RE: FIPS error on Apache httpd v2.4.3, OpenSSL 1.0.1c and fips-2.0.1
Hi, Cassie I followed your post. I tried to recompile Apache with the recommendation that you given. I tried to rename Redhat's libcrypto and libssl to something else then Apache complains about LDAP library missing in the configure phase. I then tried using LDFLAGS for configure in Apache but no success. I also tried LD_LIBRARY_PATH to specify /usr/local/ssl/lib but also no luck. What else the trick that I can use? Thanks. Ryan -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Helms, Cassie Sent: Thursday, August 23, 2012 3:26 PM To: openssl-users@openssl.org Subject: RE: FIPS error on Apache httpd v2.4.3, OpenSSL 1.0.1c and fips-2.0.1 Ryan, A previous thread, fingerprint does not match on FIPS_mode_set when FIPS + openssl is dynamically linked into build, might be of some use to you. As a first step, you may want to use ldd on your executable to make sure libcrypto.so/a points to 1.0.1c and not some other version of openssl. The thread has more information on this issue. Cassie __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
FIPS enabled OpenSSL v1.0.1c
Hi, When I tried to start Apache(v2.4.3) with FIPS enabled OpenSSL v1.0.1c on RHEL v6.3, I was prompted for the pass phrase which is normal. After I typed in correct pass phrase, I got a message: Apache: mod_ssl:Error: Pass phrase incorrect (5 more retries permitted). When I ctrl-c to exist, I got another message: Apache:mod_ssl:Error: Private key not found. Which is not correct since the private key is there. The key and certificate was generated by older version of FIPS disabled OpenSSL. I copied the key and certificate from older version of web server for the new version web server to use. Once I disabled FIPS in the Apache configuration file, I typed in the same pass phrase and I can start httpd v2.4.3. Is this something from Apache or OpenSSL side for the wrong pass phrase prompt? What else do I need to do or check? Thanks. Ryan Jiang This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: FIPS error on Apache httpd v2.4.3, OpenSSL 1.0.1c and fips-2.0.1
Thanks, Cassie Ldd shows Apache httpd uses Redhat (v6.x)'s built in /lib64/libcrypto.so/a not my OpenSSL's /usr/local/ssl/lib/libcrypto.so. I got to fix that problem first. Thanks. Ryan Jiang -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Helms, Cassie Sent: Thursday, August 23, 2012 3:26 PM To: openssl-users@openssl.org Subject: RE: FIPS error on Apache httpd v2.4.3, OpenSSL 1.0.1c and fips-2.0.1 Ryan, A previous thread, fingerprint does not match on FIPS_mode_set when FIPS + openssl is dynamically linked into build, might be of some use to you. As a first step, you may want to use ldd on your executable to make sure libcrypto.so/a points to 1.0.1c and not some other version of openssl. The thread has more information on this issue. Cassie __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
FIPS error on Apache httpd v2.4.3, OpenSSL 1.0.1c and fips-2.0.1
Hi, I am not sure this mailing list is the proper one to ask for the problem that I have. I enabled fips when I compiled OpenSSL 1.0.1c. # /usr/local/ssl/bin/openssl OpenSSL version OpenSSL 1.0.1c-fips 10 May 2012 OpenSSL I compiled Apache httpd v2.4.3 against this version of OpenSSL. If I disable FIPS on the web server, the web server starts fine no problem. If I enable FIPS on the web server, when I started the web server, I got an error message. # cat error_log [Thu Aug 23 10:30:03.014417 2012] [ssl:emerg] [pid 3190:tid 139842618164992] AH01885: FIPS mode failed [Thu Aug 23 10:30:03.014546 2012] [ssl:emerg] [pid 3190:tid 139842618164992] SSL Library Error: error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match [Thu Aug 23 10:30:03.014564 2012] [ssl:emerg] [pid 3190:tid 139842618164992] AH02312: Fatal error initialising mod_ssl, exiting. Does anyone know how to fix the problem? Thanks. Ryan Jiang This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Compiling openssl 1.0.1c with fips 2.0.1
Thanks, Cassie. Ryan -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Cassie Helms Sent: Friday, August 10, 2012 12:08 PM To: openssl-users@openssl.org Subject: Re: Compiling openssl 1.0.1c with fips 2.0.1 ar: creating ../libcrypto.a [ -z /usr/local/ssl/fips-2.0/lib ] || ar r ../libcrypto.a /usr/local/ssl/fips-2.0/libfipscanister.o ar: /usr/local/ssl/fips-2.0/libfipscanister.o: No such file or directory Here is your problem, perhaps -- missing a slash at the end of lib. Should be pointing to /usr/local/ssl/fips-2.0/lib/fipscanister.o instead of /usr/local/ssl/fips-2.0/libfipscanister.o I suspect when you run a regular make it can't find fipscanister.o either. May want to verify. Cassie __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Compiling openssl 1.0.1c with fips 2.0.1
