[openssl-users] Cannot find SSL_CTX_get0_param in libssl library
Hello All, I am trying to compile / install a utility from Source on CentOS that utilizes OpenSSL 1.1.0 (latest version) . However, I get the following error: *configure: WARNING: Cannot find SSL_CTX_get0_param in libssl library. TLS hostname verification will not be available.* Kindly help me out on this error. Thanks & Regards, Mohit Batra -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Cannot find SSL_CTX_get0_param in libssl library
> I am trying to compile / install a utility from Source on CentOS that > utilizes OpenSSL 1.1.0 (latest version) . However, I get the following error: > configure: WARNING: Cannot find SSL_CTX_get0_param in libssl library. TLS > hostname verification will not be available. Most likely, the utility you are trying to build is looking at the system-installed OpenSSL libraries. You have to install OpenSSL 1.1.0 and use those pathnames when you build/configure the utility. -- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richs...@jabber.at Twitter: RichSalz -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Cannot find SSL_CTX_get0_param in libssl library
I concur with Rich. CentOS is known for having outdated packages. Regards, Uri Sent from my iPhone On May 28, 2017, at 16:43, Salz, Rich via openssl-userswrote: >> I am trying to compile / install a utility from Source on CentOS that >> utilizes OpenSSL 1.1.0 (latest version) . However, I get the following >> error: >> configure: WARNING: Cannot find SSL_CTX_get0_param in libssl library. TLS >> hostname verification will not be available. > > Most likely, the utility you are trying to build is looking at the > system-installed OpenSSL libraries. > > You have to install OpenSSL 1.1.0 and use those pathnames when you > build/configure the utility. > > -- > Senior Architect, Akamai Technologies > Member, OpenSSL Dev Team > IM: richs...@jabber.at Twitter: RichSalz > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users smime.p7s Description: S/MIME cryptographic signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Cannot find SSL_CTX_get0_param in libssl library
On Sun, May 28, 2017 at 2:59 AM, Mohit Batrawrote: > Hello All, > > I am trying to compile / install a utility from Source on CentOS that > utilizes OpenSSL 1.1.0 (latest version) . However, I get the following > error: > > configure: WARNING: Cannot find SSL_CTX_get0_param in libssl library. TLS > hostname verification will not be available. > > Kindly help me out on this error. When you build OpenSSL and your program, use an RPATH. Also see https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs . We still don't know what use case is being represented by omitting the RPATH in the OpenSSL build. Building OpenSSL with new library, but runtime link to old library after installation makes no sense to most users. You can probably do it using LD_LIBRARY_PATH, but RPATHs are easier. Jeff -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Build from source; library not found?
On Sun, May 28, 2017 at 5:16 PM, Hiran Chaudhuriwrote: > It seems I misread the referenced documentation the first time. > > This stuff contains the answer, it just was not clear to me that also works > on Linux. > https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs. > > With that, the libraries have run paths that show the correct target > directories. Thanks to all for the hint. Arg... I consider confusing text a documentation bug. Is this better: https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs ? Jeff -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Build from source; library not found?
Quick reaction, I am impressed. The part that triggered my wrong thoughts was the first sentence: "RPATH's are supported by default on the BSD platforms, but not others." It seemed platforms other than BSD will not get RPATH unless I take action. With that in mind I somehow understood I need to patch the config or configure scripts to get along. Maybe it should read something like "on BSD the run paths are automatically set. For other platforms, add these parameters to your configure line... Hiran Am 28. Mai 2017 23:27:27 MESZ schrieb Jeffrey Walton: >On Sun, May 28, 2017 at 5:16 PM, Hiran Chaudhuri > wrote: >> It seems I misread the referenced documentation the first time. >> >> This stuff contains the answer, it just was not clear to me that also >works >> on Linux. >> >https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs. >> >> With that, the libraries have run paths that show the correct target >> directories. Thanks to all for the hint. > >Arg... I consider confusing text a documentation bug. > >Is this better: >https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs >? > >Jeff >-- >openssl-users mailing list >To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Build from source; library not found?
It seems I misread the referenced documentation the first time. This stuff contains the answer, it just was not clear to me that also works on Linux. https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs. With that, the libraries have run paths that show the correct target directories. Thanks to all for the hint. Hiran Am 23-May-2017 22:26:38 +0200 schrieb hiran.chaudh...@mail.de: Hello Victor. So you manage to build OpenSSL with rpaths. Would you like to let me know how this can be achieved? Is CFLAGS the only change required? (from the documentation mentioned earlier it seems I would have to modify the configure script). Hiran Am 21-May-2017 06:51:55 +0200 schrieb openssl-us...@dukhovni.org: > On May 20, 2017, at 8:52 PM, Richard Levitte wrote: > > Err, it is correct insofar that it is how OpenSSL 1.0.2{x} is built. Perhaps by default, I routinely do builds of OpenSSL 1.0.2 in which the library rpaths are set. > It's possible it SHOULD be built differently, but that's a different > story. Here, the question was what's actually done. The choice of additional CFLAGS is up to the user. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Cannot find SSL_CTX_get0_param in libssl library
> The openssl program will use the wrong libssl.so and libcrypto.so. Yes, got it. But that's small potatoes compared to everyone else finding the wrong shared library, and just saying "use rpath" doesn't help all those others. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Cannot find SSL_CTX_get0_param in libssl library
On Sun, May 28, 2017 at 5:25 PM, Salz, Richwrote: >> We still don't know what use case is being represented by omitting the >> RPATH in the OpenSSL build. > > Because only one program, apps/openssl, presumably needs rpath. But that > doesn't solve the problem for *external applications* that need to find > OpenSSL in a different place, does it? > Without RPATH's (or some other mechanism, like making openssl a script that sets LD_LIBRARY_PATH), libssl.so will use the wrong libcrypto.so. The openssl program will use the wrong libssl.so and libcrypto.so. Jeff -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] OpenSSL and RPATH's (was: Cannot find SSL_CTX_get0_param in libssl library)
On Sun, May 28, 2017 at 5:31 PM, Salz, Richwrote: >> The openssl program will use the wrong libssl.so and libcrypto.so. > > Yes, got it. > > But that's small potatoes compared to everyone else finding the wrong shared > library, and just saying "use rpath" doesn't help all those others. OK, thanks. So what are the problems here that need to be addressed? I think I know some of them: 1. Build OpenSSL with an RPATH if installed in non-system location 2. Build user program with an RPATH if OpenSSL installed in non-system location 3. Use another mechanism when Linux RATH not available (OS X, Solaris, friends) 4. External build tools like Autotools and Cmake Are there others? OpenSSL build system should fix problem (1), like it does with BSDs. The project should lead by example. For (2) and (3), I think the best that can be done is (a) lead by example as in (1); (b) ensure things like libcrypto.pc and libssl.pc are up-to-date; and and (c) educate users. I realize the problems with (c). If RTFM was going to work, then it would have happens in the last 50 years or so. There's not much you can do with(4). They pick shitty flags, and they are always going to be a problem. I advise *not* to build OpenSSL with them, but Fan Boi's will still flock to them. Jeff -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Cannot find SSL_CTX_get0_param in libssl library
> We still don't know what use case is being represented by omitting the > RPATH in the OpenSSL build. Because only one program, apps/openssl, presumably needs rpath. But that doesn't solve the problem for *external applications* that need to find OpenSSL in a different place, does it? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users