Hi Julien, On Fri, Sep 27, 2013 at 11:08:11AM +0200, Julien Vehent wrote: > Hi everyone, > > I'm attempting to build HEAD with a statically compiled openssl, and get > the following error: > > $ make TARGET=linux2628 USE_STATIC_PCRE=1 USE_OPENSSL=1 > ADDINC=-I/tmp/staticlibssl/include ADDLIB="-L/tmp/staticlibssl/lib -ldl" > [....] > gcc -g -o haproxy src/haproxy.o src/sessionhash.o src/base64.o > src/protocol.o src/uri_auth.o src/standard.o src/buffer.o src/log.o > src/task.o src/chunk.o src/channel.o src/listener.o src/time.o src/fd.o > src/pipe.o src/regex.o src/cfgparse.o src/server.o src/checks.o > src/queue.o src/frontend.o src/proxy.o src/peers.o src/arg.o > src/stick_table.o src/proto_uxst.o src/connection.o src/proto_http.o > src/raw_sock.o src/appsession.o src/backend.o src/lb_chash.o > src/lb_fwlc.o src/lb_fwrr.o src/lb_map.o src/lb_fas.o > src/stream_interface.o src/dumpstats.o src/proto_tcp.o src/session.o > src/hdr_idx.o src/ev_select.o src/signal.o src/acl.o src/sample.o > src/memory.o src/freq_ctr.o src/auth.o src/compression.o src/payload.o > src/ev_poll.o src/ev_epoll.o src/ssl_sock.o src/shctx.o ebtree/ebtree.o > ebtree/eb32tree.o ebtree/eb64tree.o ebtree/ebmbtree.o ebtree/ebsttree.o > ebtree/ebimtree.o ebtree/ebistree.o -lcrypt -lssl -lcrypto -L/usr/lib > -Wl,-Bstatic -lpcreposix -lpcre -Wl,-Bdynamic -L/tmp/staticlibssl/lib -ldl > src/ssl_sock.o: In function `smp_fetch_ssl_fc_npn': > /home/julien/haproxy_openssl/haproxy/src/ssl_sock.c:2447: undefined > reference to `SSL_get0_next_proto_negotiated' > src/ssl_sock.o: In function `ssl_sock_prepare_srv_ctx': > /home/julien/haproxy_openssl/haproxy/src/ssl_sock.c:959: undefined > reference to `TLSv1_2_client_method' > /home/julien/haproxy_openssl/haproxy/src/ssl_sock.c:955: undefined > reference to `TLSv1_1_client_method' > src/ssl_sock.o: In function `ssl_sock_prepare_ctx': > /home/julien/haproxy_openssl/haproxy/src/ssl_sock.c:739: undefined > reference to `SSL_CTX_set_next_protos_advertised_cb' > /home/julien/haproxy_openssl/haproxy/src/ssl_sock.c:691: undefined > reference to `TLSv1_2_server_method' > /home/julien/haproxy_openssl/haproxy/src/ssl_sock.c:687: undefined > reference to `TLSv1_1_server_method' > collect2: ld returned 1 exit status > make: *** [haproxy] Erreur 1 > > $ uname -r > 2.6.32-bpo.4-amd64 > > OpenSSL was build with the commands below, and the produced openssl > binary works fine. > > $ ./config --prefix=/tmp/staticlibssl/ no-shared > enable-ec_nistp_64_gcc_128 > $ make depend && make && make install_sw > $ /tmp/staticlibssl/bin/openssl version > OpenSSL 1.1.0-dev xx XXX xxxx > > Any idea what could be missing here? Is the system openssl lib > conflicting with the statically compiled one?
Yes, and I have fixed this two weeks ago. The problem is that the "ADDINC" and "ADDLIB" variables are not suited for passing single-component paths since they suffix everything. Look what it results in your build log : -lcrypt -lssl -lcrypto -L/usr/lib -Wl,-Bstatic -lpcreposix \ -lpcre -Wl,-Bdynamic -L/tmp/staticlibssl/lib -ldl As you can see, -lssl and -lcrypto are looked up in your system path. Since commit 9a05945bd0, you now have an explicit set of SSL_INC/SSL_LIB variables, just like with PCRE, that you can point to your openssl location. I'm using this to build with a static openssl version, as this time it's safe, as you can see below : # in the usual path, use SSL_INC=/path/to/inc and SSL_LIB=/path/to/lib. BUILD_OPTIONS += $(call ignore_implicit,USE_OPENSSL) OPTIONS_CFLAGS += -DUSE_OPENSSL $(if $(SSL_INC),-I$(SSL_INC)) OPTIONS_LDFLAGS += $(if $(SSL_LIB),-L$(SSL_LIB)) -lssl -lcrypto If you have a recent enough haproxy snapshot, simply make these two variables point to the proper location and it will be OK. Best regards, Willy