Hi, I am trying to compile openssl 1.0.1c with fips 2.0.1 enabled on Redhat RHEL 6.3 64bit server. I first compiled fips 2.0.1 in the source tree directory: # config # make # make install I then tried to compile openssl 1.0.1c in the source tree directory per FIPS user guide: # ./config fips -fPIC --with-fipslibdir=/usr/local/ssl/fips-2.0/lib At the end, I got a message: - ... generating dummy tests (if needed)... make[1]: Entering directory `/home/rc6/openssl-1.0.1c/test' make[1]: Nothing to be done for `generate'. make[1]: Leaving directory `/home/rc6/openssl-1.0.1c/test' Since you've disabled or enabled at least one algorithm, you need to do the following before building: make depend Configured for linux-x86_64. -- I then did the command followed above instruction. # make depend # make test I got some error message: -- ... gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fPIC -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/fips-2.0/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o x86_64cpuid.o x86_64cpuid.s ar r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o x86_64cpuid.o ar: creating ../libcrypto.a [ -z /usr/local/ssl/fips-2.0/lib ] || ar r ../libcrypto.a /usr/local/ssl/fips-2.0/libfipscanister.o ar: /usr/local/ssl/fips-2.0/libfipscanister.o: No such file or directory make[3]: *** [../libcrypto.a] Error 1 make[3]: Leaving directory `/home/rc6/openssl-1.0.1c/crypto' make[2]: *** [build_crypto] Error 1 make[2]: Leaving directory `/home/rc6/openssl-1.0.1c' make[1]: *** [../libcrypto.a] Error 2 make[1]: Leaving directory `/home/rc6/openssl-1.0.1c/test' make: *** [tests] Error 2 -- Can anyone give me the correct procedure to compile openssl with fips enabled? I can compile openssl no problem without fips enabled. Thanks. Ryan Jiang This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSl v1.0.1c and Apache httpd v2.2.22
Hi, I am trying to use openssl v1.0.1c or 1.0.0j with Apache v.2.2.22 but failed. I can use v1.0.0g no problem. It failed at configure phase of Apache. I posted error message in the Apache mailing list twice but no answer. I am not sure this mailing list can help me or not. Thanks. # ./configure ... --enable-ssl=shared --enable-ssl --with-ssl=/usr/local/ssl ... ... checking whether to enable mod_ssl... checking dependencies checking for SSL/TLS toolkit base... /usr/local/ssl adding -I/usr/local/ssl/include to CPPFLAGS adding -I/usr/local/ssl/include to INCLUDES adding -L/usr/local/ssl/lib to LDFLAGS checking for OpenSSL version... checking openssl/opensslv.h usability... yes checking openssl/opensslv.h presence... yes checking for openssl/opensslv.h... yes checking openssl/ssl.h usability... yes checking openssl/ssl.h presence... yes checking for openssl/ssl.h... yes OK forcing SSL_LIBS to -lssl -lcrypto adding -lssl to LIBS adding -lcrypto to LIBS checking openssl/engine.h usability... yes checking openssl/engine.h presence... yes checking for openssl/engine.h... yes checking for SSLeay_version... yes checking for SSL_CTX_new... no checking for ENGINE_init... no checking for ENGINE_load_builtin_engines... no checking for SSL_set_cert_store... no configure: error: ... Error, SSL/TLS libraries were missing or unusable [root@server httpd-2.2.22]# Ryan Jiang This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Can't start Apache when ssl is enabled on RHEL v5.7
Hi, I have two Apache 2.2.21 reverse proxy servers on Solaris 10 (SPARC) with OpenSSL (v1.0.0x) enabled. They are running fine so far. Now we want to migrate Apache to Redhat Enterprise server v5.7 (64 bit). I compiled Oopenssl with 64 bit option specified on RHEL and then compiled Apache the same way and same option as on the Solaris through a script that I saved. I copied all the modified necessary configuration files from Solaris and certificates from Solaris to Redhat and made necessary changes such as IP addresses for Apache. When I start Apache on the Redhat, Apache just sits there without giving back the shell prompt. The Apache access log and error log are empty so I don't know the reason. If I disable Apache's https and start only http, Apache starts fine. Does anyone know what could be for ssl problem on Redhat? Thanks. Ryan Jiang This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited.
