On Mon, Dec 2, 2013 at 1:05 PM, Igor Cicimov <[email protected]> wrote:
> > On Mon, Dec 2, 2013 at 8:49 AM, Srinivasa Rao Katta > <[email protected]>wrote: > >> Igor, >> >> Please try to install gcc for 4.7.2 version and put gcc in the path >> before old gcc,old gcc is under /usr/local/bin and new gcc 4.7.2 will be >> installed under /usr/local/gcc-4.7.2 and update your profile file >> /etc/profile for /usr/local/gcc-4.7.2/bin. >> >> stil you getting the error,please keep only following libs under >> /usr/local/ssl/lib and please check for libs libcrypto.so and libssl.so in >> the lib folders and move these libs to backup folder. >> >> Please keep following 2 libs only in the /usr/local/ssl/lib; >> >> libcrypto.a >> libssl.a >> >> and please move other libs from /usr/local/ssl/lib to some backup folder. >> >> now run,configure and make and look for compilation errors. >> >> thats it. >> >> please let me know,If You have any questions or concerns. >> >> Thanks, >> Srinivas >> >> >> >> >> Srinivasa Rao Katta(System Administrator), >> [email protected], >> <[email protected]> >> >> >> >> ------------------------------ >> Date: Sun, 1 Dec 2013 07:27:42 -0500 >> From: [email protected] >> To: [email protected] >> Subject: Re: [users@httpd] Compile apache 2.2.26 with openssl1.0.1e >> failing >> >> >> On Sat, Nov 30, 2013 at 9:38 PM, Igor Cicimov <[email protected]> wrote: >> >> >> >> >> On Sun, Dec 1, 2013 at 2:29 AM, Jeff Trawick <[email protected]> wrote: >> >> On Sat, Nov 30, 2013 at 4:20 AM, Igor Cicimov <[email protected]> wrote: >> >> Hi all, >> >> Im trying to build apache2.2.26 on CentOS5.10 final x86_64, linked to >> openssl1.0.1e which is also compiled and installed from source under >> /usr/loca/lib64: >> >> $ ls -l /usr/local/lib64/ >> total 7060 >> drwxr-xr-x 2 root root 4096 Nov 30 18:50 engines >> -rw-r--r-- 1 root root 3858348 Nov 30 18:50 libcrypto.a >> lrwxrwxrwx 1 root root 18 Nov 30 18:50 libcrypto.so -> >> libcrypto.so.1.0.0 >> -r-xr-xr-x 1 root root 2145661 Nov 30 18:50 libcrypto.so.1.0.0 >> -rw-r--r-- 1 root root 729426 Nov 30 18:50 libssl.a >> lrwxrwxrwx 1 root root 15 Nov 30 18:50 libssl.so -> libssl.so.1.0.0 >> -r-xr-xr-x 1 root root 463549 Nov 30 18:50 libssl.so.1.0.0 >> drwxr-xr-x 2 root root 4096 Nov 30 01:21 pkgconfig >> >> I've used the following process to compile openssl1.0.1e: >> >> $ ./Configure --prefix=/usr/local --openssldir=/usr/local/openssl >> enable-tlsext linux-x86_64 threads zlib enable-idea enable-rc5 enable-mdc2 >> enable-ec shared >> $ make depend >> $ make >> $ sudo make install >> >> $ openssl version >> OpenSSL 1.0.1e 11 Feb 2013 >> >> $ openssl s_client -connect smtp.gmail.com:25 -starttls smtp | grep >> Protocol >> depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA >> verify error:num=20:unable to get local issuer certificate >> verify return:0 >> 250 CHUNKING >> Protocol : TLSv1.2 >> >> $ openssl s_client -connect gmail.com:443 | grep Protocol >> depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA >> verify error:num=20:unable to get local issuer certificate >> verify return:0 >> Protocol : TLSv1.2 >> >> So as expected the client gets to use the TLSv1.2 protocol. I guess that >> means (maybe) openssl is good to go ... >> >> The relevant part of my apache configure command: >> >> $ ./configure LDFLAGS="-L/usr/local/lib64" --enable-ssl=shared >> --with-ssl=/usr/local/lib64 ..... >> >> with double attempt to point apache to the openssl libraries, but make is >> failing with following error: >> >> /home/igor.cicimov/httpd-2.2.26/srclib/apr/libtool --silent --mode=link >> gcc -g -O2 -pthread -L/usr/lib64 -L/usr/local/lib64/lib >> -L/usr/kerberos/lib64 -L/usr/local/lib64 -o ab ab.lo -lm >> /home/igor.cicimov/httpd-2.2.26/srclib/pcre/libpcre.la/home/igor.cicimov/httpd-2.2.26/srclib/apr-util/ >> libaprutil-1.la/home/igor.cicimov/httpd-2.2.26/srclib/apr-util/xml/expat/ >> libexpat.la /home/igor.cicimov/httpd-2.2.26/srclib/apr/libapr-1.la-luuid >> -lrt -lcrypt -lpthread -ldl -lssl -lcrypto -ldl -lz >> .libs/ab.o: In function `main': >> /home/igor.cicimov/httpd-2.2.26/support/ab.c:2241: undefined reference to >> `TLSv1_2_client_method' >> /home/igor.cicimov/httpd-2.2.26/support/ab.c:2239: undefined reference to >> `TLSv1_1_client_method' >> collect2: ld returned 1 exit status >> make[2]: *** [ab] Error 1 >> make[2]: Leaving directory `/home/igor.cicimov/httpd-2.2.26/support' >> make[1]: *** [all-recursive] Error 1 >> make[1]: Leaving directory `/home/igor.cicimov/httpd-2.2.26/support' >> make: *** [all-recursive] Error 1 >> >> This is not my first time I compile apache and openssl and have never >> seen this error about apache tools. What am I missing here? Any thoughts? >> >> >> I guess it is because of the order of the system library and your local >> library dir in the linker search path: >> >> libtool --mode=link ... -L/usr/lib64 -L/usr/local/lib64/lib ... >> >> >> Yeah but that kinda beats the purpose of "--with-ssl" switch when >> compiling apache. This should tell apache to look for the openssl libraries >> in that directory and nowhere else otherwise how are we going to be able to >> build apache against specific openssl version on systems that have multiple >> versions of it installed? >> >> >> understood... open a bug... >> >> >> >> Something is definitely wrong here, either apache does not behave as >> expected during compile time or I'm totally mistaken about the use of the >> "--with-ssl" option. >> >> Cheers, >> Igor >> >> >> >> >> -- >> Born in Roswell... married an alien... >> http://emptyhammock.com/ >> > > Srinivas, > > I don't think the problem here is about compiler version or openssl > install. It is about apache not picking up the ssl libraries from the right > spot it's been pointed to during the configuration phase. I have confirmed > this on two separate CentOS systems with CentOS-5.6 final and CentOS-5.10 > final. On both of them I get the same error: > > /home/igorc/httpd-2.2.26/srclib/apr/libtool --silent --mode=link gcc -g > -O2 -pthread * -L/usr/lib64 -L/opt/openssl/lib* -o ab ab.lo -lm > /home/igorc/httpd-2.2.26/srclib/pcre/libpcre.la/home/igorc/httpd-2.2.26/srclib/apr-util/ > libaprutil-1.la -lexpat /home/igorc/httpd-2.2.26/srclib/apr/libapr-1.la-luuid > -lrt -lcrypt -lpthread -ldl -lssl -lcrypto > .libs/ab.o: In function `main': > /home/igorc/httpd-2.2.26/support/ab.c:2241: undefined reference to > `TLSv1_2_client_method' > /home/igorc/httpd-2.2.26/support/ab.c:2239: undefined reference to > `TLSv1_1_client_method' > collect2: ld returned 1 exit status > make[2]: *** [ab] Error 1 > make[2]: Leaving directory `/home/igorc/httpd-2.2.26/support' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory `/home/igorc/httpd-2.2.26/support' > make: *** [all-recursive] Error 1 > > My assumption is that although I have pointed apache to /opt/openssl where > my custom build of openssl-1.0.1e is apache is not picking up the ssl > libraries from the right spot but from the /usr/lib64 instead. > > Some other possibilities are: > - a bug in libtool > - apache-2.2.26 has some issues with the openssl-1.0.1e libraries > > Anyway, I have opened a bug report so lets see what happens. More details > there. > > https://issues.apache.org/bugzilla/show_bug.cgi?id=55834 > > Cheers, > Igor > > > > Ok, the problem was right in front of my eyes but I couldn't see it. Here it is: */home/igorc/httpd-2.2.26/srclib/apr/libtool * It is the apache apr library, it obviously comes with hard coded paths in libtool. Duh! The solution, omit the "*--with-included-apr*" from your configure options to by-pass the STUPID apr that comes with apache and use the system provided one. Can't believe I lost so much time on this. Hope it helps someone else. This also means the bug is valid. Cheers, Igor
