You need to build OpenLDAP against the OpenSSL in use (this is also true of
curl for mod_md.) Every bit including APR-util are all going to need to
agree on the flavor of OpenSSL in use.
On Fri, May 3, 2019, 14:12 ken edward wrote:
> Hello,
>
> I successfully built a FIPS openssl based mod_ssl for Apache 2.4.39.
> Everything works great via SSL when I boot Apache, EXCEPT when I then
> turn on mod_ldap/mod_authnz_ldap, THEN I get the below openssl library
> version mismatch. The SSL will still work, but it display the below
> warning.
>
> I tried to rebuild apr-util with openssl +ldap and integrate with the
> apache build but same issues... any ideas???
>
>
> LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
> LoadModule ldap_module modules/mod_ldap.so
>
> [Fri May 03 14:59:56.611785 2019] [ssl:warn] [pid 5119] AH01882: Init:
> this version of mod_ssl was compiled against a newer library (OpenSSL
> 1.0.2r 26 Feb 2019, version currently loaded is OpenSSL 1.0.0-fips 29
> Mar 2010) - may result in undefined or
> erroneous behavior
> [Fri May 03 14:59:56.661788 2019] [ssl:notice] [pid 5119] AH01884:
> Operating in SSL FIPS mode
> [Fri May 03 14:59:56.690429 2019] [ssl:warn] [pid 5120] AH01882: Init:
> this version of mod_ssl was compiled against a newer library (OpenSSL
> 1.0.2r 26 Feb 2019, version currently loaded is OpenSSL 1.0.0-fips 29
> Mar 2010) - may result in undefined or
> erroneous behavior
> [Fri May 03 14:59:56.739818 2019] [ssl:notice] [pid 5120] AH01884:
> Operating in SSL FIPS mode
> [Fri May 03 14:59:56.744802 2019] [mpm_prefork:notice] [pid 5120]
> AH00163: Apache/2.4.39 (Unix) OpenSSL/1.0.0-fips configured --
> resuming normal operations
>
>
> BUILT APR-UTIL:
> ./configure -prefix=/u01/tomcat/scm2/apr-util-1.6.1
> --with-apr=/u01/tomcat/scm2/apr-1.6.5 --with-ldap --with-crypto
> --with-openssl=/u01/tomcat/scm2/openssl-1.0.2r
> LDFLAGS=-L/u01/tomcat/scm2/openssl-fips-2.0.16/lib
> -L/u01/tomcat/scm2/openssl-1.0.2
> r/lib
>
> BUILT httpd apache 2.4.39
> ./configure --prefix=/u01/tomcat/scm2/apache2.4.39kerb2
> --with-ssl=/u01/tomcat/scm2/openssl-1.0.2r --with-mpm=prefork
> --with-ldap --with-apr=/u01/tomcat/scm2/apr-1.6.5
> --with-apr-util=/u01/tomcat/scm2/apr-util-1.6.1 --enable-ssl
> --enable-dav --en
> able-dav-fs --enable-dav-lock --enable-authnz-ldap --enable-ldap
> -enable-headers CPPFLAGS=-DHAVE_FIPS
> LDFLAGS=-L/u01/tomcat/scm2/openssl-fips-2.0.16/lib
> -L/u01/tomcat/scm2/openssl-1.0.2r/lib
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>