Hi, On 6/22/18 10:57 AM, Lukas Tribus wrote: > SSL_INC and SSL_LIB expect actual paths, not additional commands. > Replaces both with ADDLIB. Also you don't need to specify -lssl > -lcrypt, USE_OPENSSL does not for you.
Then a bit confused by what I'm seeing atm. With 'my' current, if incorrect, flags unset LDFLAGS make clean make V=1 -j4 \ TARGET=linux2628 \ USE_PCRE2=1 \ USE_PCRE2_JIT=1 \ USE_OPENSSL=1 \ SSL_INC=" -I/usr/local/openssl11/include" \ SSL_LIB=" -L/usr/local/openssl11/lib64 -Wl,-rpath,/usr/local/openssl11/lib64" \ PCRE2_INC=" -I/usr/local/include" \ PCRE2_LIB=" -L/usr/local/lib64 -Wl,-rpath,/usr/local/lib64" ./haproxy -v HA-Proxy version 1.8.10-ec17d7a 2018/06/22 ldd ./haproxy | egrep "ssl|crypto|pcre" libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x00007f8debd8a000) libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007f8deb8ef000) libpcre2-8.so.0 => /usr/local/lib64/libpcre2-8.so.0 (0x00007f8deb666000) libpcre2-posix.so.2 => /usr/local/lib64/libpcre2-posix.so.2 (0x00007f8deb463000) with 'your' advised "actual paths", and from Makefile # OpenSSL is packaged in various forms and with various dependencies. # In general -lssl is enough, but on some platforms, -lcrypto may be needed, # reason why it's added by default. Some even need -lz, then you'll need to # pass it in the "ADDLIB" variable if needed. If your SSL libraries are not # in the usual path, use SSL_INC=/path/to/inc and SSL_LIB=/path/to/lib. build fails, referencing deprecated, pre openssl 1.1.0 symbols, unset LDFLAGS make clean make V=1 -j4 \ TARGET=linux2628 \ USE_PCRE2=1 \ USE_PCRE2_JIT=1 \ USE_OPENSSL=1 \ SSL_INC="/usr/local/openssl11/include" \ SSL_LIB="/usr/local/openssl11/lib64" \ PCRE2_INC="/usr/local/include" \ PCRE2_LIB="/usr/local/lib64" ... gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -fno-strict-overflow -Wno-format-truncation -Wno-null-dereference -Wno-unused-label -DCONFIG_HAP_LINUX_SPLICE -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 -DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -I/usr/local/openssl11/include -DUSE_SYSCALL_FUTEX -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 -I/usr/local/include -DUSE_PCRE2_JIT -DCONFIG_HAPROXY_VERSION=\"1.8.10-ec17d7a\" -DCONFIG_HAPROXY_DATE=\"2018/06/22\" -c -o src/ssl_sock.o src/ssl_sock.c src/ssl_sock.c: In function ‘ssl_locking_function’: src/ssl_sock.c:220:13: error: ‘CRYPTO_LOCK’ undeclared (first use in this function); did you mean ‘CRYPTO_RWLOCK’? if (mode & CRYPTO_LOCK) { ^~~~~~~~~~~ CRYPTO_RWLOCK src/ssl_sock.c:220:13: note: each undeclared identifier is reported only once for each function it appears in src/ssl_sock.c:221:14: error: ‘CRYPTO_READ’ undeclared (first use in this function); did you mean ‘CRYPTO_ONCE’? if (mode & CRYPTO_READ) ^~~~~~~~~~~ CRYPTO_ONCE src/ssl_sock.c: In function ‘ssl_locking_init’: src/ssl_sock.c:238:43: warning: implicit declaration of function ‘CRYPTO_num_locks’; did you mean ‘CRYPTO_realloc’? [-Wimplicit-function-declaration] ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks()); ^~~~~~~~~~~~~~~~ CRYPTO_realloc src/ssl_sock.c:245:2: warning: implicit declaration of function ‘CRYPTO_set_id_callback’; did