Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
"Helmut K. C. Tessarek" in php.internals (Sun, 27 Oct 2019 22:31:52 -0400): >Hmm, it does not fail on my machine as you can see from the results I posted >earler. But I just had an idea: >The extension is very picky about having a proper ca file. I ran into similar >issues a while back. > >Can you please try to set openssl.cafile in php.ini? > >I always get the latest version from http://curl.haxx.se/ca/cacert.pem Thanks! That did the trick. Silly that OpenSSL 1.0.1e (Centos 6 default) and OpenSSL 1.0.2-fips did not have the problem. Apparently they found the ca_bundle.crt in /etc/ssl/ (symlinked to /etc/pki/tls/certs/). In the mean time I also tried it with a Windows build. It succeeded without any php.ini. For the interested people: https://phpdev.toolsforresearch.com/php-7.2.24-static-openssl-1.1.1d.zip -- Jan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On 2019-10-27 22:03, Jan Ehrhardt wrote: > Your build is still linking the system OpenSSL. Maybe, but the openssl extension is not using it. $ php -r 'echo "openssl version text: " . OPENSSL_VERSION_TEXT . "\n"; echo "openssl version number: 0x" . dechex(OPENSSL_VERSION_NUMBER) . "\n";' openssl version text: OpenSSL 1.1.1d 10 Sep 2019 openssl version number: 0x1010104f >> Not sure, if we should discuss this on the list. > Maybe not. On the other hand it might be a real bug. Somehow my builds fail > on validating > the peers. If I set $options['ssl']['verify_peer'] to FALSE in the > secure_stream_test.php > at https://gist.github.com/Jan-E/7f0055624b82c39dee6ae5b712f2c97a the > stream_socket_enable_crypto succeeds. But in a production environment you > cannot and > should not do without verifying peers. Hmm, it does not fail on my machine as you can see from the results I posted earler. But I just had an idea: The extension is very picky about having a proper ca file. I ran into similar issues a while back. Can you please try to set openssl.cafile in php.ini? I always get the latest version from http://curl.haxx.se/ca/cacert.pem Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
Nikita Popov in php.internals (Mon, 14 Oct 2019 11:22:24 +0200): >./configure --disable-all --with-openssl OPENSSL_LIBS="-l:libssl.a >-l:libcrypto.a -ldl" CFLAGS="-pthread" > >This compiles successfully. > >> ldd sapi/cli/php >linux-vdso.so.1 (0x7ffd1531f000) >libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x7f04b79a9000) >librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x7f04b77a1000) >libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x7f04b7403000) >libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7f04b71ff000) >libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 >(0x7f04b6fe) >libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f04b6bef000) >/lib64/ld-linux-x86-64.so.2 (0x7f04b8bee000) I now tried #!/bin/sh ./configure \ --prefix=/usr/local/php72 \ --program-suffix=72 \ --enable-fpm \ --with-config-file-scan-dir=/usr/local/php72/lib/php.conf.d \ --disable-all \ --with-openssl=/usr/local/ssl-1.1.1 \ CFLAGS=-I/usr/local/include \ LDFLAGS=-L/usr/local/lib \ LIBS="-ldl -lpthread" \ OPENSSL_LIBS="-L/usr/local/ssl-1.1.1/lib -l:libssl.a -l:libcrypto.a -ldl -lpthread" \ OPENSSL_CFLAGS="-I/usr/local/ssl-1.1.1/include" with this as a result: ldd /usr/local/php72/bin/php linux-vdso.so.1 => (0x7ffd5bb8b000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x7f45d95bc000) libresolv.so.2 => /lib64/libresolv.so.2 (0x7f45d93a2000) librt.so.1 => /lib64/librt.so.1 (0x7f45d919a000) libm.so.6 => /lib64/libm.so.6 (0x7f45d8f16000) libnsl.so.1 => /lib64/libnsl.so.1 (0x7f45d8cfd000) libdl.so.2 => /lib64/libdl.so.2 (0x7f45d8af9000) libpthread.so.0 => /lib64/libpthread.so.0 (0x7f45d88dc000) libc.so.6 => /lib64/libc.so.6 (0x7f45d8548000) libfreebl3.so => /lib64/libfreebl3.so (0x7f45d8345000) /lib64/ld-linux-x86-64.so.2 (0x7f45d97f3000) But it fails on stream_socket_enable_crypto in the test script in https://gist.github.com/Jan-E/7f0055624b82c39dee6ae5b712f2c97a Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed @Nikita: could you try that test with your build? Thanks. -- Jan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On 2019-10-27 14:50, Jan Ehrhardt wrote: > For me it still fails, also on the command line. OpenSSL 1.1.1d builds > with 1 subtest failing: test/recipes/20-test_enc.t. A known issue. Nope, no errors on my system, otherwise my openssl install would have failed when doing: make && make test && make install Just run the openssl tests again: ../test/recipes/20-test_enc.t .. ok > Can you give me your exact configure line? For instance: did your build > include nghttp2? Mine did. This is the output of ldd: No nghttpd2. Here's my configure line: ./configure --prefix=/usr/local/php72 --with-config-file-path=/etc/php72 --enable-fpm --with-fpm-user=nobody --with-fpm-group=nobody --with-fpm-systemd --with-IBM_DB2=/home/db2inst1/sqllib --with-pdo-ibm=/home/db2inst1/sqllib --disable-ipv6 --with-pic --with-readline --enable-bcmath --enable-exif --enable-ftp --enable-sockets --enable-sysvsem --enable-sysvshm --enable-sysvmsg --enable-wddx --enable-shmop --enable-calendar --with-gettext --with-zlib --with-zlib-dir=/usr/lib --with-imap --with-openssl=/usr/local/ssl-1.1.1 --with-gd --with-freetype-dir=/usr/lib --with-jpeg-dir=/usr/lib --with-png-dir=/usr/lib --with-curl --with-xmlrpc --with-pdflib=/usr/local/pdflib --with-bz2 --enable-mbstring --enable-zip --with-hkct=/usr/local/bin --with-mysqli --with-pdo-mysql --with-mysql-sock=/data/mysql/mysql.sock --enable-mysqlnd --with-gnupg --enable-pcntl --enable-intl CFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib LIBS="-lgpg-error -lpthread" OPENSSL_LIBS="-L/usr/local/ssl-1.1.1/lib -l:libssl.a -l:libcrypto.a -ldl -lpthread" OPENSSL_CFLAGS="-I/usr/local/ssl-1.1.1/include" > ldd /usr/local/php72/bin/php Mine is: linux-vdso.so.1 => (0x7fffed992000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00384660) libz.so.1 => /lib64/libz.so.1 (0x0036d320) libresolv.so.2 => /lib64/libresolv.so.2 (0x0036d4a0) libreadline.so.6 => /lib64/libreadline.so.6 (0x0036d4e0) libncurses.so.5 => /lib64/libncurses.so.5 (0x0036dd60) libtinfo.so.5 => /lib64/libtinfo.so.5 (0x0036d820) librt.so.1 => /lib64/librt.so.1 (0x0036d420) libpdf.so.6 => /usr/local/pdflib/lib/libpdf.so.6 (0x7f7fee97d000) libm.so.6 => /lib64/libm.so.6 (0x0036d2e0) libstdc++.so.6 => /lib64/libstdc++.so.6 (0x0036d520) libpam.so.0 => /lib64/libpam.so.0 (0x0036dc60) libdb2.so.1 => /home/db2inst1/sqllib/lib64/libdb2.so.1 (0x7f7febc78000) libgpgme.so.11 => /lib64/libgpgme.so.11 (0x0036e8a0) libpng16.so.16 => /lib64/libpng16.so.16 (0x0036dc20) libjpeg.so.62 => /lib64/libjpeg.so.62 (0x00387440) libbz2.so.1 => /lib64/libbz2.so.1 (0x7f7feba67000) libdl.so.2 => /lib64/libdl.so.2 (0x0036d2a0) libnsl.so.1 => /lib64/libnsl.so.1 (0x0039a720) libgpg-error.so.0 => /lib64/libgpg-error.so.0 (0x0036dee0) libsystemd-daemon.so.0 => /lib64/libsystemd-daemon.so.0 (0x0032dae0) libxml2.so.2 => /lib64/libxml2.so.2 (0x003dd8e0) libcurl.so.4 => /lib64/libcurl.so.4 (0x003a54a0) libfreetype.so.6 => /lib64/libfreetype.so.6 (0x0036dca0) libaprutil-1.so.0 => /usr/local/apr-util/lib/libaprutil-1.so.0 (0x7f7feb82d000) libexpat.so.1 => /lib64/libexpat.so.1 (0x0036d7a0) libapr-1.so.0 => /usr/local/apr/lib/libapr-1.so.0 (0x7f7feb5e8000) libpthread.so.0 => /lib64/libpthread.so.0 (0x0036d260) libicuio.so.50 => /lib64/libicuio.so.50 (0x7f7feb3da000) libicui18n.so.50 => /lib64/libicui18n.so.50 (0x0036cbc0) libicuuc.so.50 => /lib64/libicuuc.so.50 (0x0036cd80) libicudata.so.50 => /lib64/libicudata.so.50 (0x0036cc20) libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x0036d460) libc.so.6 => /lib64/libc.so.6 (0x0036d220) libfreebl3.so => /lib64/libfreebl3.so (0x00384620) /lib64/ld-linux-x86-64.so.2 (0x0036d1e0) libaudit.so.1 => /lib64/libaudit.so.1 (0x0036db20) libdb2dascmn.so.1 => /opt/ibm/db2/VXX.X/lib64/libdb2dascmn.so.1 (0x7f7feb1ad000) libdb2g11n.so.1 => /opt/ibm/db2/VXX.X/lib64/libdb2g11n.so.1 (0x7f7fea92f000) libdb2genreg.so.1 => /opt/ibm/db2/VXX.X/lib64/libdb2genreg.so.1 (0x7f7fea6eb000) libdb2install.so.1 => /opt/ibm/db2/VXX.X/lib64/libdb2install.so.1 (0x7f7fea4d9000) libdb2locale.so.1 => /opt/ibm/db2/VXX.X/lib64/libdb2locale.so.1 (0x7f7fea2b3000) libdb2osse.so.1 => /opt/ibm/db2/VXX.X/lib64/libdb2osse.so.1 (0x7f7fe9b49000) libdb2osse_db2.so.1 => /opt/ibm/db2/VXX.X/lib64/libdb2osse_db2.so.1 (0x7f7fe98c4000) libdb2sdbin.so.1 => /opt/ibm/db2/VXX.X/lib64/libdb2sdbin.so.1 (0x7f7fe962e000) libdb2trcapi.so.1 => /opt/ibm/db2/VXX.X/lib64/libdb2trcapi.so.1 (0x7f7fe9417000) libassuan.so.0 => /lib64/libassuan.so.0 (0x0036e860) liblzma.so.5 => /lib64/liblzma.so.5 (0x0036d360) libssh2.so.1 => /lib64/libssh2.so.1 (0x00384760) libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x003844a0) libkrb5.so.3 => /lib64/libkrb5.so.3
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
Helmut K. C. Tessarek in gmane.comp.php.devel (Sat, 26 Oct 2019 15:49:30 -0400): >On 2019-10-26 08:20, Jan Ehrhardt wrote: >> Fill in a smtp-server of your choice (like smtp.gmail.com) and run it. >> It is non optimized for speed, so it might take 2 minutes before the >> results show. @Helmut and @Nikita: could you test this and share your >> results here? > >I ran it on the command line and this was the result: [snip] >Turn on encryption for login phase: stream_socket_enable_crypto >64.233.167.108:587: stream_socket_enable_crypto returned true For me it still fails, also on the command line. OpenSSL 1.1.1d builds with 1 subtest failing: test/recipes/20-test_enc.t. A known issue. OpenSSL 1.1.1c builds with no errors, so to be sure I recompiled everything with 1.1.1c. Can you give me your exact configure line? For instance: did your build include nghttp2? Mine did. This is the output of ldd: ldd /usr/local/php72/bin/php linux-vdso.so.1 => (0x7ffcf6fb8000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x7f67e0e81000) libz.so.1 => /usr/local/lib/libz.so.1 (0x7f67e0c65000) libexslt.so.0 => /usr/local/lib/libexslt.so.0 (0x7f67e0a5) liblzma.so.0 => /usr/lib64/liblzma.so.0 (0x7f67e082f000) librt.so.1 => /lib64/librt.so.1 (0x7f67e0627000) libgcrypt.so.11 => /lib64/libgcrypt.so.11 (0x7f67e03b2000) libdl.so.2 => /lib64/libdl.so.2 (0x7f67e01ae000) libgpg-error.so.0 => /lib64/libgpg-error.so.0 (0x7f67dffaa000) libm.so.6 => /lib64/libm.so.6 (0x7f67dfd26000) libsodium.so.23 => /usr/local/lib/libsodium.so.23 (0x7f67dfad5000) libstdc++.so.6 => /usr/local/lib/../lib64/libstdc++.so.6 (0x7f67df73e000) libjpeg.so.9 => /usr/local/lib/libjpeg.so.9 (0x7f67df504000) libwebp.so.7 => /usr/local/lib/libwebp.so.7 (0x7f67df296000) libpcre.so.0 => /usr/local/lib/libpcre.so.0 (0x7f67df029000) libnsl.so.1 => /lib64/libnsl.so.1 (0x7f67dee1) libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x7f67debcc000) libkrb5.so.3 => /lib64/libkrb5.so.3 (0x7f67de8e5000) libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x7f67de6b9000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x7f67de4b5000) libcurl.so.4 => /usr/local/ssl-1.1.1/lib/libcurl.so.4 (0x7f67ddf4b000) libnghttp2.so.14 => /usr/local/lib/libnghttp2.so.14 (0x7f67ddd25000) librtmp.so.0 => /usr/lib64/librtmp.so.0 (0x7f67ddb0d000) libpthread.so.0 => /lib64/libpthread.so.0 (0x7f67dd8f) libfreetype.so.6 => /usr/local/lib/libfreetype.so.6 (0x7f67dd649000) libbz2.so.1 => /lib64/libbz2.so.1 (0x7f67dd438000) libpng16.so.16 => /usr/local/lib/libpng16.so.16 (0x7f67dd206000) libicui18n.so.58 => /usr/local/icu/lib/libicui18n.so.58 (0x7f67dcd8e000) libicuuc.so.58 => /usr/local/icu/lib/libicuuc.so.58 (0x7f67dc9e4000) libicudata.so.58 => /usr/local/icu/lib/libicudata.so.58 (0x7f67daee4000) libicuio.so.58 => /usr/local/icu/lib/libicuio.so.58 (0x7f67dacd7000) libxslt.so.1 => /usr/local/lib/libxslt.so.1 (0x7f67daa98000) libxml2.so.2 => /usr/local/lib/libxml2.so.2 (0x7f67da735000) libiconv.so.2 => /usr/local/lib/libiconv.so.2 (0x7f67da43a000) libgcc_s.so.1 => /usr/local/lib/../lib64/libgcc_s.so.1 (0x7f67da224000) libc.so.6 => /lib64/libc.so.6 (0x7f67d9e9) libresolv.so.2 => /lib64/libresolv.so.2 (0x7f67d9c76000) libfreebl3.so => /lib64/libfreebl3.so (0x7f67d9a73000) /lib64/ld-linux-x86-64.so.2 (0x7f67e10b8000) libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x7f67d9868000) libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x7f67d9665000) libgnutls.so.26 => /usr/lib64/libgnutls.so.26 (0x7f67d93b5000) libselinux.so.1 => /lib64/libselinux.so.1 (0x7f67d9196000) libtasn1.so.3 => /usr/lib64/libtasn1.so.3 (0x7f67d8f86000) Curl was included as shared: perl -pi -e 's|CURL_CHECK_PKGCONFIG\(zlib\)|#CURL_CHECK_PKGCONFIG(zlib)|g' configure.ac LIBS="-ldl" ./configure --prefix=/usr/local/ssl-1.1.1 --with-nghttp2=/usr/local --with-ssl=/usr/local/ssl-1.1.1 But I once also tested a curl build with --disable-shared. -- Jan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On 2019-10-26 08:20, Jan Ehrhardt wrote: > Fill in a smtp-server of your choice (like smtp.gmail.com) and run it. > It is non optimized for speed, so it might take 2 minutes before the > results show. @Helmut and @Nikita: could you test this and share your > results here? I ran it on the command line and this was the result: $ php secure_stream_test.php 64.233.167.108:587 connected 220 smtp.gmail.com ESMTP e12sm6843183wrs.49 - gsmtp Send EHLO smtp.gmail.com 250-smtp.gmail.com at your service, [MYIPHERE] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 Send STARTTLS 220 2.0.0 Ready to start TLS Turn on encryption for login phase: stream_socket_enable_crypto 64.233.167.108:587: stream_socket_enable_crypto returned true Send EHLO smtp.gmail.com 250-smtp.gmail.com at your service, [MYIPHERE] 250-SIZE 35882577 250-8BITMIME 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 QUIT & close Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
"Helmut K. C. Tessarek" in php.internals (Tue, 22 Oct 2019 22:33:39 -0400): >After a few more hours of trial and error I managed to get it working. > >However, the `-lpthread` in OPENSSL_LIBS is ignored. I checked the config.log, > but it wasn't added to the linker command. But adding it to LIBS solved the >issue. > >This is the command that finally worked: > >./configure [snip] --with-openssl=/usr/local/ssl-1.1.1 [snip] >CFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib LIBS="-lpthread" >OPENSSL_LIBS="-L/usr/local/ssl-1.1.1/lib -l:libssl.a -l:libcrypto.a -ldl >-lpthread" OPENSSL_CFLAGS="-I/usr/local/ssl-1.1.1/include" > >I will also update the bug, so that people have this info on file as a >reference. In my implementation I ran into a serious problem. PHPMailer stopped sending mails to a remote smtp server over port 587. After really a lot of debugging I found out that stream_socket_enable_crypto failed: Warning: stream_socket_enable_crypto(): SSL operation failed with code 1 OpenSSL Error messages: error:1416F086:SSL routines: tls_process_server_certificate:certificate verify failed I wrote an example program to illustrate this: https://gist.github.com/Jan-E/7f0055624b82c39dee6ae5b712f2c97a Fill in a smtp-server of your choice (like smtp.gmail.com) and run it. It is non optimized for speed, so it might take 2 minutes before the results show. @Helmut and @Nikita: could you test this and share your results here? I had to revert back to PHP versions, compiled with the system OpenSSL libs. -- Jan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On 2019-10-23 06:44, Jan Ehrhardt wrote: > Fine, thanks. In the next releases (7.2.25 and 7.3.12) '-pthread' in > OPENSSL_LIBS will not be ignored any longer for static openssl linking. > Will you update https://bugs.php.net/bug.php?id=77288 with this info? Great, thanks. Yep, I've updated the bug just now. Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
Nikita Popov in php.internals (Wed, 23 Oct 2019 11:08:51 +0200): >On Mon, Oct 14, 2019 at 1:44 PM Jan Ehrhardt wrote: >> Wow. Improvement of a patch back in Jun 13, 2005: >> >> https://github.com/php/php-src/commit/54d85cbfdadeca491478e3894707534e2c9ccd1f >> Original bug: https://bugs.php.net/bug.php?id=31256 >> >> Thanks. Will you backport the commit to PHP 7.2? > >Sorry, I forgot about this. Now backported in >https://github.com/php/php-src/commit/fa89c41f378894dc623374dd03c36a9fa16410a9 Fine, thanks. In the next releases (7.2.25 and 7.3.12) '-pthread' in OPENSSL_LIBS will not be ignored any longer for static openssl linking. Will you update https://bugs.php.net/bug.php?id=77288 with this info? -- Jan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On Mon, Oct 14, 2019 at 1:44 PM Jan Ehrhardt wrote: > Nikita Popov in php.internals (Mon, 14 Oct 2019 11:46:57 +0200): > >On Mon, Oct 14, 2019 at 11:30 AM Nikita Popov > wrote: > > > >> On Mon, Oct 14, 2019 at 11:22 AM Nikita Popov > >> wrote: > >> > >>> The fact that "-pthread" gets stripped from LIBS might be a bug. > >> > >> Looks like the -pthread stripping happens here: > >> > https://github.com/php/php-src/blob/5197d0cd5e1f4581db1beca1260e1315368ea911/build/php.m4#L371-L377 > >> > >> It doesn't get stripped as much as relocated to EXTRA_LDFLAGS (for > static > >> builds, for shared it goes into SHARED_LIBADD). However EXTRA_LDFLAGS is > >> only used when linking libraries, while programs use > EXTRA_LDFLAGS_PROGRAM. > >> This seems like an oversight, and it should be added to both. > > > >This should be fixed with > > > https://github.com/php/php-src/commit/c518932c0326a938f0fd0254f2adb03b1cddfbca > . > >Now using just > > > >./configure --disable-all --with-openssl OPENSSL_LIBS="-l:libssl.a > >-l:libcrypto.a -ldl -pthread" > > > >works for me. > > Wow. Improvement of a patch back in Jun 13, 2005: > > https://github.com/php/php-src/commit/54d85cbfdadeca491478e3894707534e2c9ccd1f > Original bug: https://bugs.php.net/bug.php?id=31256 > > Thanks. Will you backport the commit to PHP 7.2? > Sorry, I forgot about this. Now backported in https://github.com/php/php-src/commit/fa89c41f378894dc623374dd03c36a9fa16410a9 . Nikita
