Hello! 2009/12/3 Peter Beckman <beck...@angryox.com>: >> ports/138466 (affects www/apache22 built >> WITH_OPENSSL_PORT=yes). It is critical to make sure that right runtime >> libraries (those from /usr/local/lib, not from the base) are used by _every_ >> application built WITH_OPENSSL_PORT=YES - and it's not always true ;( > > Agreed. I ran into this problem, I had an old ENV var LD_LIBRARY_PATH in > one of my .tcshrc scripts that caused lighttpd to compile with the libssl > from base but the libcrypto from the port. Running make, then confirming > your binary/binaries are linked correctly to the right libraries using > 'ldd' is recommended to confirm what you expect.
Well, ldd's output _itself_ depends on the current environment and thus can't insure that correct libraries will be used by the application. Compare: 1) $ echo $LD_LIBRARY_PATH $ ldd /usr/local/libexec/apache22/mod_ssl.so /usr/local/libexec/apache22/mod_ssl.so: libssl.so.5 => /usr/lib/libssl.so.5 (0x2818c000) libcrypto.so.5 => /usr/lib/libcrypto.so.5 (0x281c5000) libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x282e2000) libm.so.4 => /lib/libm.so.4 (0x283ad000) libcrypto.so.5 => /usr/local/lib/libcrypto.so.5 (0x283c3000) Weird, isn't it? libssl.so from the base + 2 different libcrypro.so.5! However, apache's rc.d script sources /usr/local/sbin/envvars before starting httpd (though not always - that's why my PR exists) to set LD_LIBRARY_PATH properly: 2) $ . /usr/local/sbin/envvars $ echo $LD_LIBRARY_PATH /usr/local/lib: $ ldd /usr/local/libexec/apache22/mod_ssl.so /usr/local/libexec/apache22/mod_ssl.so: libssl.so.5 => /usr/local/lib/libssl.so.5 (0x2818c000) libcrypto.so.5 => /usr/local/lib/libcrypto.so.5 (0x281c9000) libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x282ec000) libm.so.4 => /lib/libm.so.4 (0x283b7000) Now ldd shows proper libraries. Likewise, if one omit setting LD_LIBRARY_PATH before running httpd, it (httpd itself) will just use OpenSSL libraries from base instead of port-installed (despite being built properly). So this is also run-time issue. > > Beckman > --------------------------------------------------------------------------- > Peter Beckman Internet Guy > beck...@angryox.com http://www.angryox.com/ > --------------------------------------------------------------------------- > -- Sincerely, Dmitry nic-hdl: LYNX-RIPE _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"