Unless you statically link OpenSSL, haproxy will attempt to load default OS SOs 
on startup. Obviously, haproxy was compiled with OpenSSL 1.1.1c, but default 
SOs are not. You should add your OpenSSL 1.1.1c SO directory to, say, 
/etc/ld.so.conf.d/ossl111c.conf file (or whatever else you choose to name it as 
long as it's .conf) and run ldconfig to load the updated configuration. You can 
use "ldd haproxy" to verify SO dependencies and how they are resolved.

Bob

-----Original Message-----
From: hal...@xsmail.com <hal...@xsmail.com> 
Sent: Wednesday, July 17, 2019 11:39 AM
To: Zakharychev, Bob <bob.zakharyc...@spirent.com>; haproxy@formilux.org
Subject: Re: haproxy 2.0.0 build openssl version mismatch?

bob

On Wed, Jul 17, 2019, at 8:29 AM, Zakharychev, Bob wrote:
> you are using SSL_INC and SSL_LIB incorrectly: they should ONLY 
> contain paths to corresponding include and library directories, not 
> GCC options. So in your case they should look like this:
> 
>       SSL_LIB=/opt/prod/openssl111c/lib64 \
>       SSL_INC=/opt/prod/openssl111c/include \


switching to

        make V=1 \
        TARGET=linux-glibc \
        USE_SYSTEMD=1 \
        USE_PCRE2=1 \
        USE_PCRE2_JIT=1 \
        USE_OPENSSL=1 \
        SSL_LIB=/opt/prod/openssl111c/lib64 \
        SSL_INC=/opt/prod/openssl111c/include \
        USE_THREAD=1 \
        USE_PTHREAD_PSHARED=1 \
        USE_TFO=1 \
        USE_NS=1

now, after build,

        /opt/prod/haproxy/sbin/haproxy -vv
                /opt/prod/haproxy/sbin/haproxy: /usr/lib64/libssl.so.1.1: 
version `OPENSSL_1_1_1' not found (required by /opt/prod/haproxy/sbin/haproxy)
                /opt/prod/haproxy/sbin/haproxy: /usr/lib64/libcrypto.so.1.1: 
version `OPENSSL_1_1_1' not found (required by /opt/prod/haproxy/sbin/haproxy)

it completely ignores the specified paths, and incorrectly links the 
distro-installed, system libs.

hal

Reply via email to