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On 2019-10-23 07:01, Jan Ehrhardt wrote: On 2019-10-23 06:36, Helmut K. C. Tessarek wrote: On 2019-10-23 00:28, Jan Ehrhardt wrote: It worked in my PHP 7.2 when I added '-pthread' to CFLAGS: https://news-web.php.net/php.internals/107632 Hmm, CFLAGS shouldn't be used for linker flags. It should be added to LDFLAGS. In either case, it's possible that it works with those, but I was talking about OPENSSL_LIBS, which was suggested by Nikita and Rainer. I was just following Nikita's example by using '-pthread' in CFLAGS: https://news-web.php.net/php.internals/107632 Correct reference should be https://news-web.php.net/php.internals/107541 It gets confusing when one is following internals via various interfaces. -- Jan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On 2019-10-23 06:36, Helmut K. C. Tessarek wrote: On 2019-10-23 00:28, Jan Ehrhardt wrote: It worked in my PHP 7.2 when I added '-pthread' to CFLAGS: https://news-web.php.net/php.internals/107632 Hmm, CFLAGS shouldn't be used for linker flags. It should be added to LDFLAGS. In either case, it's possible that it works with those, but I was talking about OPENSSL_LIBS, which was suggested by Nikita and Rainer. I was just following Nikita's example by using '-pthread' in CFLAGS: https://news-web.php.net/php.internals/107632 -- Jan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On 2019-10-23 00:28, Jan Ehrhardt wrote: > It worked in my PHP 7.2 when I added '-pthread' to CFLAGS: > https://news-web.php.net/php.internals/107632 Hmm, CFLAGS shouldn't be used for linker flags. It should be added to LDFLAGS. In either case, it's possible that it works with those, but I was talking about OPENSSL_LIBS, which was suggested by Nikita and Rainer. Anyway, I'm very happy that it works now. Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On 2019-10-23 06:17, Helmut K. C. Tessarek wrote: On 2019-10-23 00:03, Jan Ehrhardt wrote: That is more or less the same answer I posted 13 hours earlier https://news-web.php.net/php.internals/107628 Darn, that would have saved me a lot of time... ;-) Yes. Really bad that nntp://news.php.net, https://external.io and the mailing list are not in sync anymore. First time I experienced that. BTW: should not that be '-pthread' in stead of '-lpthread'? It was stripped from OPENSSL_LIBS as found by Nikita: https://news-web.php.net/php.internals/107543 Yep, I tried that too. But it didn't work. At least not on 7.2. It worked in my PHP 7.2 when I added '-pthread' to CFLAGS: https://news-web.php.net/php.internals/107632 -- Jan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On 2019-10-23 00:03, Jan Ehrhardt wrote: > That is more or less the same answer I posted 13 hours earlier > https://news-web.php.net/php.internals/107628 Darn, that would have saved me a lot of time... ;-) > BTW: should not that be '-pthread' in stead of '-lpthread'? It was > stripped from OPENSSL_LIBS as found by Nikita: > https://news-web.php.net/php.internals/107543 Yep, I tried that too. But it didn't work. At least not on 7.2. Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
"Helmut K. C. Tessarek" in php.internals (Tue, 22 Oct 2019 22:33:39 -0400): >Eureka! > >After a few more hours of trial and error I managed to get it working. > >However, the `-lpthread` in OPENSSL_LIBS is ignored. I checked the config.log, > but it wasn't added to the linker command. But adding it to LIBS solved the >issue. > >This is the command that finally worked: > >./configure [snip] --with-openssl=/usr/local/ssl-1.1.1 [snip] >CFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib LIBS="-lpthread" >OPENSSL_LIBS="-L/usr/local/ssl-1.1.1/lib -l:libssl.a -l:libcrypto.a -ldl >-lpthread" OPENSSL_CFLAGS="-I/usr/local/ssl-1.1.1/include" That is more or less the same answer I posted 13 hours earlier https://news-web.php.net/php.internals/107628 Too bad it did not bave seemed to reach the mailinglist and/or https://externals.io/message/103582 Frustrating that https://news-web.php.net/php.internals is not in sync with the mailinglist and/or https://externals.io/ BTW: should not that be '-pthread' in stead of '-lpthread'? It was stripped from OPENSSL_LIBS as found by Nikita: https://news-web.php.net/php.internals/107543 -- Jan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
Eureka! After a few more hours of trial and error I managed to get it working. However, the `-lpthread` in OPENSSL_LIBS is ignored. I checked the config.log, but it wasn't added to the linker command. But adding it to LIBS solved the issue. This is the command that finally worked: ./configure [snip] --with-openssl=/usr/local/ssl-1.1.1 [snip] CFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib LIBS="-lpthread" OPENSSL_LIBS="-L/usr/local/ssl-1.1.1/lib -l:libssl.a -l:libcrypto.a -ldl -lpthread" OPENSSL_CFLAGS="-I/usr/local/ssl-1.1.1/include" I will also update the bug, so that people have this info on file as a reference. Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
