[users@httpd] Is there any way I can use a lock to control the threads that are using mod_ssl?
Hello, I understand it is a weird question. For an experiment, I need one thread at a time to call the OpenSSL engine while others are waiting. Once one thread is finished, the other thread can start to call the engine and goes on. I was thinking of using a lock to wrap around a mod_ssl function ( I do not know which mod_ssl function actually calls the OpenSSL engine) that actually call the OpenSSL engine. I'm not sure, if this is going to work or not. Can anyone please give me an Idea? Thanks, Shariful Alam
Re: [users@httpd] Linking a third party library with httpd during installation
Hi Yann, Thank you very much. That command works! Configuration script runs with no error so far. Much appreciated. Thanks, Shariful On Wed, Oct 20, 2021 at 4:25 PM Yann Ylavic wrote: > On Wed, Oct 20, 2021 at 10:55 PM Shariful Alam wrote: > > > > I do not understand why it shows my C compiler is not working? The > config.log https://pastebin.com/U72JMZqF > > This is because "./configure" will try to run this command to test the > compile: > > gcc -DSSL_EXPERIMENTAL_ENGINE -DSSL_ENGINE -DOPENSSL_LOAD_CONF -g > -O2 -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -L./libxxx > -Wl,-Bstatic -lxxx -Wl,-rpath=/opt/openssl/lib conftest.c > > which raises: > 1. /usr/bin/ld: cannot find -lxxx > 2. /usr/bin/ld: cannot find -lgcc_s > 3. /usr/bin/ld: cannot find -lgcc_s > > You probably can address 1. by using the real lib name. > For 2. and 3. I'd suggest: > LDFLAGS='-L./libxxx -Wl,-Bstatic -lxxx -Wl,-Bdynamic > -Wl,-rpath=/opt/openssl/lib' > because only the libs between -Bstatic and -Bdynamic should be linked > statically. > Though probably the '-Wl,-Bstatic -lxxx -Wl,-Bdynamic' belongs more in > LIBS=... > > Also note that you could use NOTEST_LDFLAGS and NOTEST_LIBS (instead > of LDFLAGS and LIBS) for them to apply to the httpd linking only (they > won't be added to all the gcc tests run by ./configure). They need to > be correct still, otherwise ./configure will pass but not make.. > > Regards; > Yann. > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] Linking a third party library with httpd during installation
Hi Eric, I believe the *config.log* file that the error is referring to is in *httpd-2.4.46*'s root directory. Here is full the config.log, https://pastebin.com/U72JMZqF. On lines 101-105, it shows that my static archive file is missing, 1. configure:5361: checking whether the C compiler works 2. configure:5383: gcc -DSSL_EXPERIMENTAL_ENGINE -DSSL_ENGINE -DOPENSSL_LOAD_CONF -g -O2 -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -L./libxxx -Wl,-Bstatic -lxxx -Wl,-rpath=/opt/openssl/lib conftest.c >&5 3. /usr/bin/ld: cannot find -lxxx 4. /usr/bin/ld: cannot find -lgcc_s 5. /usr/bin/ld: cannot find -lgcc_s 6. collect2: error: ld returned 1 exit status 7. configure:5387: $? = 1 8. configure:5425: result: no 9. configure: failed program was Any Idea why is that? On Wed, Oct 20, 2021 at 3:57 PM Eric Covener wrote: > > configure: error: in `/home/apache/Downloads/httpd-2.4.46': > > configure: error: C compiler cannot create executables > > See `config.log' for more details > > IIUC you can find the compiler error in srclib/apr-util/config.log by > scrolling backwards from the end and looking for your gcc. > One of the flags you're passing is causing the compiler to blow up > when probing for capabilities. > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] Linking a third party library with httpd during installation