you mean ‘BIO_set_callback’? [-Wimplicit-function-declaration] CRYPTO_set_id_callback(ssl_id_function); ^~~~~~~~~~~~~~~~~~~~~~ BIO_set_callback src/ssl_sock.c:246:2: warning: implicit declaration of function ‘CRYPTO_set_locking_callback’; did you mean ‘BIO_set_info_callback’? [-Wimplicit-function-declaration] CRYPTO_set_locking_callback(ssl_locking_function); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ BIO_set_info_callback src/ssl_sock.c: In function ‘ssl_sock_do_create_cert’: src/ssl_sock.c:1693:23: warning: implicit declaration of function ‘X509_get_notBefore’; did you mean ‘X509_getm_notBefore’? [-Wimplicit-function-declaration] if (!X509_gmtime_adj(X509_get_notBefore(newcrt), (long)-60*60*24) || ^~~~~~~~~~~~~~~~~~ X509_getm_notBefore src/ssl_sock.c:1693:23: warning: passing argument 1 of ‘X509_gmtime_adj’ makes pointer from integer without a cast [-Wint-conversion] if (!X509_gmtime_adj(X509_get_notBefore(newcrt), (long)-60*60*24) || ^~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from /usr/local/openssl11/include/openssl/pem.h:17, from /usr/local/openssl11/include/openssl/ssl.h:55, from src/ssl_sock.c:43: /usr/local/openssl11/include/openssl/x509.h:479:12: note: expected ‘ASN1_TIME *’ {aka ‘struct asn1_string_st *’} but argument is of type ‘int’ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); ^~~~~~~~~~~~~~~ src/ssl_sock.c:1694:23: warning: implicit declaration of function ‘X509_get_notAfter’; did you mean ‘X509_getm_notAfter’? [-Wimplicit-function-declaration] !X509_gmtime_adj(X509_get_notAfter(newcrt),(long)60*60*24*365)) ^~~~~~~~~~~~~~~~~ X509_getm_notAfter src/ssl_sock.c:1694:23: warning: passing argument 1 of ‘X509_gmtime_adj’ makes pointer from integer without a cast [-Wint-conversion] !X509_gmtime_adj(X509_get_notAfter(newcrt),(long)60*60*24*365)) ^~~~~~~~~~~~~~~~~~~~~~~~~ In file included from /usr/local/openssl11/include/openssl/pem.h:17, from /usr/local/openssl11/include/openssl/ssl.h:55, from src/ssl_sock.c:43: /usr/local/openssl11/include/openssl/x509.h:479:12: note: expected ‘ASN1_TIME *’ {aka ‘struct asn1_string_st *’} but argument is of type ‘int’ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); ^~~~~~~~~~~~~~~ src/ssl_sock.c: In function ‘ssl_get_dh_1024’: src/ssl_sock.c:2421:7: warning: implicit declaration of function ‘BN_bin2bn’; did you mean ‘OBJ_nid2sn’? [-Wimplicit-function-declaration] p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL); ^~~~~~~~~ OBJ_nid2sn src/ssl_sock.c:2421:5: warning: assignment to ‘BIGNUM *’ {aka ‘struct bignum_st *’} from ‘int’ makes pointer from integer without a cast [-Wint-conversion] p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL); ^ src/ssl_sock.c:2422:5: warning: assignment to ‘BIGNUM *’ {aka ‘struct bignum_st *’} from ‘int’ makes pointer from integer without a cast [-Wint-conversion] g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL); ^ src/ssl_sock.c: In function ‘ssl_get_dh_2048’: src/ssl_sock.c:2468:5: warning: assignment to ‘BIGNUM *’ {aka ‘struct bignum_st *’} from ‘int’ makes pointer from integer without a cast [-Wint-conversion] p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL); ^ src/ssl_sock.c:2469:5: warning: assignment to ‘BIGNUM *’ {aka ‘struct bignum_st *’} from ‘int’ makes pointer from integer without a cast [-Wint-conversion] g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL); ^ src/ssl_sock.c: In function ‘ssl_get_dh_4096’: src/ssl_sock.c:2536:5: warning: assignment to ‘BIGNUM *’ {aka ‘struct bignum_st *’} from ‘int’ makes pointer from integer without a cast [-Wint-conversion] p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL); ^ src/ssl_sock.c:2537:5: warning: assignment to ‘BIGNUM *’ {aka ‘struct bignum_st *’} from ‘int’ makes pointer from integer without a cast [-Wint-conversion] g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL); ^ src/ssl_sock.c: In function ‘smp_fetch_ssl_x_notafter’: src/ssl_sock.c:6244:24: warning: passing argument 1 of ‘ssl_sock_get_time’ makes pointer from integer without a cast [-Wint-conversion] if (ssl_sock_get_time(X509_get_notAfter(crt), smp_trash) <= 0) ^~~~~~~~~~~~~~~~~~~~~~ src/ssl_sock.c:5770:30: note: expected ‘ASN1_TIME *’ {aka ‘struct asn1_string_st *’} but argument is of type ‘int’ ssl_sock_get_time(ASN1_TIME *tm, struct chunk *out) ~~~~~~~~~~~^~ src/ssl_sock.c: In function ‘smp_fetch_ssl_x_notbefore’: src/ssl_sock.c:6344:24: warning: passing argument 1 of ‘ssl_sock_get_time’ makes pointer from integer without a cast [-Wint-conversion] if (ssl_sock_get_time(X509_get_notBefore(crt), smp_trash) <= 0) ^~~~~~~~~~~~~~~~~~~~~~~ src/ssl_sock.c:5770:30: note: expected ‘ASN1_TIME *’ {aka ‘struct asn1_string_st *’} but argument is of type ‘int’ ssl_sock_get_time(ASN1_TIME *tm, struct chunk *out) ~~~~~~~~~~~^~ src/ssl_sock.c: In function ‘__ssl_sock_init’: src/ssl_sock.c:8800:2: warning: implicit declaration of function ‘SSL_library_init’; did you mean ‘SSL_in_init’? [-Wimplicit-function-declaration] SSL_library_init(); ^~~~~~~~~~~~~~~~ SSL_in_init src/ssl_sock.c:8832:9: warning: implicit declaration of function ‘SSLeay_version’; did you mean ‘SSL_version’? [-Wimplicit-function-declaration] SSLeay_version(SSLEAY_VERSION), ^~~~~~~~~~~~~~ SSL_version src/ssl_sock.c:8832:24: error: ‘SSLEAY_VERSION’ undeclared (first use in this function); did you mean ‘SSL2_VERSION’? SSLeay_version(SSLEAY_VERSION), ^~~~~~~~~~~~~~ SSL2_VERSION src/ssl_sock.c:8833:36: warning: implicit declaration of function ‘SSLeay’; did you mean ‘SSLerr’? [-Wimplicit-function-declaration] ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : ""); ^~~~~~ SSLerr src/ssl_sock.c: In function ‘__ssl_sock_deinit’: src/ssl_sock.c:8925:9: warning: implicit declaration of function ‘ERR_free_strings’; did you mean ‘ERR_load_strings’? [-Wimplicit-function-declaration] ERR_free_strings(); ^~~~~~~~~~~~~~~~ ERR_load_strings src/ssl_sock.c:8927:9: warning: implicit declaration of function ‘EVP_cleanup’; did you mean ‘EVP_PBE_cleanup’? [-Wimplicit-function-declaration] EVP_cleanup(); ^~~~~~~~~~~ EVP_PBE_cleanup src/ssl_sock.c:8930:9: warning: implicit declaration of function ‘CRYPTO_cleanup_all_ex_data’; did you mean ‘CRYPTO_dup_ex_data’? [-Wimplicit-function-declaration] CRYPTO_cleanup_all_ex_data(); ^~~~~~~~~~~~~~~~~~~~~~~~~~ CRYPTO_dup_ex_data make: *** [Makefile:909: src/ssl_sock.o] Error 1