This is the solution we came up with:
We downloaded, compiled and installed the latest stable openssl version
3.0.0.
Then we added /usr/local/lib64 to /etc/ld.so.conf.d/libc.conf
After/sbin/ldconfig Naviserver finds the new openssl version when
compiling with:
--with-openssl=/usr/local/
So far everything seems to work, we only get one warning from the linker:
/usr/bin/ld: warning: libcrypto.so.1.1, needed by
/usr/lib/gcc/x86_64-linux-gnu/8/../../../x86_64-linux-gnu/libssl.so, may
conflict with libcrypto.so.3
Again, thanks for your help,
Wolfgang
Am 09.12.21 um 11:44 schrieb Gustaf Neumann:
-------- Forwarded Message --------
Subject: Re: [naviserver-devel] No notifications with webpush::send
Date: Thu, 9 Dec 2021 11:43:44 +0100
From: Gustaf Neumann <neum...@wu.ac.at>
To: Wolfgang Winkler via naviserver-devel
<naviserver-devel@lists.sourceforge.net>
On 09.12.21 09:33, Wolfgang Winkler via naviserver-devel wrote:
We are using 1.1.1d on our production server, which is a debian buster.
bytes {} tag 1e58277931d45f4c593cffbf291b39b7
i can confirm, that with Debian GNU/Linux 10 (buster) and OpenSSL
1.1.1d bytes are empty.
With e.g. Rocky Linux release 8.4 (one successor of CentOS, also
conservative), with e.g. 1.1.1g, everything is fine.
I've tried to use 1.1.1k on buster. I installed it with
./config --prefix=/usr/local/openssl && make && make install
and compiled naviserver with
./configure
--enable-64bit=true--prefix=/usr/local/naviserver-git--with-openssl=/usr/local/openssl--with-tcl=/usr/local/lib/--enable-threads
But naviserver still uses the packaged openssl version:
# ldd nsd/nsd
libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1
There is something starnge on Buster concerning libraries. I have
downloaded newest openssl from git, configured + make install, and
configured
Naviserver as usual
$ ./configure --enable-64bit -prefix=/usr/local/ns --with-openssl=/usr/local/
but was surprised that it the version was not picked up for loading.
After brutally linking the files, everything was fine.
So, there seems to be some load-path that has to be configured for Buster,
but I am not an expert (and have not time to investigate deeper).
But with this, the right OpenSSL is loaded, encrypt returns non-empty:
$ ln -s /usr/local/lib64/*so* /usr/local/lib/
$ ldconfig -v
$ make install
$ ./nsd/nsd -c -u nsadmin
[-main:conf-] Notice: OpenSSL 3.1.0-dev initialized
...
% package require tcltest 2.2
% namespace import -force ::tcltest::*
% test aead-1.0 {aead::encrypt} -body {
set d [ns_crypto::aead::encrypt string -cipher aes-128-gcm -iv 123456789 -key secret
"hello world"]
list bytes [string length [dict get $d bytes]] tag [string length [dict
get $d tag]]
} -result {bytes 22 tag 32}
I have to rush,
-gn
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
--
*Wolfgang Winkler*
Geschäftsführung
wolfgang.wink...@digital-concepts.com
mobil +43.699.19971172
dc:*büro*
digital concepts Novak Winkler OG
Software & Design
Landstraße 68, 5. Stock, 4020 Linz
www.digital-concepts.com <http://www.digital-concepts.com>
tel +43.732.997117.72
tel +43.699.1997117.2
Firmenbuchnummer: 192003h
Firmenbuchgericht: Landesgericht Linz
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