Thanks, @Eric, @Konstantin for pointing that out that missing quote and extra whitespace. Appreciate it. I'm new to all this linking and these always make me confused. I tried the following, CFLAGS='-DSSL_EXPERIMENTAL_ENGINE -DSSL_ENGINE -DOPENSSL_LOAD_CONF' LDFLAGS='-L./libxxx -Wl,-Bstatic -lxxx -Wl,-rpath=/opt/openssl/lib' ./configure --prefix=/etc/apache2 --enable-ssl --with-ssl=/opt/openssl/ --with-pcre=/usr/local/pcre --enable-so and it shows me, checking for chosen layout... Apache checking for working mkdir -p... yes checking for grep that handles long lines and -e... /bin/grep checking for egrep... /bin/grep -E checking build system type... x86_64-pc-linux-gnu checking host system type... x86_64-pc-linux-gnu checking target system type... x86_64-pc-linux-gnu configure: configure: Configuring Apache Portable Runtime library... configure: checking for APR... yes setting CC to "gcc" setting CPP to "gcc -E" adding "-g" to CFLAGS adding "-O2" to CFLAGS adding "-pthread" to CFLAGS setting CPPFLAGS to " -DLINUX -D_REENTRANT -D_GNU_SOURCE" configure: configure: Configuring Apache Portable Runtime Utility library... configure: checking for APR-util... yes checking for gcc... gcc checking whether the C compiler works... no configure: error: in `/home/apache/Downloads/httpd-2.4.46': configure: error: C compiler cannot create executables See `config.log' for more details I do not understand why it shows my C compiler is not working? The config.log https://pastebin.com/U72JMZqF Thanks, Shariful On Wed, Oct 20, 2021 at 1:18 PM Konstantin Kolinko wrote: > ср, 20 окт. 2021 г. в 21:59, Shariful Alam : > > > > Hello, > > > > I'm trying to install httpd-2.4.46 from the source. Usually, I use the > following command to configure and it works fine, > > > > ~/Downloads/httpd-2.4.46$ CFLAGS='-DSSL_EXPERIMENTAL_ENGINE > -DSSL_ENGINE -DOPENSSL_LOAD_CONF' LDFLAGS=-Wl,-rpath=/opt/openssl/lib > ./configure --prefix=/etc/apache2 --enable-ssl --with-ssl=/opt/openssl/ > --with-pcre=/usr/local/pcre --enable-so > > > > > > Currently, I'm trying to link a third-party library while installing the > httpd. using the following command, > > > > ~/Downloads/httpd-2.4.46$ CFLAGS='-DSSL_EXPERIMENTAL_ENGINE > -DSSL_ENGINE -DOPENSSL_LOAD_CONF' LDFLAGS= -L./libxxx -Wl, -Bstatic -lxxx > -Wl, -rpath=/opt/openssl/lib ./configure --prefix=/etc/apache2 --enable-ssl > --with-ssl=/opt/openssl/ --with-pcre=/usr/local/pcre --enable-so > > > > > > and it shows the following error, > > > >-bash: -L./libxxx: No such file or directory > > > > However, the "libxxx " directory presents in the same directory from > where I'm running the above command. > > > > Note that in your command line there is a whitespace just after > "LDFLAGS=" and before its supposed value. > > A shell command may be preceded by a series of variable assignments. > When the shell encounters the whitespace just after "LDFLAGS=" it > interprets that it ends those assignments, and tries to execute > "-L./libxxx" as the command. > > > https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_09_01 > > Best regards, > Konstantin Kolinko > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
[users@httpd] Linking a third party library with httpd during installation
Hello, I'm trying to install httpd-2.4.46 from the source. Usually, I use the following command to configure and it works fine, *~/Downloads/httpd-2.4.46$ *CFLAGS='-DSSL_EXPERIMENTAL_ENGINE -DSSL_ENGINE -DOPENSSL_LOAD_CONF' LDFLAGS=-Wl,-rpath=/opt/openssl/lib ./configure --prefix=/etc/apache2 --enable-ssl --with-ssl=/opt/openssl/ --with-pcre=/usr/local/pcre --enable-so Currently, I'm trying to link a third-party library while installing the httpd. using the following command, *~/Downloads/httpd-2.4.46$* CFLAGS='-DSSL_EXPERIMENTAL_ENGINE -DSSL_ENGINE -DOPENSSL_LOAD_CONF' LDFLAGS= -L./libxxx -Wl, -Bstatic -lxxx -Wl, -rpath=/opt/openssl/lib ./configure --prefix=/etc/apache2 --enable-ssl --with-ssl=/opt/openssl/ --with-pcre=/usr/local/pcre --enable-so and it shows the following error, -bash: -L./libxxx: No such file or directory However, the "*libxxx* " directory presents in the same directory from where I'm running the above command. I'm not sure if this is the right approach to link a library. Any help on how can I link a library to "*httpd*" while installing it? Thanks, Shariful
[users@httpd] Why httpd-2.4.46 server not working with TLSv1.2?
