You've specified the wrong SSL_INC folder, which led to the build system
failing to find it in the provided location and searching for it itself.
OpenSSL headers live at ${includedir}/openssl by default. This means
specifying SSL_INC as /usr/include/openssl leads to the build system
looking for OpenSSL headers in /usr/include/openssl/openssl which it
cannot find. It moves on to looking for OpenSSL by itself which leads to
the same result as not having provided SSL_INC.
Try building with SSL_INC=/usr/include and you should be good to build.
When running HAProxy you'll have to make sure that the library
resolution order is consistent with the library you linked against (ie.
/usr/local/lib is searched after /usr/lib) or you'll face some weird
issues and crashes.
Erwan
On 04/11/2021 18:28, Shawn Heisey wrote:
On 11/4/21 7:55 AM, Willy Tarreau wrote:
Normally you just have to specify SSL_INC and SSL_LIB at build time to
specify the one you want to build with. I'm doing exactly this when I
want to build with older versions:
I tried this. My make command (building 2.4.8) had these env additions:
SSL_INC=/usr/include/openssl \
SSL_LIB=/usr/lib/x86_64-linux-gnu \
Which should have told it to use the openssl provided by Ubuntu
packages. But that didn't work, it still found the 3.x version in
/usr/local (installed with openssl default locations for ./Configure),
and failed to compile.
I thought I found an error in the Makefile where setting USE_OPENSSL
clears SSL_INC and SSL_LIB, but even with that problem handled (I
think ... my Makefile experience is slim), it STILL finds the 3.x
version and tries to use it.
Changing the prefix on the openssl compile to something nonstandard
(/usr/local/ssl3 in my case) is the only way I have found to keep the
haproxy build from finding it. This is less than ideal, but
sufficient for my needs.
Thanks,
Shawn