Jan Ehrhardt in php.internals (Tue, 22 Oct 2019 15:04:20 +0200): >With at least bison 3.0 and re2c 3.14.1 installed this seens to >work with PHP 7.4.0RC4: > >#!/bin/sh >./configure \ >--with-config-file-scan-dir=/usr/local/lib/php.conf.d \ >--disable-all \ >--with-openssl-dir=/usr/local/ssl-1.1.1 \ >--with-openssl=/usr/local/ssl-1.1.1 \ >CFLAGS=" -I/usr/local/ssl-1.1.1/include " \ >OPENSSL_LIBS="-ldl -pthread -L/usr/local/ssl-1.1.1/lib -l:libssl.a >-l:libcrypto.a" For PHP 7.2 and 7.3 you'll have to replace --with-openssl by --with-openssl=/usr/local/ssl-1.1.1 \ --with-openssl-dir=/usr/local/ssl-1.1.1 \ CFLAGS="-pthread -I/usr/local/ssl-1.1.1/include" \ OPENSSL_LIBS="-ldl -pthread -L/usr/local/ssl-1.1.1/lib -l:libssl.a -l:libcrypto.a" \ Note that the '-pthread' was added to the CFLAGS line as well, because it was stripped out of the OPENSSL_LIB definition. This was fixed by Nikita in PHP 7.4, but that fix was not backported to earlier versions. # /usr/local/php72/bin/php -i | grep OpenSSL SSL Version => OpenSSL/1.0.1e-fips OpenSSL support => enabled OpenSSL Library Version => OpenSSL 1.1.1d 10 Sep 2019 OpenSSL Header Version => OpenSSL 1.1.1d 10 Sep 2019 OpenSSL support => enabled The first line with 'OpenSSL/1.0.1e-fips' is what the curl extension reports. I will have to update that as well to OpenSSL 1.1.1 (static). -- Jan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
Jan Ehrhardt in php.internals (Tue, 22 Oct 2019 15:04:20 +0200): >With at least bison 3.0 and re2c 3.14.1 installed this seems to >work with PHP 7.4.0RC4: [snip] With some modules enabled: #!/bin/sh ./configure \ --disable-all \ --with-openssl-dir=/usr/local/ssl-1.1.1 \ --with-openssl=/usr/local/ssl-1.1.1 \ CFLAGS="-I/usr/local/ssl-1.1.1/include" \ OPENSSL_LIBS="-ldl -pthread -L/usr/local/ssl-1.1.1/lib -l:libssl.a -l:libcrypto.a" \ --with-apxs2 \ --enable-pdo \ --with-mhash \ --with-mysql-sock=/var/lib/mysql/mysql.sock \ --with-mysqli=mysqlnd \ --with-pcre-regex=/usr/local \ --with-pdo-mysql=mysqlnd \ --with-png-dir=/usr/local/lib \ --with-webp-dir=/usr/local/lib \ --with-zlib \ --enable-zip \ --enable-bcmath \ --enable-calendar \ --enable-ftp \ --enable-sockets \ --with-gd \ --with-gettext \ --with-jpeg-dir=/usr/local/lib \ --with-freetype-dir=/usr/local/lib -- Jan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
"Helmut K. C. Tessarek" in php.internals (Mon, 21 Oct 2019 23:34:58 -0400): >On 2019-10-14 05:46, Nikita Popov wrote: >> This should be fixed with >> https://github.com/php/php-src/commit/c518932c0326a938f0fd0254f2adb03b1cddfbca. >> Now using just >> >> ./configure --disable-all --with-openssl OPENSSL_LIBS="-l:libssl.a >> -l:libcrypto.a -ldl -pthread" >> >> works for me. > >Hmm, I can't get it to work. My ssl is in: /usr/local/ssl-1.1.1 With at least bison 3.0 and re2c 3.14.1 installed this seens to work with PHP 7.4.0RC4: #!/bin/sh ./configure \ --with-config-file-scan-dir=/usr/local/lib/php.conf.d \ --disable-all \ --with-openssl-dir=/usr/local/ssl-1.1.1 \ --with-openssl=/usr/local/ssl-1.1.1 \ CFLAGS=" -I/usr/local/ssl-1.1.1/include " \ OPENSSL_LIBS="-ldl -pthread -L/usr/local/ssl-1.1.1/lib -l:libssl.a -l:libcrypto.a" Tested on Centos 6: # sapi/cli/php -i | grep OpenSSL OpenSSL support => enabled OpenSSL Library Version => OpenSSL 1.1.1d 10 Sep 2019 OpenSSL Header Version => OpenSSL 1.1.1d 10 Sep 2019 # ldd sapi/cli/php linux-vdso.so.1 => (0x7ffee71a5000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x7f1341764000) libresolv.so.2 => /lib64/libresolv.so.2 (0x7f134154a000) librt.so.1 => /lib64/librt.so.1 (0x7f1341342000) libm.so.6 => /lib64/libm.so.6 (0x7f13410be000) libdl.so.2 => /lib64/libdl.so.2 (0x7f1340eba000) libpthread.so.0 => /lib64/libpthread.so.0 (0x7f1340c9d000) libz.so.1 => /usr/local/lib/libz.so.1 (0x7f1340a81000) libc.so.6 => /lib64/libc.so.6 (0x7f13406ed000) /lib64/ld-linux-x86-64.so.2 (0x7f134199b000) libfreebl3.so => /lib64/libfreebl3.so (0x7f13404ea000) -- Jan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On 2019-10-22 02:32, Rainer Jung wrote: > If you are willing for another round: > > # The next line only if configure.saved > # no longer exists from the previous try > cp -p configure configure.saved > > # The sed command here is three lines, > # the first two of them continued by a > # backslash at the end of line > sed -e 's/\(LIBS=.*\)-lssl \(.*\)/\1 -lssl -lcrypto \2/' \ > -e 's/\(LIBS=.*-lssl *-lcrypto\)\(.*\)/\1 `$PKG_CONFIG --libs --static > openssl` \2/' \ > configure.saved > configure > > If it doesn't work, then please again give us the config.log plus the "diff > configure.saved configure". It didn't work, but it can't work this way: LIBS=" -lssl -lcrypto `$PKG_CONFIG --libs --static openssl` $LIBS" This will find the system openssl and not my openssl 1.1.1. But if I set export PKG_CONFIG_PATH=/usr/local/ssl-1.1.1/lib/pkgconfig then other libraries are not found. I seriously don't understand why linking to 2 files in /usr/local/ssl-1.1.1/lib is so complicated. Apache httpd can do it. dovecot can do it. Every other software paxckage I compile can do it. PHP is the only one that fails. Once again, it does work with my other (non-system static openssl 1.0.2). I never link against the system openssl (my server has an uptime of more than 5 years), but unfortunately I can't remove it either. So if I change the path from /usr/local/ssl-1.1.1 to /usr/local/ssl (which holds my static 1.0.2 non-sysetm openssl) all works well. Anyway, here are the 2 files you requested: https://evermeet.cx/pub/logs/config.php72.2.log https://evermeet.cx/pub/logs/diff.2.patch I'm heading to bed now. Thanks for all your help so far. Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
