You need to build OpenLDAP against the OpenSSL in use (this is also true of curl for mod_md.) Every bit including APR-util are all going to need to agree on the flavor of OpenSSL in use.
On Fri, May 3, 2019, 14:12 ken edward <kedward...@gmail.com> wrote: > Hello, > > I successfully built a FIPS openssl based mod_ssl for Apache 2.4.39. > Everything works great via SSL when I boot Apache, EXCEPT when I then > turn on mod_ldap/mod_authnz_ldap, THEN I get the below openssl library > version mismatch. The SSL will still work, but it display the below > warning. > > I tried to rebuild apr-util with openssl +ldap and integrate with the > apache build but same issues... any ideas??? > > > LoadModule authnz_ldap_module modules/mod_authnz_ldap.so > LoadModule ldap_module modules/mod_ldap.so > > [Fri May 03 14:59:56.611785 2019] [ssl:warn] [pid 5119] AH01882: Init: > this version of mod_ssl was compiled against a newer library (OpenSSL > 1.0.2r 26 Feb 2019, version currently loaded is OpenSSL 1.0.0-fips 29 > Mar 2010) - may result in undefined or > erroneous behavior > [Fri May 03 14:59:56.661788 2019] [ssl:notice] [pid 5119] AH01884: > Operating in SSL FIPS mode > [Fri May 03 14:59:56.690429 2019] [ssl:warn] [pid 5120] AH01882: Init: > this version of mod_ssl was compiled against a newer library (OpenSSL > 1.0.2r 26 Feb 2019, version currently loaded is OpenSSL 1.0.0-fips 29 > Mar 2010) - may result in undefined or > erroneous behavior > [Fri May 03 14:59:56.739818 2019] [ssl:notice] [pid 5120] AH01884: > Operating in SSL FIPS mode > [Fri May 03 14:59:56.744802 2019] [mpm_prefork:notice] [pid 5120] > AH00163: Apache/2.4.39 (Unix) OpenSSL/1.0.0-fips configured -- > resuming normal operations > > > BUILT APR-UTIL: > ./configure -prefix=/u01/tomcat/scm2/apr-util-1.6.1 > --with-apr=/u01/tomcat/scm2/apr-1.6.5 --with-ldap --with-crypto > --with-openssl=/u01/tomcat/scm2/openssl-1.0.2r > LDFLAGS=-L/u01/tomcat/scm2/openssl-fips-2.0.16/lib > -L/u01/tomcat/scm2/openssl-1.0.2 > r/lib > > BUILT httpd apache 2.4.39 > ./configure --prefix=/u01/tomcat/scm2/apache2.4.39kerb2 > --with-ssl=/u01/tomcat/scm2/openssl-1.0.2r --with-mpm=prefork > --with-ldap --with-apr=/u01/tomcat/scm2/apr-1.6.5 > --with-apr-util=/u01/tomcat/scm2/apr-util-1.6.1 --enable-ssl > --enable-dav --en > able-dav-fs --enable-dav-lock --enable-authnz-ldap --enable-ldap > -enable-headers CPPFLAGS=-DHAVE_FIPS > LDFLAGS=-L/u01/tomcat/scm2/openssl-fips-2.0.16/lib > -L/u01/tomcat/scm2/openssl-1.0.2r/lib > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
