Thanks Francis for the help. I tried solution #2, it worked well. Now I want for a fresh install. so, after untar'ing the kea src, I edited configure (appended -lcrypto with -lssl) and did usual installation (configure, make, make install) and it worked well too. Hope this is a recommended way.
On Thu, Jun 15, 2017 at 11:27 PM, Francis Dupont <fdup...@isc.org> wrote: > Gokulakrishnan Gopalakrishnan writes: > > ... > > for making HTTPS Call using boost. While starting the server, I'm getting > > error loading user_chk lib (*undefined Symbol: SSL_library_unit*). > > => the cryptolink library uses either the Botan or the OpenSSL crypto > backend (it was initially Botan only but I added OpenSSL to provide > an alternative, e.g. for people requiring a certified crypto). > So if you build Kea with the OpenSSL backend you get the -lcrypto > dependeny, i.e. the low level OpenSSL library. Note that we chose to > not include direct HTTPS/TLS support inside Kea even both Botan and > OpenSSL support TLS, of course with very different API. > To conclude in your case you need the second SSL/TLS OpenSSL library -lssl > > > to build the library with "-lcrypto - lssl". I'm bit confused on how to > > change the Makefile to build the library using these two libs. > > => you have two choices: > - you modify the Makefile.am and rerun autoconf, configure, etc > > - you patch config.status to add -lssl in a variable definition > for instance the one with -lcrypto (i.e. you substitute "-lcrypto" > by "-lcrypto -lssl" everywhere) and you rerun it by: > sh ./config.status > > I use often the second solution because it is quick but it is dirty too > so if it fixes your problem you have to try the first/clean way after. > > // Extra notes for corner cases, mainly the hook library case > > Note the order can matter (in theory it should not but in practice > it could). And if you are working with a DSO (aka hook library) > things can become really complex as hooks are loaded using dlopen() > so anything the hook can need must be available in the Kea binary. > > There are already a few hacks to enforce some symbols to be visible, > you have an example at the end of src/lib/eval/lexer.ll you can > adapt to enforce a reference to a symbol in -lssl (without this > the dynamic library libssl.so will be skipped by ld when the Kea > binary is built). So if you have the -lssl not adding the library > you should: > - check if the libssl.so is linked by something like > libtool --mode=execute ldd kea-dhcp4 > (with libtool kea-dhcp4 is a shell script, the real binary is in > the src/bin/dhcp4/.libs directory and ldd applied directly on it > just returns errors saying it can't find libraries) > ldd on Linux and BSDs returns the list of dynamic libraries used > by the binary > > - if libssl.so is not listed by ldd then add a hack at the end of > src/lib/cryptolink/openssl_link.cc with a reference to a libssl.so > symbol. Choose one (e.g., SSL_library_init), add its include > (<openssl/ssl.h>) and a call to it as in lexer.ll. Note the function > will be never really called but it will be referenced. > Rebuild and recheck. > > Regards > > Francis Dupont <fdup...@isc.org> > > PS: I assume you use dynamic linking on Linux or BSD. If you use static > linking (./configure --enable-static-link) and/or Apple OS X / macOS > some details change. >
_______________________________________________ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users