Am 22.10.2019 um 05:28 schrieb Helmut K. C. Tessarek: On 2019-10-14 07:01, Rainer Jung wrote: Could you do yet another test? First manipulate the configure script with the following two commands: cp -p configure configure.saved # the following is one long line sed -e 's#PKG_CONFIG --libs openssl#PKG_CONFIG --libs --static openssl#g' configure.saved > configure and then redo the whole build including running configure. If that works fine, it might be possible to add a configure flag for static OpenSSL linking. Sorry that it took so long. Nope, this didn't help either. here's the log: https://evermeet.cx/pub/logs/config.php72.1.log I am sorry, error on my side. I forgot I had already adjusted configure myself, so the above sed wouldn't change anything in the original file (you can also diff the original and the new file to see the outcome of the sed command yourself). If you are willing for another round: # The next line only if configure.saved # no longer exists from the previous try cp -p configure configure.saved # The sed command here is three lines, # the first two of them continued by a # backslash at the end of line sed -e 's/\(LIBS=.*\)-lssl \(.*\)/\1 -lssl -lcrypto \2/' \ -e 's/\(LIBS=.*-lssl *-lcrypto\)\(.*\)/\1 `$PKG_CONFIG --libs --static openssl` \2/' \ configure.saved > configure If it doesn't work, then please again give us the config.log plus the "diff configure.saved configure". Regards, Rainer -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On 2019-10-14 05:46, Nikita Popov wrote: > This should be fixed with > https://github.com/php/php-src/commit/c518932c0326a938f0fd0254f2adb03b1cddfbca. > Now using just > > ./configure --disable-all --with-openssl OPENSSL_LIBS="-l:libssl.a > -l:libcrypto.a -ldl -pthread" > > works for me. Hmm, I can't get it to work. My ssl is in: /usr/local/ssl-1.1.1 Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On 2019-10-14 07:01, Rainer Jung wrote: > Could you do yet another test? First manipulate the configure script with the > following two commands: > > cp -p configure configure.saved > > # the following is one long line > > sed -e 's#PKG_CONFIG --libs openssl#PKG_CONFIG --libs --static openssl#g' > configure.saved > configure > > > and then redo the whole build including running configure. If that works fine, > it might be possible to add a configure flag for static OpenSSL linking. Sorry that it took so long. Nope, this didn't help either. here's the log: https://evermeet.cx/pub/logs/config.php72.1.log Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
Nikita Popov in php.internals (Mon, 14 Oct 2019 11:46:57 +0200): >On Mon, Oct 14, 2019 at 11:30 AM Nikita Popov wrote: > >> On Mon, Oct 14, 2019 at 11:22 AM Nikita Popov >> wrote: >> >>> The fact that "-pthread" gets stripped from LIBS might be a bug. >> >> Looks like the -pthread stripping happens here: >> https://github.com/php/php-src/blob/5197d0cd5e1f4581db1beca1260e1315368ea911/build/php.m4#L371-L377 >> >> It doesn't get stripped as much as relocated to EXTRA_LDFLAGS (for static >> builds, for shared it goes into SHARED_LIBADD). However EXTRA_LDFLAGS is >> only used when linking libraries, while programs use EXTRA_LDFLAGS_PROGRAM. >> This seems like an oversight, and it should be added to both. > >This should be fixed with >https://github.com/php/php-src/commit/c518932c0326a938f0fd0254f2adb03b1cddfbca. >Now using just > >./configure --disable-all --with-openssl OPENSSL_LIBS="-l:libssl.a >-l:libcrypto.a -ldl -pthread" > >works for me. Wow. Improvement of a patch back in Jun 13, 2005: https://github.com/php/php-src/commit/54d85cbfdadeca491478e3894707534e2c9ccd1f Original bug: https://bugs.php.net/bug.php?id=31256 Thanks. Will you backport the commit to PHP 7.2? -- Jan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
Am 14.10.2019 um 11:06 schrieb Helmut K. C. Tessarek: Hello, On 2019-10-14 04:12, Rainer Jung wrote: I think what he means is doing: Yep, I remember I had tried that as well, but I just went through it again to get the info you requested: export PKG_CONFIG_PATH=/usr/local/ssl-1.1.1/lib/pkgconfig export OPENSSL_CFLAGS="-I/usr/local/ssl-1.1.1/include" export OPENSSL_LIBS="-L/usr/local/ssl-1.1.1/lib -lssl -lcrypto -ldl -pthread" If it doesn't work, it would be helpful, if you could then post again your config.log so we can understand the remaining problems. https://evermeet.cx/pub/logs/config.php72.log Thanks, the relevant lines are: configure:18782: cc -o conftest -I/usr/local/include -fvisibility=hidden -Wl,-rpath,/usr/local/ssl-1.1.1/lib -L/usr/local/ssl-1.1.1/lib -L/usr/local/lib conftest.c -lcrypto -lrt -lm -ldl -lnsl -lgpg-error -lsystemd-daemon -lxml2 -lz -lm -ldl >&5 configure:18782: $? = 0 configure:18791: result: yes configure:18934: checking for SSL_CTX_set_ssl_version in -lssl configure:18959: cc -o conftest -I/usr/local/include -fvisibility=hidden -Wl,-rpath,/usr/local/ssl-1.1.1/lib -L/usr/local/ssl-1.1.1/lib -L/usr/local/lib conftest.c -lssl -lcrypto -lrt -lm -ldl -lnsl -lgpg-error -lsystemd-daemon -lxml2 -lz -lm -ldl -lcrypto >&5 /bin/ld: /usr/local/ssl-1.1.1/lib/libcrypto.a(threads_pthread.o): undefined reference to symbol 'pthread_rwlock_wrlock@@GLIBC_2.2.5' /bin/ld: note: 'pthread_rwlock_wrlock@@GLIBC_2.2.5' is defined in DSO /lib64/libpthread.so.0 so try adding it to the linker command line /lib64/libpthread.so.0: could not read symbols: Invalid operation collect2: error: ld returned 1 exit status configure:18959: $? = 1 configure: failed program was: So although "-pthread" is part of OPENSSL_LIBS, it doesn't get used during configure (which uses hard-coded 'LIBS=" -lssl -lcrypto `$PKG_CONFIG --libs openssl` $LIBS"' in this check). So a checken or egg problem. Could you do yet another test? First manipulate the configure script with the following two commands: cp -p configure configure.saved # the following is one long line sed -e 's#PKG_CONFIG --libs openssl#PKG_CONFIG --libs --static openssl#g' configure.saved > configure and then redo the whole build including running configure. If that works fine, it might be possible to add a configure flag for static OpenSSL linking. Thanks and regards, Rainer -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On Mon, Oct 14, 2019 at 11:30 AM Nikita Popov wrote: > On Mon, Oct 14, 2019 at 11:22 AM Nikita Popov > wrote: > >> On Sun, Oct 13, 2019 at 11:04 PM Helmut K. C. Tessarek < >> tessa...