Thanks Francis for the help. I tried solution #2, it worked well.
Now I want for a fresh install. so, after untar'ing the kea src, I edited
configure (appended -lcrypto with -lssl) and did usual installation
(configure, make, make install) and it worked well too. Hope this is a
recommended way.

On Thu, Jun 15, 2017 at 11:27 PM, Francis Dupont <> wrote:

> Gokulakrishnan Gopalakrishnan writes:
> > ...
> > for making HTTPS Call using boost. While starting the server, I'm getting
> > error loading user_chk lib (*undefined Symbol: SSL_library_unit*).
> => the cryptolink library uses either the Botan or the OpenSSL crypto
> backend (it was initially Botan only but I added OpenSSL to provide
> an alternative, e.g. for people requiring a certified crypto).
> So if you build Kea with the OpenSSL backend you get the -lcrypto
> dependeny, i.e. the low level OpenSSL library. Note that we chose to
> not include direct HTTPS/TLS support inside Kea even both Botan and
> OpenSSL support TLS, of course with very different API.
> To conclude in your case you need the second SSL/TLS OpenSSL library -lssl
> > to build the library with "-lcrypto - lssl". I'm bit confused on how to
> > change the Makefile to build the library using these two libs.
> => you have two choices:
>  - you modify the and rerun autoconf, configure, etc
>  - you patch config.status to add -lssl in a variable definition
>   for instance the one with -lcrypto (i.e. you substitute "-lcrypto"
>   by "-lcrypto -lssl" everywhere) and you rerun it by:
>   sh ./config.status
> I use often the second solution because it is quick but it is dirty too
> so if it fixes your problem you have to try the first/clean way after.
> // Extra notes for corner cases, mainly the hook library case
> Note the order can matter (in theory it should not but in practice
> it could). And if you are working with a DSO (aka hook library)
> things can become really complex as hooks are loaded using dlopen()
> so anything the hook can need must be available in the Kea binary.
> There are already a few hacks to enforce some symbols to be visible,
> you have an example at the end of src/lib/eval/lexer.ll you can
> adapt to enforce a reference to a symbol in -lssl (without this
> the dynamic library will be skipped by ld when the Kea
> binary is built). So if you have the -lssl not adding the library
> you should:
>  - check if the is linked by something like
>   libtool --mode=execute ldd kea-dhcp4
>  (with libtool kea-dhcp4 is a shell script, the real binary is in
>   the src/bin/dhcp4/.libs directory and ldd applied directly on it
>   just returns errors saying it can't find libraries)
>   ldd on Linux and BSDs returns the list of dynamic libraries used
>   by the binary
>  - if is not listed by ldd then add a hack at the end of
>   src/lib/cryptolink/ with a reference to a
>   symbol. Choose one (e.g., SSL_library_init), add its include
>   (<openssl/ssl.h>) and a call to it as in lexer.ll. Note the function
>   will be never really called but it will be referenced.
>   Rebuild and recheck.
> Regards
> Francis Dupont <>
> PS: I assume you use dynamic linking on Linux or BSD. If you use static
> linking (./configure --enable-static-link) and/or Apple OS X / macOS
> some details change.
Kea-users mailing list

Reply via email to