That would likely break more things. Can you post your build commands for openssl?
-----Original Message----- From: Norman Branitsky [norman.branit...@micropact.com] Received: Wednesday, 26 Jul 2017, 5:20PM To: Gibson, Brian (IMS) [gibs...@imsweb.com]; haproxy@formilux.org [haproxy@formilux.org] Subject: RE: HAProxy 1.7.8 compile problem with new OpenSSL I found the following folders: /usr/lib64/openssl /usr/include/openssl In /usr/include/openssl/ssl.h, I find the following: # grep SSL_get0_alpn_selected * ssl.h:void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, I modified my make command thus: make TARGET=linux2628 USE_PCRE=1 USE_SLZ=1 USE_OPENSSL=1 SSL_INC=/usr/include/openssl SSL_LIB=/usr/lib64/openssl Compile still fails: LZ -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 -DNETFILTER -DUSE_GETSOCKNAME -DUSE_OPENSSL -I/usr/include/openssl -DUSE_SYSCALL_FUTEX -DUSE_PCRE -I/usr/include -DCONFIG_HAPROXY_VERSION=\"1.7.8\" -DCONFIG_HAPROXY_DATE=\"2017/07/07\" -c -o ebtree/ebistree.o ebtree/ebistree.c gcc -g -o haproxy src/haproxy.o src/base64.o src/protocol.o src/uri_auth.o src/standard.o src/buffer.o src/log.o src/task.o src/chunk.o src/channel.o src/listener.o src/lru.o src/xxhash.o src/time.o src/fd.o src/pipe.o src/regex.o src/cfgparse.o src/server.o src/checks.o src/queue.o src/frontend.o src/proxy.o src/peers.o src/arg.o src/stick_table.o src/proto_uxst.o src/connection.o src/proto_http.o src/raw_sock.o src/backend.o src/tcp_rules.o src/lb_chash.o src/lb_fwlc.o src/lb_fwrr.o src/lb_map.o src/lb_fas.o src/stream_interface.o src/stats.o src/proto_tcp.o src/applet.o src/session.o src/stream.o src/hdr_idx.o src/ev_select.o src/signal.o src/acl.o src/sample.o src/memory.o src/freq_ctr.o src/auth.o src/proto_udp.o src/compression.o src/payload.o src/hash.o src/pattern.o src/map.o src/namespace.o src/mailers.o src/dns.o src/vars.o src/filters.o src/flt_http_comp.o src/flt_trace.o src/flt_spoe.o src/cli.o src/ev_poll.o src/ev_epoll.o src/ssl_sock.o src/shctx.o ebtree/ebtree.o ebtree/eb32tree.o ebtree/eb64tree.o ebtree/ebmbtree.o ebtree/ebsttree.o ebtree/ebimtree.o ebtree/ebistree.o -lcrypt -lslz -ldl -L/usr/lib64/openssl -lssl -lcrypto -ldl -L/usr/lib -lpcreposix -lpcre src/ssl_sock.o: In function `smp_fetch_ssl_fc_alpn': /tmp/haproxy-1.7.8/src/ssl_sock.c:4927: undefined reference to `SSL_get0_alpn_selected' src/ssl_sock.o: In function `ssl_sock_load_sctl': /tmp/haproxy-1.7.8/src/ssl_sock.c:1006: undefined reference to `SSL_CTX_add_server_custom_ext' src/ssl_sock.o: In function `ssl_sock_prepare_ctx': /tmp/haproxy-1.7.8/src/ssl_sock.c:2879: undefined reference to `SSL_CTX_set_alpn_select_cb' collect2: error: ld returned 1 exit status make: *** [haproxy] Error 1 The original ssl was installed in /usr/lib64 – should I force the new one to install in the same directories overwriting the old? From: Gibson, Brian (IMS) [mailto:gibs...@imsweb.com] Sent: July-26-17 3:12 PM To: Norman Branitsky <norman.branit...@micropact.com>; haproxy@formilux.org Subject: RE: HAProxy 1.7.8 compile problem with new OpenSSL I would try this USE_OPENSSL=1 SSL_INC=/path/to/include SSL_LIB=/path/to/lib I had to do this myself when using openssl 1.1.0x branch on centos 7, but I thought it was because I use a non-default location. From: Norman Branitsky [mailto:norman.branit...@micropact.com] Sent: Wednesday, July 26, 2017 2:41 PM To: haproxy@formilux.org<mailto:haproxy@formilux.org> Subject: HAProxy 1.7.8 compile problem with new OpenSSL I have no problem compiling HAProxy 1.7.8 on a CentOS 7 box with the default distribution of OpenSSL: uname -a Linux ip-10-241-7-240 3.10.0-123.20.1.el7.centos.plus.x86_64 #1 SMP Thu Jan 29 22:05:39 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 On another server, I upgraded OpenSSL: # openssl version OpenSSL 1.0.2l 25 May 2017 This is my make statement: # make TARGET=linux2628 USE_OPENSSL=1 USE_PCRE=1 USE_SLZ=1 This is the end of the compile output: gcc -g -o haproxy src/haproxy.o src/base64.o src/protocol.o src/uri_auth.o src/standard.o src/buffer.o src/log.o src/task.o src/chunk.o src/channel.o src/listener.o src/lru.o src/xxhash.o src/time.o src/fd.o src/pipe.o src/regex.o src/cfgparse.o src/server.o src/checks.o src/queue.o src/frontend.o src/proxy.o src/peers.o src/arg.o src/stick_table.o src/proto_uxst.o src/connection.o src/proto_http.o src/raw_sock.o src/backend.o src/tcp_rules.o src/lb_chash.o src/lb_fwlc.o src/lb_fwrr.o src/lb_map.o src/lb_fas.o src/stream_interface.o src/stats.o src/proto_tcp.o src/applet.o src/session.o src/stream.o src/hdr_idx.o src/ev_select.o src/signal.o src/acl.o src/sample.o src/memory.o src/freq_ctr.o src/auth.o src/proto_udp.o src/compression.o src/payload.o src/hash.o src/pattern.o src/map.o src/namespace.o src/mailers.o src/dns.o src/vars.o src/filters.o src/flt_http_comp.o src/flt_trace.o src/flt_spoe.o src/cli.o src/ev_poll.o src/ev_epoll.o src/ssl_sock.o src/shctx.o ebtree/ebtree.o ebtree/eb32tree.o ebtree/eb64tree.o ebtree/ebmbtree.o ebtree/ebsttree.o ebtree/ebimtree.o ebtree/ebistree.o -lcrypt -lslz -ldl -lssl -lcrypto -ldl -L/usr/lib -lpcreposix -lpcre src/ssl_sock.o: In function `smp_fetch_ssl_fc_alpn': /tmp/haproxy-1.7.8/src/ssl_sock.c:4927: undefined reference to `SSL_get0_alpn_selected' src/ssl_sock.o: In function `ssl_sock_load_sctl': /tmp/haproxy-1.7.8/src/ssl_sock.c:1006: undefined reference to `SSL_CTX_add_server_custom_ext' src/ssl_sock.o: In function `ssl_sock_prepare_ctx': /tmp/haproxy-1.7.8/src/ssl_sock.c:2879: undefined reference to `SSL_CTX_set_alpn_select_cb' collect2: error: ld returned 1 exit status make: *** [haproxy] Error 1 Norman Norman Branitsky Cloud Architect MicroPact (o) 416.916.1752 (c) 416.843.0670 (t) 1-888-232-0224 x61752 www.micropact.com<http://www.micropact.com/> Think it > Track it > Done ________________________________ Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error. ________________________________ Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error.