@evermeet.cx> wrote: >> >>> On 2019-10-13 17:00, Nikita Popov wrote: >>> > Don't know about previous versions, but at least on 7.4 setting >>> > OPENSSL_CFLAGS and OPENSSL_LIBS appropriately (e.g. using pkg-config >>> > --static --cflags/--libs return values) should work. These environment >>> > variables allow you to bypass normal pkg-config checks, which are >>> generally >>> > going to be non-static. >>> >>> I've tried pretty much anything, so if you have flags and env vars that >>> work, >>> please post them here. >>> >> >> Here's what pkg-config --static tells me on my system: >> >> -lssl -lcrypto -ldl -pthread >> >> So I use this for OPENSSL_LIBS, while explicitly requesting the static .a >> libs (on the assumption that only openssl should be linked statically, not >> all libs): >> >> ./configure --disable-all --with-openssl OPENSSL_LIBS="-l:libssl.a >> -l:libcrypto.a -ldl -pthread" >> >> configure passes, but then during linking I get: >> >> /usr/bin/ld: >> /usr/lib/gcc/x86_64-linux-gnu/8/../../../x86_64-linux-gnu/libcrypto.a(threads_pthread.o): >> undefined reference to symbol 'pthread_rwlock_wrlock@@GLIBC_2.2.5' >> >> It looks like the "-pthread" flag gets stripped. Then I tried: >> >> ./configure --disable-all --with-openssl OPENSSL_LIBS="-l:libssl.a >> -l:libcrypto.a -ldl" CFLAGS="-pthread" >> >> This compiles successfully. >> >> > ldd sapi/cli/php >> linux-vdso.so.1 (0x7ffd1531f000) >> libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 >> (0x7f04b79a9000) >> librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x7f04b77a1000) >> libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x7f04b7403000) >> libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7f04b71ff000) >> libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 >> (0x7f04b6fe) >> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f04b6bef000) >> /lib64/ld-linux-x86-64.so.2 (0x7f04b8bee000) >> >> The fact that "-pthread" gets stripped from LIBS might be a bug. >> > > Looks like the -pthread stripping happens here: > https://github.com/php/php-src/blob/5197d0cd5e1f4581db1beca1260e1315368ea911/build/php.m4#L371-L377 > > It doesn't get stripped as much as relocated to EXTRA_LDFLAGS (for static > builds, for shared it goes into SHARED_LIBADD). However EXTRA_LDFLAGS is > only used when linking libraries, while programs use EXTRA_LDFLAGS_PROGRAM. > This seems like an oversight, and it should be added to both. > This should be fixed with https://github.com/php/php-src/commit/c518932c0326a938f0fd0254f2adb03b1cddfbca. Now using just ./configure --disable-all --with-openssl OPENSSL_LIBS="-l:libssl.a -l:libcrypto.a -ldl -pthread" works for me. Nikita
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On Mon, Oct 14, 2019 at 11:22 AM Nikita Popov wrote: > On Sun, Oct 13, 2019 at 11:04 PM Helmut K. C. Tessarek < > tessa...@evermeet.cx> wrote: > >> On 2019-10-13 17:00, Nikita Popov wrote: >> > Don't know about previous versions, but at least on 7.4 setting >> > OPENSSL_CFLAGS and OPENSSL_LIBS appropriately (e.g. using pkg-config >> > --static --cflags/--libs return values) should work. These environment >> > variables allow you to bypass normal pkg-config checks, which are >> generally >> > going to be non-static. >> >> I've tried pretty much anything, so if you have flags and env vars that >> work, >> please post them here. >> > > Here's what pkg-config --static tells me on my system: > > -lssl -lcrypto -ldl -pthread > > So I use this for OPENSSL_LIBS, while explicitly requesting the static .a > libs (on the assumption that only openssl should be linked statically, not > all libs): > > ./configure --disable-all --with-openssl OPENSSL_LIBS="-l:libssl.a > -l:libcrypto.a -ldl -pthread" > > configure passes, but then during linking I get: > > /usr/bin/ld: > /usr/lib/gcc/x86_64-linux-gnu/8/../../../x86_64-linux-gnu/libcrypto.a(threads_pthread.o): > undefined reference to symbol 'pthread_rwlock_wrlock@@GLIBC_2.2.5' > > It looks like the "-pthread" flag gets stripped. Then I tried: > > ./configure --disable-all --with-openssl OPENSSL_LIBS="-l:libssl.a > -l:libcrypto.a -ldl" CFLAGS="-pthread" > > This compiles successfully. > > > ldd sapi/cli/php > linux-vdso.so.1 (0x7ffd1531f000) > libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x7f04b79a9000) > librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x7f04b77a1000) > libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x7f04b7403000) > libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7f04b71ff000) > libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 > (0x7f04b6fe) > libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f04b6bef000) > /lib64/ld-linux-x86-64.so.2 (0x7f04b8bee000) > > The fact that "-pthread" gets stripped from LIBS might be a bug. > Looks like the -pthread stripping happens here: https://github.com/php/php-src/blob/5197d0cd5e1f4581db1beca1260e1315368ea911/build/php.m4#L371-L377 It doesn't get stripped as much as relocated to EXTRA_LDFLAGS (for static builds, for shared it goes into SHARED_LIBADD). However EXTRA_LDFLAGS is only used when linking libraries, while programs use EXTRA_LDFLAGS_PROGRAM. This seems like an oversight, and it should be added to both. Nikita