Hello, I have installed *apache 2.4.46* from the source code. I have also installed *Openssl 1.1.1c* from the source code in "*/opt/openssl*" I use the following configuration while installing apache, CFLAGS='-DSSL_EXPERIMENTAL_ENGINE -DSSL_ENGINE -DOPENSSL_LOAD_CONF' LDFLAGS=-Wl,-rpath=/opt/openssl/lib ./configure --prefix=/etc/apache2 --enable-ssl --with-ssl=/opt/openssl/ --with-pcre=/usr/local/pcre --enable-so == My *httpd-ssl.conf *with the following configuration works fine with TLSv1.3, == SSLCipherSuite AES128-SHA256 SSLHonorCipherOrder on SSLProtocol all -SSLv3 However, If I try to use TLSv1.2, I get the following error, == xxx@xxx:~$ curl -k https://10.29.2.98 -verbose --tlsv1.2 --tls-max 1.2 * Trying 10.29.2.98:443... * Connected to 10.29.2.98 (10.29.2.98) port 443 (#0) * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS alert, bad record mac (532): * error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac * Closing connection 0 curl: (35) error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac = I also change *httpd-ssl.conf *like the following, = SSLCipherSuite AES128-SHA256 SSLHonorCipherOrder on #SSLProtocol all -SSLv3 SSLProtocol -all +TLSv1.2 = but still same error, === $curl -k https://10.29.2.98 -verbose * Trying 10.29.2.98:443... * Connected to 10.29.2.98 (10.29.2.98) port 443 (#0) * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS alert, bad record mac (532): * error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac * Closing connection 0 curl: (35) error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac == Any help, where did I make mistake? Thanks, Shariful Alam
Re: [users@httpd] Re: Help: Building httpd from source with specific (different then system default) OpenSSL
Hi Yann, It works!. Thanks. I'm a noob, I was trying to fix this for the past two days. At some point, I believe I tried with the LDFLAGS too. But I can see that I was using LDFLAGS incorrectly. Thanks for the help. Regards, Shariful Alam On Wed, Apr 7, 2021 at 3:02 PM Yann Ylavic wrote: > On Wed, Apr 7, 2021 at 10:56 PM Shariful Alam wrote: > > > > Yes, I'm looking for libssl. But not the default one. Here, you can see > that my mod_ssl.so is still linked with the default libssl. However, > during httpd installation, I use the following configuration, > > > > CFLAGS='-DSSL_EXPERIMENTAL_ENGINE -DSSL_ENGINE -DOPENSSL_LOAD_CONF' > ./configure --prefix=/etc/apache2 --enable-ssl --with-ssl=/opt/openssl/ssl > --with-pcre=/usr/local/pcre --enable-so > > > > so, my understanding is, with the above configuration, after a > successful build, my mod_ssl should be linked with the libssl.so > (/opt/openssl/ssl) not with the default (/lib/x86_64-linux-gnu/) > > Try adding LDFLAGS='-L/opt/openssl/ssl/lib > -Wl,-rpath,/opt/openssl/ssl/lib' here too in addition to (or even > instead of) the CFLAGS. > > > Regards; > Yann. > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] Re: Help: Building httpd from source with specific (different then system default) OpenSSL
Hi Christophe, Yes, I'm looking for *libssl. *But not the default one. Here, you can see that my *mod_ssl.so *is still linked with the default libssl. However, during httpd installation, I use the following configuration, - CFLAGS='-DSSL_EXPERIMENTAL_ENGINE -DSSL_ENGINE -DOPENSSL_LOAD_CONF' ./configure --prefix=/etc/apache2* --enable-ssl --with-ssl=/opt/openssl/ssl *--with-pcre=/usr/local/pcre --enable-so so, my understanding is, with the above configuration, after a successful build, my mod_ssl should be linked with the *libssl.so (/opt/openssl/ssl) *not with the default (/lib/x86_64-linux-gnu/) Regards, Shariful Alam On Wed, Apr 7, 2021 at 2:32 PM Christophe JAILLET < christophe.jail...@wanadoo.fr> wrote: > Le 07/04/2021 à 18:56, Shariful Alam a écrit : > > Hello Yann, > > Thanks for the reply. > > > > Following is the output of *ldd mod_ssl.so, * still the same. No sign of > > OpenSSL library. > > > > root@xxx:/etc/apache2/modules# ldd mod_ssl.so > > linux-vdso.so.1 => (0x7fffce1c5000) > > libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 > > Isn't libssl what you are looking for? ([1]) > > CJ > > [1]: https://wiki.openssl.org/index.php/Libssl_API > > > (0x7fec51b11000) > > libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 > > (0x7fec516cc000) > > libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 > > (0x7fec514af000) > > libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7fec510e5000) > > libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7fec50ee1000) > > /lib64/ld-linux-x86-64.so.2 (0x7fec51fb7000) > > > > Regards, > > Shariful > > > > On Wed, Apr 7, 2021 at 5:29 AM Yann Ylavic > <mailto:ylavic@gmail.com>> wrote: > > > > Hello, > > > > On Wed, Apr 7, 2021 at 10:30 AM Shariful Alam > <mailto:dipto...