RE: Can't start Apache when ssl is enabled on RHEL v5.7
Hi, One more piece of information, Apache never prompts me for the Pass Phrase when it starts with https enabled on Redhat which it supposed to. Ryan Jiang From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Ruiyuan Jiang Sent: Monday, January 23, 2012 6:18 PM To: openssl-users@openssl.org Subject: Can't start Apache when ssl is enabled on RHEL v5.7 Hi, I have two Apache 2.2.21 reverse proxy servers on Solaris 10 (SPARC) with OpenSSL (v1.0.0x) enabled. They are running fine so far. Now we want to migrate Apache to Redhat Enterprise server v5.7 (64 bit). I compiled Oopenssl with 64 bit option specified on RHEL and then compiled Apache the same way and same option as on the Solaris through a script that I saved. I copied all the modified necessary configuration files from Solaris and certificates from Solaris to Redhat and made necessary changes such as IP addresses for Apache. When I start Apache on the Redhat, Apache just sits there without giving back the shell prompt. The Apache access log and error log are empty so I don't know the reason. If I disable Apache's https and start only http, Apache starts fine. Does anyone know what could be for ssl problem on Redhat? Thanks. Ryan Jiang This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited.
RE: Can't start Apache when ssl is enabled on RHEL v5.7
Thanks, Mr. Rowe. It is. Ryan jiang From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of William A Rowe Jr Sent: Monday, January 23, 2012 6:30 PM To: openssl-users@openssl.org Subject: Re: Can't start Apache when ssl is enabled on RHEL v5.7 /dev/random is your culprit... your config isn't 100% transportable between Solaris and linux. Sent from my Verizon Wireless 4G LTE Phone -Original message- From: Ruiyuan Jiang ruiyuan_ji...@liz.com To: openssl-users@openssl.org openssl-users@openssl.org Sent: Mon, Jan 23, 2012 23:23:51 GMT+00:00 Subject: Can't start Apache when ssl is enabled on RHEL v5.7 Hi, I have two Apache 2.2.21 reverse proxy servers on Solaris 10 (SPARC) with OpenSSL (v1.0.0x) enabled. They are running fine so far. Now we want to migrate Apache to Redhat Enterprise server v5.7 (64 bit). I compiled Oopenssl with 64 bit option specified on RHEL and then compiled Apache the same way and same option as on the Solaris through a script that I saved. I copied all the modified necessary configuration files from Solaris and certificates from Solaris to Redhat and made necessary changes such as IP addresses for Apache. When I start Apache on the Redhat, Apache just sits there without giving back the shell prompt. The Apache access log and error log are empty so I don't know the reason. If I disable Apache’s https and start only http, Apache starts fine. Does anyone know what could be for ssl problem on Redhat? Thanks. Ryan Jiang This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited.
Migrate from RSA key to PK12 format
Hi, I have a certificate generated with RSA format for Apache web server. Now I have a need to convert the key and cert or generate a new key, csr with same URL name using PK12 format to migrate to MS Windows platform. Can anyone help me? Thanks. Ryan Jiang This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited.
