[openssl-users] Cannot find SSL_CTX_get0_param in libssl library

[Mohit Batra]

Hello All,


I am trying to compile / install a utility from Source on CentOS that
utilizes OpenSSL 1.1.0 (latest version) . However, I get the following
error:


*configure: WARNING: Cannot find SSL_CTX_get0_param in libssl library. TLS
hostname verification will not be available.*

Kindly help me out on this error.


Thanks & Regards,
Mohit Batra
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Cannot find SSL_CTX_get0_param in libssl library

[Salz, Rich via openssl-users]

> I am trying to compile / install a utility from Source on CentOS that 
> utilizes OpenSSL 1.1.0 (latest version) . However, I get the following error: 
> configure: WARNING: Cannot find SSL_CTX_get0_param in libssl library. TLS 
> hostname verification will not be available.

Most likely, the utility you are trying to build is looking at the 
system-installed OpenSSL libraries.

You have to install OpenSSL 1.1.0 and use those pathnames when you 
build/configure the utility.

--  
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Cannot find SSL_CTX_get0_param in libssl library

[Blumenthal, Uri - 0553 - MITLL]

I concur with Rich. CentOS is known for having outdated packages.

Regards,
Uri

Sent from my iPhone

On May 28, 2017, at 16:43, Salz, Rich via openssl-users 
 wrote:

>> I am trying to compile / install a utility from Source on CentOS that 
>> utilizes OpenSSL 1.1.0 (latest version) . However, I get the following 
>> error: 
>> configure: WARNING: Cannot find SSL_CTX_get0_param in libssl library. TLS 
>> hostname verification will not be available.
> 
> Most likely, the utility you are trying to build is looking at the 
> system-installed OpenSSL libraries.
> 
> You have to install OpenSSL 1.1.0 and use those pathnames when you 
> build/configure the utility.
> 
> --  
> Senior Architect, Akamai Technologies
> Member, OpenSSL Dev Team
> IM: richs...@jabber.at Twitter: RichSalz
> 
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


smime.p7s
Description: S/MIME cryptographic signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Cannot find SSL_CTX_get0_param in libssl library

[Jeffrey Walton]

On Sun, May 28, 2017 at 2:59 AM, Mohit Batra  wrote:
> Hello All,
>
> I am trying to compile / install a utility from Source on CentOS that
> utilizes OpenSSL 1.1.0 (latest version) . However, I get the following
> error:
>
> configure: WARNING: Cannot find SSL_CTX_get0_param in libssl library. TLS
> hostname verification will not be available.
>
> Kindly help me out on this error.

When you build OpenSSL and your program, use an RPATH. Also see
https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs
.

We still don't know what use case is being represented by omitting the
RPATH in the OpenSSL build. Building OpenSSL with new library, but
runtime link to old library after installation makes no sense to most
users.

You can probably do it using LD_LIBRARY_PATH, but RPATHs are easier.

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Build from source; library not found?

[Jeffrey Walton]

On Sun, May 28, 2017 at 5:16 PM, Hiran Chaudhuri
 wrote:
> It seems I misread the referenced documentation the first time.
>
> This stuff contains the answer, it just was not clear to me that also works
> on Linux.
> https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs.
>
> With that, the libraries have run paths that show the correct target
> directories. Thanks to all for the hint.

Arg... I consider confusing text a documentation bug.

Is this better:
https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs
?

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Build from source; library not found?

[Hiran Chaudhuri]

Quick reaction, I am impressed.

The part that triggered my wrong thoughts was the first sentence:
"RPATH's are supported by default on the BSD platforms, but not others."

It seemed platforms other than BSD will not get RPATH unless I take action. 
With that in mind I somehow understood I need to patch the config or configure 
scripts to get along.

Maybe it should read something like "on BSD the run paths are automatically 
set. For other platforms, add these parameters to your configure line...

Hiran

Am 28. Mai 2017 23:27:27 MESZ schrieb Jeffrey Walton :
>On Sun, May 28, 2017 at 5:16 PM, Hiran Chaudhuri
> wrote:
>> It seems I misread the referenced documentation the first time.
>>
>> This stuff contains the answer, it just was not clear to me that also
>works
>> on Linux.
>>
>https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs.
>>
>> With that, the libraries have run paths that show the correct target
>> directories. Thanks to all for the hint.
>
>Arg... I consider confusing text a documentation bug.
>
>Is this better:
>https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs
>?
>
>Jeff
>-- 
>openssl-users mailing list
>To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Build from source; library not found?

