Thanks Francis for the help. I tried solution #2, it worked well.
Now I want for a fresh install. so, after untar'ing the kea src, I edited
configure (appended -lcrypto with -lssl) and did usual installation
(configure, make, make install) and it worked well too. Hope this is a
On Thu, Jun 15, 2017 at 11:27 PM, Francis Dupont <fdup...@isc.org> wrote:
> Gokulakrishnan Gopalakrishnan writes:
> > ...
> > for making HTTPS Call using boost. While starting the server, I'm getting
> > error loading user_chk lib (*undefined Symbol: SSL_library_unit*).
> => the cryptolink library uses either the Botan or the OpenSSL crypto
> backend (it was initially Botan only but I added OpenSSL to provide
> an alternative, e.g. for people requiring a certified crypto).
> So if you build Kea with the OpenSSL backend you get the -lcrypto
> dependeny, i.e. the low level OpenSSL library. Note that we chose to
> not include direct HTTPS/TLS support inside Kea even both Botan and
> OpenSSL support TLS, of course with very different API.
> To conclude in your case you need the second SSL/TLS OpenSSL library -lssl
> > to build the library with "-lcrypto - lssl". I'm bit confused on how to
> > change the Makefile to build the library using these two libs.
> => you have two choices:
> - you modify the Makefile.am and rerun autoconf, configure, etc
> - you patch config.status to add -lssl in a variable definition
> for instance the one with -lcrypto (i.e. you substitute "-lcrypto"
> by "-lcrypto -lssl" everywhere) and you rerun it by:
> sh ./config.status
> I use often the second solution because it is quick but it is dirty too
> so if it fixes your problem you have to try the first/clean way after.
> // Extra notes for corner cases, mainly the hook library case
> Note the order can matter (in theory it should not but in practice
> it could). And if you are working with a DSO (aka hook library)
> things can become really complex as hooks are loaded using dlopen()
> so anything the hook can need must be available in the Kea binary.
> There are already a few hacks to enforce some symbols to be visible,
> you have an example at the end of src/lib/eval/lexer.ll you can
> adapt to enforce a reference to a symbol in -lssl (without this
> the dynamic library libssl.so will be skipped by ld when the Kea
> binary is built). So if you have the -lssl not adding the library
> you should:
> - check if the libssl.so is linked by something like
> libtool --mode=execute ldd kea-dhcp4
> (with libtool kea-dhcp4 is a shell script, the real binary is in
> the src/bin/dhcp4/.libs directory and ldd applied directly on it
> just returns errors saying it can't find libraries)
> ldd on Linux and BSDs returns the list of dynamic libraries used
> by the binary
> - if libssl.so is not listed by ldd then add a hack at the end of
> src/lib/cryptolink/openssl_link.cc with a reference to a libssl.so
> symbol. Choose one (e.g., SSL_library_init), add its include
> (<openssl/ssl.h>) and a call to it as in lexer.ll. Note the function
> will be never really called but it will be referenced.
> Rebuild and recheck.
> Francis Dupont <fdup...@isc.org>
> PS: I assume you use dynamic linking on Linux or BSD. If you use static
> linking (./configure --enable-static-link) and/or Apple OS X / macOS
> some details change.
Kea-users mailing list