypto and --enable-session-crypto options, for the > time being (they are not needed for mod_ssl, and are probably just > making things more complicated than necessary right now). > > > The question to me is: what exact configuration do I need? Do I point > > to a path, or library, or a configure script? I see nothing > > For a statically linked mod_ssl, you need "--enable-ssl > --with-ssl=/opt/openssl --enable-ssl-staticlib-deps" (assuming that you > used --prefix=/opt/openssl for OpenSSL's ./config or ./Configure). > > Kaspar >