[Hiran Chaudhuri]

It seems I misread the referenced documentation the first time.
   This stuff contains the answer, it just was not clear to me that also works 
on Linux. 
https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs.   
With that, the libraries have run paths that show the correct target 
directories. Thanks to all for the hint.   Hiran 

 Am 23-May-2017 22:26:38 +0200 schrieb hiran.chaudh...@mail.de: 

Hello Victor. 

So you manage to build OpenSSL with rpaths. Would you like to let me know how 
this can be achieved? Is CFLAGS the only change required? (from the 
documentation mentioned earlier it seems I would have to modify the configure 
script). 

Hiran 

 Am 21-May-2017 06:51:55 +0200 schrieb openssl-us...@dukhovni.org: 

 > On May 20, 2017, at 8:52 PM, Richard Levitte  wrote:
 > 
 > Err, it is correct insofar that it is how OpenSSL 1.0.2{x} is built.

 Perhaps by default, I routinely do builds of OpenSSL 1.0.2 in which
 the library rpaths are set.

 > It's possible it SHOULD be built differently, but that's a different
 > story. Here, the question was what's actually done.

 The choice of additional CFLAGS is up to the user.

 -- 
 Viktor.

 -- 
 openssl-users mailing list
 To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Cannot find SSL_CTX_get0_param in libssl library

[Salz, Rich via openssl-users]

> The openssl program will use the wrong libssl.so and libcrypto.so.

Yes, got it.

But that's small potatoes compared to everyone else finding the wrong shared 
library, and just saying "use rpath" doesn't help all those others.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Cannot find SSL_CTX_get0_param in libssl library

[Jeffrey Walton]

On Sun, May 28, 2017 at 5:25 PM, Salz, Rich  wrote:
>> We still don't know what use case is being represented by omitting the
>> RPATH in the OpenSSL build.
>
> Because only one program, apps/openssl, presumably needs rpath.  But that 
> doesn't solve the problem for *external applications* that need to find 
> OpenSSL in a different place, does it?
>

Without RPATH's (or some other mechanism, like making openssl a script
that sets LD_LIBRARY_PATH), libssl.so will use the wrong libcrypto.so.
The openssl program will use the wrong libssl.so and libcrypto.so.

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OpenSSL and RPATH's (was: Cannot find SSL_CTX_get0_param in libssl library)

[Jeffrey Walton]

On Sun, May 28, 2017 at 5:31 PM, Salz, Rich  wrote:
>> The openssl program will use the wrong libssl.so and libcrypto.so.
>
> Yes, got it.
>
> But that's small potatoes compared to everyone else finding the wrong shared 
> library, and just saying "use rpath" doesn't help all those others.

OK, thanks.

So what are the problems here that need to be addressed? I think I
know some of them:

 1. Build OpenSSL with an RPATH if installed in non-system location
 2. Build user program with an RPATH if OpenSSL installed in non-system location
 3. Use another mechanism when Linux RATH not available (OS X, Solaris, friends)
 4. External build tools like Autotools and Cmake

Are there others?

OpenSSL build system should fix problem (1), like it does with BSDs.
The project should lead by example.

For (2) and (3), I think the best that can be done is (a) lead by
example as in (1); (b) ensure things like libcrypto.pc and libssl.pc
are up-to-date; and and (c) educate users. I realize the problems with
(c). If RTFM was going to work, then it would have happens in the last
50 years or so.

There's not much you can do with(4). They pick shitty flags, and they
are always going to be a problem. I advise *not* to build OpenSSL with
them, but Fan Boi's will still flock to them.

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Cannot find SSL_CTX_get0_param in libssl library

[Salz, Rich via openssl-users]

> We still don't know what use case is being represented by omitting the
> RPATH in the OpenSSL build.

Because only one program, apps/openssl, presumably needs rpath.  But that 
doesn't solve the problem for *external applications* that need to find OpenSSL 
in a different place, does it?


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users