OK Igor. Thanks for the information. Thanks, Srinivas
Srinivasa Rao Katta(System Administrator), skatt...@hotmail.com, Date: Mon, 2 Dec 2013 15:10:33 +1100 From: icici...@gmail.com To: users@httpd.apache.org Subject: Re: [users@httpd] Compile apache 2.2.26 with openssl1.0.1e failing On Mon, Dec 2, 2013 at 1:45 PM, Igor Cicimov <icici...@gmail.com> wrote: On Mon, Dec 2, 2013 at 1:05 PM, Igor Cicimov <icici...@gmail.com> wrote: On Mon, Dec 2, 2013 at 8:49 AM, Srinivasa Rao Katta <skatt...@hotmail.com> wrote: Igor, Please try to install gcc for 4.7.2 version and put gcc in the path before old gcc,old gcc is under /usr/local/bin and new gcc 4.7.2 will be installed under /usr/local/gcc-4.7.2 and update your profile file /etc/profile for /usr/local/gcc-4.7.2/bin. stil you getting the error,please keep only following libs under /usr/local/ssl/lib and please check for libs libcrypto.so and libssl.so in the lib folders and move these libs to backup folder. Please keep following 2 libs only in the /usr/local/ssl/lib; libcrypto.a libssl.a and please move other libs from /usr/local/ssl/lib to some backup folder. now run,configure and make and look for compilation errors. thats it. please let me know,If You have any questions or concerns. Thanks, Srinivas Srinivasa Rao Katta(System Administrator), skatt...@hotmail.com, Date: Sun, 1 Dec 2013 07:27:42 -0500 From: traw...@gmail.com To: users@httpd.apache.org Subject: Re: [users@httpd] Compile apache 2.2.26 with openssl1.0.1e failing On Sat, Nov 30, 2013 at 9:38 PM, Igor Cicimov <icici...@gmail.com> wrote: On Sun, Dec 1, 2013 at 2:29 AM, Jeff Trawick <traw...@gmail.com> wrote: On Sat, Nov 30, 2013 at 4:20 AM, Igor Cicimov <icici...@gmail.com> wrote: Hi all, Im trying to build apache2.2.26 on CentOS5.10 final x86_64, linked to openssl1.0.1e which is also compiled and installed from source under /usr/loca/lib64: $ ls -l /usr/local/lib64/total 7060drwxr-xr-x 2 root root 4096 Nov 30 18:50 engines-rw-r--r-- 1 root root 3858348 Nov 30 18:50 libcrypto.alrwxrwxrwx 1 root root 18 Nov 30 18:50 libcrypto.so -> libcrypto.so.1.0.0 -r-xr-xr-x 1 root root 2145661 Nov 30 18:50 libcrypto.so.1.0.0-rw-r--r-- 1 root root 729426 Nov 30 18:50 libssl.alrwxrwxrwx 1 root root 15 Nov 30 18:50 libssl.so -> libssl.so.1.0.0 -r-xr-xr-x 1 root root 463549 Nov 30 18:50 libssl.so.1.0.0drwxr-xr-x 2 root root 4096 Nov 30 01:21 pkgconfig I've used the following process to compile openssl1.0.1e: $ ./Configure --prefix=/usr/local --openssldir=/usr/local/openssl enable-tlsext linux-x86_64 threads zlib enable-idea enable-rc5 enable-mdc2 enable-ec shared$ make depend$ make $ sudo make install $ openssl versionOpenSSL 1.0.1e 11 Feb 2013 $ openssl s_client -connect smtp.gmail.com:25 -starttls smtp | grep Protocol depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CAverify error:num=20:unable to get local issuer certificateverify return:0250 CHUNKING Protocol : TLSv1.2 $ openssl s_client -connect gmail.com:443 | grep Protocoldepth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CAverify error:num=20:unable to get local issuer certificate verify return:0 Protocol : TLSv1.2 So as expected the client gets to use the TLSv1.2 protocol. I guess that means (maybe) openssl is good to go ... The relevant part of my apache configure command: $ ./configure LDFLAGS="-L/usr/local/lib64" --enable-ssl=shared --with-ssl=/usr/local/lib64 ..... with double attempt to point apache to the openssl libraries, but make is failing with following error: /home/igor.cicimov/httpd-2.2.26/srclib/apr/libtool --silent --mode=link gcc -g -O2 -pthread -L/usr/lib64 -L/usr/local/lib64/lib -L/usr/kerberos/lib64 -L/usr/local/lib64 -o ab ab.lo -lm /home/igor.cicimov/httpd-2.2.26/srclib/pcre/libpcre.la /home/igor.cicimov/httpd-2.2.26/srclib/apr-util/libaprutil-1.la /home/igor.cicimov/httpd-2.2.26/srclib/apr-util/xml/expat/libexpat.la /home/igor.cicimov/httpd-2.2.26/srclib/apr/libapr-1.la -luuid -lrt -lcrypt -lpthread -ldl -lssl -lcrypto -ldl -lz .libs/ab.o: In function `main':/home/igor.cicimov/httpd-2.2.26/support/ab.c:2241: