Re: 2.4.8 This Month

Wed, 19 Feb 2014 16:11:07 -0800 

On 19/02/2014 23:54, Tom Browder wrote:
> On Wed, Feb 19, 2014 at 11:21 AM, Tom Browder <tom.brow...@gmail.com> wrote:
>> On Wed, Feb 19, 2014 at 10:53 AM, Dr Stephen Henson
>> <shen...@opensslfoundation.com> wrote:
>>> On 19/02/2014 15:08, Tom Browder wrote:
>>>> I configured httpd-2.4.7 successfully to use mod_ssl:
>>>>
>>>>   ...
>>> That could be user error. The path /usr/local/ssl/fips-2.0 is the default
>>> install location of the FIPS module which isn't a complete version of 
>>> OpenSSL.
>>> It should point to the location the FIPS capable OpenSSL is installed 
>>> instead.
>>
>> Hm, I thought I tried that but I'll recheck and configure with:
>>
>>   --with-ssl=/usr/local/ssl
> 
> Bummer!
> 
> When I did that, I get this:
> 
> checking for OpenSSL... checking for user-provided OpenSSL base
> directory... /usr/local/ssl
>   adding "-I/usr/local/ssl/include" to CPPFLAGS
>   setting MOD_CFLAGS to "-I/usr/local/ssl/include"
>   setting ab_CFLAGS to "-I/usr/local/ssl/include"
>   adding "-L/usr/local/ssl/lib" to LDFLAGS
>   setting MOD_LDFLAGS to "-L/usr/local/ssl/lib"
> checking for OpenSSL version >= 0.9.7... OK
>   adding "-lssl" to MOD_LDFLAGS
>   adding "-lcrypto" to MOD_LDFLAGS
>   adding "-lrt" to MOD_LDFLAGS
>   adding "-lcrypt" to MOD_LDFLAGS
>   adding "-lpthread" to MOD_LDFLAGS
>   adding "-ldl" to MOD_LDFLAGS
>   setting LIBS to "-lssl -lcrypto  -lrt -lcrypt  -lpthread -ldl"
>   forcing ab_LDFLAGS to "-L/usr/local/ssl/lib -lssl -lcrypto -lrt
> -lcrypt -lpthread -ldl"
> checking openssl/engine.h usability... yes
> checking openssl/engine.h presence... yes
> checking for openssl/engine.h... yes
> checking for SSLeay_version... no
> checking for SSL_CTX_new... no
> checking for ENGINE_init... no
> checking for ENGINE_load_builtin_engines... no
> configure: WARNING: OpenSSL libraries are unusable
> yes
>   setting MOD_SSL_LDADD to "-export-symbols-regex ssl_module"
> checking whether to enable mod_ssl... shared (reallyall)
>   adding "-I$(top_srcdir)/modules/ssl" to INCLUDES
> 
> So, is that a bad build for using mod_ssl or not?
> 
> I will try the build now and report back.
> 

Well something is wrong there with it indicating OpenSSL version 0.9.7. If you
intend to use the FIPS 2.0 module you must use OpenSSL 1.0.1.

Steve.
-- 
Dr Stephen Henson. OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
+1 877-673-6775
shen...@opensslfoundation.com

Reply via email to