On Tue, Jun 25, 2024 at 10:57 AM Dave Kennard <showerhead...@hotmail.com> wrote:
>
> Thanks very much for the help. I tried adding "-R/opt/boringssl/lib" in ld
> options, so it looked like: --with-ld-opt='-Wl,-R,/opt/GeoIP/lib
> -R/opt/boringssl/lib -L/opt/GeoIP/lib -L/opt/boringssl/lib' But this gave the
> same result, probably the above is wrong because I don't really know what I
> am doing with linker options.
>
> You are correct though, I tried replacing the system libcrypto.so and
> libssl.so with links to the boringssl ones and that got rid of the issue. So
> it is just not looking for them in the correct place.
>
> I will have to read up on linker options then hopefully I can get it working
> properly.
>
> Thanks for pointing me in the right direction.
>
> On Mon, Jun 24, 2024 at 08:06:23AM +0100, Dave Kennard wrote:
>
> This is probably me doing something stupid, but I can't get nginx to run
> when built to use boringssl. When trying to run it (nginx -t) I get the
> error: undefined symbol: CRYPTO_chacha_20
>
> I think it's just that it isn't loading the boringssl shared libs.
>
> Nginx is configured as follows:
>
> ./configure --prefix=/opt/nginx-1.27.1 \
> ??? --with-pcre={{ tarballs_path }}/pcre2-{{ pcre_version }} \
> ??? --with-pcre-jit \
> ??? --without-http_autoindex_module \
> ??? --without-http_empty_gif_module \
> ??? --without-http_ssi_module \
> ??? --with-http_ssl_module \
> ??? --with-http_v2_module \
> ??? --with-http_v3_module \
> ??? --with-ipv6 \
> ??? --with-http_gzip_static_module \
> ??? --with-http_realip_module \
> ??? --add-module=../ngx_http_geoip2_module \
> ??? --with-http_perl_module --with-perl_modules_path=perl/lib \
> ??? --with-cc-opt='-I/opt/GeoIP/include -I/opt/boringssl/include' \
> ??? --with-ld-opt='-Wl,-R,/opt/GeoIP/lib -L/opt/GeoIP/lib
> -L/opt/boringssl/lib'
>
> And boringssl:
>
> cmake -B build -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=1
> -DCMAKE_INSTALL_PREFIX=/opt/boringssl-{{ ansible_date_time.date }}
>
> (/opt/boringssl is symlinked to /opt/boringssl-{{ ansible_date_time.date }})
>
> Can anyone suggest what the problem might be?
>
> Options you use suggest that you are building with shared BorinSSL
> library installed in a non-default location. The error you are
> seeing is likely a result of loading OpenSSL library from the
> default library path instead.
>
> Using "-R/opt/boringssl/lib" in ld options might be the way to go,
> similarly to how you already do with the GeoIP library.
Because this happens at runtime (and not compile time, and not link time):
> When trying to run it (nginx -t) I get the
> error: undefined symbol: CRYPTO_chacha_20
It appears you have a runtime path problem. /opt/boringssl/lib is not on-path.
Try this:
LD_LIBRARY_PATH="/opt/boringssl/lib:${LD_LIBRARY_PATH}" nginx -t
If that fixes the issue, then add the following to your linker options
to permanently solve the issue:
-Wl,-R/opt/boringssl/lib -Wl,--enable-new-dtags
The "-Wl" tells the compiler driver to pass the option to the linker.
You can omit the "-Wl" if you are directly invoking the `ld` linker.
You need "-Wl` if you are driving link through `gcc` (or other
compiler driver).
You should also add "-Wl,--enable-new-dtags" to the linker options to
enable RUNPATHs rather than RPATHs. RUNPATHs allow runtime overrides.
Jeff