RE: Download fips 1.2.3
Well, Kyle I don't think tar is the problem here. After I had the problem with v1.2.3, I downloaded fips 1.2.2 afterwards and I don't have problem to untar the tar ball. Ryan -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Kyle Hamilton Sent: Monday, May 23, 2011 11:56 PM To: openssl-users@openssl.org Subject: Re: Download fips 1.2.3 Solaris has a buggy tar. You need to use gnu tar. -Kyle H On Mon, May 23, 2011 at 3:11 PM, Ruiyuan Jiang ruiyuan_ji...@liz.com wrote: Hi, all Has anyone had problem with openssl-fips-1.2.3.tar.gz? When I tried to “tar xvf” on my Solaris 10 SPARC, the source had error message “unexpected EOF”. I have tried with different proxy servers and direct download from the site but had no luck. I now downloaded v1.2.2 and no problem with the source to configure and make. Thanks. Ryan Jiang This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited.
Download fips 1.2.3
Hi, all Has anyone had problem with openssl-fips-1.2.3.tar.gz? When I tried to tar xvf on my Solaris 10 SPARC, the source had error message unexpected EOF. I have tried with different proxy servers and direct download from the site but had no luck. I now downloaded v1.2.2 and no problem with the source to configure and make. Thanks. Ryan Jiang This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited.
RE: Download fips 1.2.3
Hi, Eric That is what I did exactly and failed on tar xvf and I don't have problem with 1.2.2. Ryan -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Eric S. Eberhard Sent: Monday, May 23, 2011 6:22 PM To: openssl-users@openssl.org; openssl-users@openssl.org Subject: Re: Download fips 1.2.3 You need to: gunzip openssl-fips-1.2.3.tar.gz That will create openssl-fips-1.2.3.tar Then tar -xvf openssl-fips-1.2.3.tar Eric At 03:11 PM 5/23/2011, Ruiyuan Jiang wrote: Hi, all Has anyone had problem with openssl-fips-1.2.3.tar.gz? When I tried to tar xvf on my Solaris 10 SPARC, the source had error message unexpected EOF. I have tried with different proxy servers and direct download from the site but had no luck. I now downloaded v1.2.2 and no problem with the source to configure and make. Thanks. Ryan Jiang This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Openssl for Solaris 10
Never mind, Ramon. I think openssl 0.9.8 supports Solaris 10. The problem that I had was that I did not update gcc header file. When I installed pre-compiled gcc on the Solaris 10, there is an instruction about to update gcc header file but I did not do that at the time. After I updated gcc header file, both openssl 0.9.7g and 0.9.8 was compiled fine. I am not sure why you got the problem maybe library files were not in your path? Thanks anyway. Ryan -Original Message- From: Ramon Berger [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 6:06 PM To: Ruiyuan Jiang Subject: Re: Openssl for Solaris 10 Ruiyan, What error are you getting? I had a problem with 0.9.8 on Solaris 10 and 9. But I got the following information from Tim Rosmus [EMAIL PROTECTED], from this mailing list... |# gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o |sshconnect1.o # sshconnect2.o -L. -Lopenbsd-compat/ -L/opt/ssl/lib |-R/opt/ssl/lib -lssh # -lopenbsd-compat -lresolv -lcrypto -lrt -lz |-lsocket -lnsl # |# Undefined first referenced |# symbol in file |# dlopen /opt/ssl/lib/libcrypto.a(dso_dlfcn.o) |# (symbol belongs to implicit dependency /usr/lib/libdl.so.1) |# dlclose /opt/ssl/lib/libcrypto.a(dso_dlfcn.o) |# (symbol belongs to implicit dependency /usr/lib/libdl.so.1) |# dlsym /opt/ssl/lib/libcrypto.a(dso_dlfcn.o) |# (symbol belongs to implicit dependency /usr/lib/libdl.so.1) |# dlerror /opt/ssl/lib/libcrypto.a(dso_dlfcn.o) |# (symbol belongs to implicit dependency /usr/lib/libdl.so.1) # ld: |fatal: Symbol referencing errors. No output written to ssh # collect2: |ld returned 1 exit status # make: *** [ssh] Error 1 # Add --with-ldflags=-ldl to your configure run for openssh. -- Tim Rosmus [EMAIL PROTECTED] Postmaster / USENET / DNS Northwest Nexus Inc. Hi, all Does openssl 0.9.7g and 0.9.8 supports Solaris 10? The config command passed but make failed for both version. Thanks. Ryan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]