@gmail.com>> wrote: > > > > > > root@:/etc/apache2/bin# ldd httpd > > > linux-vdso.so.1 => (0x7fffe4df9000) > > > libpcre.so.1 => /usr/local/pcre/lib/libpcre.so.1 > (0x7ff2ad391000) > > > libaprutil-1.so.0 => /usr/local/apr/lib/libaprutil-1.so.0 > > (0x7ff2ad16b000) > > > libapr-1.so.0 => /usr/local/apr/lib/libapr-1.so.0 > > (0x7ff2acf38000) > > > libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 > > (0x7ff2acd1b000) > > > libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7ff2ac951000) > > > libexpat.so.0 => /usr/local/apr/lib/libexpat.so.0 > > (0x7ff2ac729000) > > > libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 > > (0x7ff2ac4f1000) > > > libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 > (0x7ff2ac2ed000) > > > /lib64/ld-linux-x86-64.so.2 (0x7ff2ad5ae000) > > > > > > Any comment on what I'm doing wrong? And How can I fix it? > > > > httpd itself needs no link to openssl, mod_ssl does though. > > So you should have a look at: > > # ldd /etc/apache2/modules/mod_ssl.so > > > > > > Regards; > > Yann. > > > > - > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > <mailto:users-unsubscr...@httpd.apache.org> > > For additional commands, e-mail: users-h...@httpd.apache.org > > <mailto:users-h...@httpd.apache.org> > > > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] Help: Building httpd from source with specific (different then system default) OpenSSL
Hello Yann, Thanks for the reply. Following is the output of *ldd mod_ssl.so, * still the same. No sign of OpenSSL library. root@xxx:/etc/apache2/modules# ldd mod_ssl.so linux-vdso.so.1 => (0x7fffce1c5000) libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x7fec51b11000) libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x7fec516cc000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x7fec514af000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7fec510e5000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7fec50ee1000) /lib64/ld-linux-x86-64.so.2 (0x7fec51fb7000) Regards, Shariful On Wed, Apr 7, 2021 at 5:29 AM Yann Ylavic wrote: > Hello, > > On Wed, Apr 7, 2021 at 10:30 AM Shariful Alam wrote: > > > > root@:/etc/apache2/bin# ldd httpd > > linux-vdso.so.1 => (0x7fffe4df9000) > > libpcre.so.1 => /usr/local/pcre/lib/libpcre.so.1 (0x7ff2ad391000) > > libaprutil-1.so.0 => /usr/local/apr/lib/libaprutil-1.so.0 > (0x7ff2ad16b000) > > libapr-1.so.0 => /usr/local/apr/lib/libapr-1.so.0 (0x7ff2acf38000) > > libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 > (0x7ff2acd1b000) > > libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7ff2ac951000) > > libexpat.so.0 => /usr/local/apr/lib/libexpat.so.0 (0x7ff2ac729000) > > libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x7ff2ac4f1000) > > libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7ff2ac2ed000) > > /lib64/ld-linux-x86-64.so.2 (0x7ff2ad5ae000) > > > > Any comment on what I'm doing wrong? And How can I fix it? > > httpd itself needs no link to openssl, mod_ssl does though. > So you should have a look at: > # ldd /etc/apache2/modules/mod_ssl.so > > > Regards; > Yann. > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
[users@httpd] Help: Building httpd from source with specific (different then system default) OpenSSL
Hello, I'm trying to install httpd from the source code. I have also install OpenSSL 1.1.1c from source code and I want httpd to use this OpenSSL library. However, while installing httpd, even mentioning httpd to configuring with my newly installed OpenSSL seems not working. Seeking advice from experts. I use the following configuration to install *OpenSSL-1.1.1c* - ./config --prefix=/opt/openssl -DOPENSSL_LOAD_CONF --openssldir=/opt/openssl/ssl And following configuration to install *httpd-2.4.46* - CFLAGS='-DSSL_EXPERIMENTAL_ENGINE -DSSL_ENGINE -DOPENSSL_LOAD_CONF' ./configure --prefix=/etc/apache2 --enable-ssl --with-ssl=/opt/openssl/ssl --with-pcre=/usr/local/pcre --enable-so After installation, I check *httpd *binary. But I'm not seeing any *OpenSSL *library link, *root@:/etc/apache2/bin# ldd httpd * linux-vdso.so.1 => (0x7fffe4df9000) libpcre.so.1 => /usr/local/pcre/lib/libpcre.so.1 (0x7ff2ad391000) libaprutil-1.so.0 => /usr/local/apr/lib/libaprutil-1.so.0 (0x7ff2ad16b000) libapr-1.so.0 => /usr/local/apr/lib/libapr-1.so.0 (0x7ff2acf38000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x7ff2acd1b000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7ff2ac951000) libexpat.so.0 => /usr/local/apr/lib/libexpat.so.0 (0x7ff2ac729000) libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x7ff2ac4f1000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7ff2ac2ed000) /lib64/ld-linux-x86-64.so.2 (0x7ff2ad5ae000) Any comment on what I'm doing wrong? And How can I fix it? Regards, Shariful Alam