On Mon, Dec 2, 2013 at 1:45 PM, Igor Cicimov <[email protected]> wrote:
> > On Mon, Dec 2, 2013 at 1:05 PM, Igor Cicimov <[email protected]> wrote: > >> >> On Mon, Dec 2, 2013 at 8:49 AM, Srinivasa Rao Katta <[email protected] >> > wrote: >> >>> Igor, >>> >>> Please try to install gcc for 4.7.2 version and put gcc in the path >>> before old gcc,old gcc is under /usr/local/bin and new gcc 4.7.2 will be >>> installed under /usr/local/gcc-4.7.2 and update your profile file >>> /etc/profile for /usr/local/gcc-4.7.2/bin. >>> >>> stil you getting the error,please keep only following libs under >>> /usr/local/ssl/lib and please check for libs libcrypto.so and libssl.so in >>> the lib folders and move these libs to backup folder. >>> >>> Please keep following 2 libs only in the /usr/local/ssl/lib; >>> >>> libcrypto.a >>> libssl.a >>> >>> and please move other libs from /usr/local/ssl/lib to some backup folder. >>> >>> now run,configure and make and look for compilation errors. >>> >>> thats it. >>> >>> please let me know,If You have any questions or concerns. >>> >>> Thanks, >>> Srinivas >>> >>> >>> >>> >>> Srinivasa Rao Katta(System Administrator), >>> [email protected], >>> <[email protected]> >>> >>> >>> >>> ------------------------------ >>> Date: Sun, 1 Dec 2013 07:27:42 -0500 >>> From: [email protected] >>> To: [email protected] >>> Subject: Re: [users@httpd] Compile apache 2.2.26 with openssl1.0.1e >>> failing >>> >>> >>> On Sat, Nov 30, 2013 at 9:38 PM, Igor Cicimov <[email protected]>wrote: >>> >>> >>> >>> >>> On Sun, Dec 1, 2013 at 2:29 AM, Jeff Trawick <[email protected]> wrote: >>> >>> On Sat, Nov 30, 2013 at 4:20 AM, Igor Cicimov <[email protected]>wrote: >>> >>> Hi all, >>> >>> Im trying to build apache2.2.26 on CentOS5.10 final x86_64, linked to >>> openssl1.0.1e which is also compiled and installed from source under >>> /usr/loca/lib64: >>> >>> $ ls -l /usr/local/lib64/ >>> total 7060 >>> drwxr-xr-x 2 root root 4096 Nov 30 18:50 engines >>> -rw-r--r-- 1 root root 3858348 Nov 30 18:50 libcrypto.a >>> lrwxrwxrwx 1 root root 18 Nov 30 18:50 libcrypto.so -> >>> libcrypto.so.1.0.0 >>> -r-xr-xr-x 1 root root 2145661 Nov 30 18:50 libcrypto.so.1.0.0 >>> -rw-r--r-- 1 root root 729426 Nov 30 18:50 libssl.a >>> lrwxrwxrwx 1 root root 15 Nov 30 18:50 libssl.so -> libssl.so.1.0.0 >>> -r-xr-xr-x 1 root root 463549 Nov 30 18:50 libssl.so.1.0.0 >>> drwxr-xr-x 2 root root 4096 Nov 30 01:21 pkgconfig >>> >>> I've used the following process to compile openssl1.0.1e: >>> >>> $ ./Configure --prefix=/usr/local --openssldir=/usr/local/openssl >>> enable-tlsext linux-x86_64 threads zlib enable-idea enable-rc5 enable-mdc2 >>> enable-ec shared >>> $ make depend >>> $ make >>> $ sudo make install >>> >>> $ openssl version >>> OpenSSL 1.0.1e 11 Feb 2013 >>> >>> $ openssl s_client -connect smtp.gmail.com:25 -starttls smtp | grep >>> Protocol >>> depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA >>> verify error:num=20:unable to get local issuer certificate >>> verify return:0 >>> 250 CHUNKING >>> Protocol : TLSv1.2 >>> >>> $ openssl s_client -connect gmail.com:443 | grep Protocol >>> depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA >>> verify error:num=20:unable to get local issuer certificate >>> verify return:0 >>> Protocol : TLSv1.2 >>> >>> So as expected the client gets to use the TLSv1.2 protocol. I guess that >>> means (maybe) openssl is good to go ... >>> >>> The relevant part of my apache configure command: >>> >>> $ ./configure LDFLAGS="-L/usr/local/lib64" --enable-ssl=shared >>> --with-ssl=/usr/local/lib64 ..... >>> >>> with double attempt to point apache to the openssl libraries, but make >>> is failing with following error: >>> >>> /home/igor.cicimov/httpd-2.2.26/srclib/apr/libtool --silent --mode=link >>> gcc -g -O2 -pthread -L/usr/lib64 -L/usr/local/lib64/lib >>> -L/usr/kerberos/lib64 -L/usr/local/lib64 -o ab ab.lo -lm >>> /home/igor.cicimov/httpd-2.2.26/srclib/pcre/libpcre.la/home/igor.cicimov/httpd-2.2.26/srclib/apr-util/ >>> libaprutil-1.la/home/igor.cicimov/httpd-2.2.26/srclib/apr-util/xml/expat/ >>> libexpat.la /home/igor.cicimov/httpd-2.2.26/srclib/apr/libapr-1.la-luuid >>> -lrt -lcrypt -lpthread -ldl -lssl -lcrypto -ldl -lz >>> .libs/ab.o: In function `main': >>> /home/igor.cicimov/httpd-2.2.26/support/ab.c:2241: undefined reference >>> to `TLSv1_2_client_method' >>> /home/igor.cicimov/httpd-2.2.26/support/ab.c:2239: undefined reference >>> to `TLSv1_1_client_method' >>> collect2: ld returned 1 exit status >>> make[2]: *** [ab] Error 1 >>> make[2]: Leaving directory `/home/igor.cicimov/httpd-2.2.26/support' >>> make[1]: *** [all-recursive] Error 1 >>> make[1]: Leaving directory `/home/igor.cicimov/httpd-2.2.26/support' >>> make: *** [all-recursive] Error 1 >>> >>> This is not my first time I compile apache and openssl and have never >>> seen this error about apache tools. What am I missing here? Any thoughts? >>> >>> >>> I guess it is because of the order of the system library and your local >>> library dir in the linker search path: >>> >>> libtool --mode=link ... -L/usr/lib64 -L/usr/local/lib64/lib ... >>> >>> >>> Yeah but that kinda beats the purpose of "--with-ssl" switch when >>> compiling apache. This should tell apache to look for the openssl libraries >>> in that directory and nowhere else otherwise how are we going to be able to >>> build apache against specific openssl version on systems that have multiple >>> versions of it installed? >>> >>> >>> understood... open a bug... >>> >>> >>> >>> Something is definitely wrong here, either apache does not behave as >>> expected during compile time or I'm totally mistaken about the use of the >>> "--with-ssl" option. >>> >>> Cheers, >>> Igor >>> >>> >>> >>> >>> -- >>> Born in Roswell... married an alien... >>> http://emptyhammock.com/ >>> >> >> Srinivas, >> >> I don't think the problem here is about compiler version or openssl >> install. It is about apache not picking up the ssl libraries from the right >> spot it's been pointed to during the configuration phase. I have confirmed >> this on two separate CentOS systems with CentOS-5.6 final and CentOS-5.10 >> final. On both of them I get the same error: >> >> /home/igorc/httpd-2.2.26/srclib/apr/libtool --silent --mode=link gcc -g >> -O2 -pthread * -L/usr/lib64 -L/opt/openssl/lib* -o ab ab.lo -lm >> /home/igorc/httpd-2.2.26/srclib/pcre/libpcre.la/home/igorc/httpd-2.2.26/srclib/apr-util/ >> libaprutil-1.la -lexpat >> /home/igorc/httpd-2.2.26/srclib/apr/libapr-1.la-luuid -lrt -lcrypt -lpthread >> -ldl -lssl -lcrypto >> .libs/ab.o: In function `main': >> /home/igorc/httpd-2.2.26/support/ab.c:2241: undefined reference to >> `TLSv1_2_client_method' >> /home/igorc/httpd-2.2.26/support/ab.c:2239: undefined reference to >> `TLSv1_1_client_method' >> collect2: ld returned 1 exit status >> make[2]: *** [ab] Error 1 >> make[2]: Leaving directory `/home/igorc/httpd-2.2.26/support' >> make[1]: *** [all-recursive] Error 1 >> make[1]: Leaving directory `/home/igorc/httpd-2.2.26/support' >> make: *** [all-recursive] Error 1 >> >> My assumption is that although I have pointed apache to /opt/openssl >> where my custom build of openssl-1.0.1e is apache is not picking up the ssl >> libraries from the right spot but from the /usr/lib64 instead. >> >> Some other possibilities are: >> - a bug in libtool >> - apache-2.2.26 has some issues with the openssl-1.0.1e libraries >> >> Anyway, I have opened a bug report so lets see what happens. More details >> there. >> >> https://issues.apache.org/bugzilla/show_bug.cgi?id=55834 >> >> Cheers, >> Igor >> >> >> >> > Ok, the problem was right in front of my eyes but I couldn't see it. Here > it is: > > */home/igorc/httpd-2.2.26/srclib/apr/libtool * > > It is the apache apr library, it obviously comes with hard coded paths in > libtool. Duh! > > The solution, omit the "*--with-included-apr*" from your configure > options to by-pass the STUPID apr that comes with apache and use the system > provided one. > > Can't believe I lost so much time on this. Hope it helps someone else. > > This also means the bug is valid. > > Cheers, > Igor > > Just as confirmation, here it is up and running: [Mon Dec 02 15:08:27 2013] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Mon Dec 02 15:08:27 2013] [notice] Digest: generating secret for digest authentication ... [Mon Dec 02 15:08:27 2013] [notice] Digest: done [Mon Dec 02 15:08:28 2013] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Mon Dec 02 15:08:28 2013] [warn] pid file /usr/local/apache2-2.2.26/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run? [Mon Dec 02 15:08:28 2013] [notice] Apache/2.2.26 (Unix) DAV/2 mod_ssl/2.2.26 OpenSSL/1.0.1e configured -- resuming normal operations