undefined reference to `TLSv1_2_client_method'/home/igor.cicimov/httpd-2.2.26/support/ab.c:2239: undefined reference to `TLSv1_1_client_method' collect2: ld returned 1 exit statusmake[2]: *** [ab] Error 1make[2]: Leaving directory `/home/igor.cicimov/httpd-2.2.26/support'make[1]: *** [all-recursive] Error 1make[1]: Leaving directory `/home/igor.cicimov/httpd-2.2.26/support' make: *** [all-recursive] Error 1 This is not my first time I compile apache and openssl and have never seen this error about apache tools. What am I missing here? Any thoughts? I guess it is because of the order of the system library and your local library dir in the linker search path: libtool --mode=link ... -L/usr/lib64 -L/usr/local/lib64/lib ... Yeah but that kinda beats the purpose of "--with-ssl" switch when compiling apache. This should tell apache to look for the openssl libraries in that directory and nowhere else otherwise how are we going to be able to build apache against specific openssl version on systems that have multiple versions of it installed? understood... open a bug... Something is definitely wrong here, either apache does not behave as expected during compile time or I'm totally mistaken about the use of the "--with-ssl" option. Cheers,Igor -- Born in Roswell... married an alien... http://emptyhammock.com/ Srinivas, I don't think the problem here is about compiler version or openssl install. It is about apache not picking up the ssl libraries from the right spot it's been pointed to during the configuration phase. I have confirmed this on two separate CentOS systems with CentOS-5.6 final and CentOS-5.10 final. On both of them I get the same error: /home/igorc/httpd-2.2.26/srclib/apr/libtool --silent --mode=link gcc -g -O2 -pthread -L/usr/lib64 -L/opt/openssl/lib -o ab ab.lo -lm /home/igorc/httpd-2.2.26/srclib/pcre/libpcre.la /home/igorc/httpd-2.2.26/srclib/apr-util/libaprutil-1.la -lexpat /home/igorc/httpd-2.2.26/srclib/apr/libapr-1.la -luuid -lrt -lcrypt -lpthread -ldl -lssl -lcrypto .libs/ab.o: In function `main':/home/igorc/httpd-2.2.26/support/ab.c:2241: undefined reference to `TLSv1_2_client_method'/home/igorc/httpd-2.2.26/support/ab.c:2239: undefined reference to `TLSv1_1_client_method' collect2: ld returned 1 exit statusmake[2]: *** [ab] Error 1make[2]: Leaving directory `/home/igorc/httpd-2.2.26/support' make[1]: *** [all-recursive] Error 1make[1]: Leaving directory `/home/igorc/httpd-2.2.26/support'make: *** [all-recursive] Error 1 My assumption is that although I have pointed apache to /opt/openssl where my custom build of openssl-1.0.1e is apache is not picking up the ssl libraries from the right spot but from the /usr/lib64 instead. Some other possibilities are:- a bug in libtool- apache-2.2.26 has some issues with the openssl-1.0.1e libraries Anyway, I have opened a bug report so lets see what happens. More details there. https://issues.apache.org/bugzilla/show_bug.cgi?id=55834 Cheers,Igor Ok, the problem was right in front of my eyes but I couldn't see it. Here it is: /home/igorc/httpd-2.2.26/srclib/apr/libtool It is the apache apr library, it obviously comes with hard coded paths in libtool. Duh! The solution, omit the "--with-included-apr" from your configure options to by-pass the STUPID apr that comes with apache and use the system provided one. Can't believe I lost so much time on this. Hope it helps someone else. This also means the bug is valid. Cheers,Igor Just as confirmation, here it is up and running: [Mon Dec 02 15:08:27 2013] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)[Mon Dec 02 15:08:27 2013] [notice] Digest: generating secret for digest authentication ... [Mon Dec 02 15:08:27 2013] [notice] Digest: done[Mon Dec 02 15:08:28 2013] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)[Mon Dec 02 15:08:28 2013] [warn] pid file /usr/local/apache2-2.2.26/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run? [Mon Dec 02 15:08:28 2013] [notice] Apache/2.2.26 (Unix) DAV/2 mod_ssl/2.2.26 OpenSSL/1.0.1e configured -- resuming normal operations