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On Sun, Oct 13, 2019 at 11:04 PM Helmut K. C. Tessarek wrote: > On 2019-10-13 17:00, Nikita Popov wrote: > > Don't know about previous versions, but at least on 7.4 setting > > OPENSSL_CFLAGS and OPENSSL_LIBS appropriately (e.g. using pkg-config > > --static --cflags/--libs return values) should work. These environment > > variables allow you to bypass normal pkg-config checks, which are > generally > > going to be non-static. > > I've tried pretty much anything, so if you have flags and env vars that > work, > please post them here. > Here's what pkg-config --static tells me on my system: -lssl -lcrypto -ldl -pthread So I use this for OPENSSL_LIBS, while explicitly requesting the static .a libs (on the assumption that only openssl should be linked statically, not all libs): ./configure --disable-all --with-openssl OPENSSL_LIBS="-l:libssl.a -l:libcrypto.a -ldl -pthread" configure passes, but then during linking I get: /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/8/../../../x86_64-linux-gnu/libcrypto.a(threads_pthread.o): undefined reference to symbol 'pthread_rwlock_wrlock@@GLIBC_2.2.5' It looks like the "-pthread" flag gets stripped. Then I tried: ./configure --disable-all --with-openssl OPENSSL_LIBS="-l:libssl.a -l:libcrypto.a -ldl" CFLAGS="-pthread" This compiles successfully. > ldd sapi/cli/php linux-vdso.so.1 (0x7ffd1531f000) libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x7f04b79a9000) librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x7f04b77a1000) libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x7f04b7403000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7f04b71ff000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x7f04b6fe) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f04b6bef000) /lib64/ld-linux-x86-64.so.2 (0x7f04b8bee000) The fact that "-pthread" gets stripped from LIBS might be a bug. Hope this helps, Nikita
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
Hello, On 2019-10-14 04:12, Rainer Jung wrote: > I think what he means is doing: Yep, I remember I had tried that as well, but I just went through it again to get the info you requested: export PKG_CONFIG_PATH=/usr/local/ssl-1.1.1/lib/pkgconfig export OPENSSL_CFLAGS="-I/usr/local/ssl-1.1.1/include" export OPENSSL_LIBS="-L/usr/local/ssl-1.1.1/lib -lssl -lcrypto -ldl -pthread" > If it doesn't work, it would be helpful, if you could then post again your > config.log so we can understand the remaining problems. https://evermeet.cx/pub/logs/config.php72.log Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
Am 14.10.2019 um 10:12 schrieb Rainer Jung: Am 13.10.2019 um 23:04 schrieb Helmut K. C. Tessarek: On 2019-10-13 17:00, Nikita Popov wrote: Don't know about previous versions, but at least on 7.4 setting OPENSSL_CFLAGS and OPENSSL_LIBS appropriately (e.g. using pkg-config --static --cflags/--libs return values) should work. These environment variables allow you to bypass normal pkg-config checks, which are generally going to be non-static. I've tried pretty much anything, so if you have flags and env vars that work, please post them here. I think what he means is doing: % export PKG_CONFIG_PATH=/path/to/my/openssl111/pkgconfig where that directory should contain the pc files from your OpenSSL 1.1.1 installation. Then (example, you results may vary): % pkg-config --cflags openssl -I/path/to/my/openssl111/include So you would set export OPENSSL_CFLAGS=/path/to/my/openssl111/include and then % pkg-config --libs --static openssl -L/path/to/my/openssl111/lib -lssl -lcrypto -ldl -pthread so you would set export OPENSSL_LIBS="-L/path/to/my/openssl111/lib -lssl -lcrypto -ldl -pthread" You might try with the values you get back from the above pkg-config command on your system. If it doesn't work, it would be helpful, if you could then post again your config.log so we can understand the remaining problems. Addition to self: plus temporarily rename libssl.so and libcrypto.so during the PHP build, e.g. adding a trailing underscore. The versioned *.so.* files can stay in place, just not *.so. Regards, Rainer -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
Am 13.10.2019 um 23:04 schrieb Helmut K. C. Tessarek: On 2019-10-13 17:00, Nikita Popov wrote: Don't know about previous versions, but at least on 7.4 setting OPENSSL_CFLAGS and OPENSSL_LIBS appropriately (e.g. using pkg-config --static --cflags/--libs return values) should work. These environment variables allow you to bypass normal pkg-config checks, which are generally going to be non-static. I've tried pretty much anything, so if you have flags and env vars that work, please post them here. I think what he means is doing: % export PKG_CONFIG_PATH=/path/to/my/openssl111/pkgconfig where that directory should contain the pc files from your OpenSSL 1.1.1 installation. Then (example, you results may vary): % pkg-config --cflags openssl -I/path/to/my/openssl111/include So you would set export OPENSSL_CFLAGS=/path/to/my/openssl111/include and then % pkg-config --libs --static openssl -L/path/to/my/openssl111/lib -lssl -lcrypto -ldl -pthread so you would set export OPENSSL_LIBS="-L/path/to/my/openssl111/lib -lssl -lcrypto -ldl -pthread" You might try with the values you get back from the above pkg-config command on your system. If it doesn't work, it would be helpful, if you could then post again your config.log so we can understand the remaining problems. Regards, Rainer -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On 2019-10-13 17:00, Nikita Popov wrote: > Don't know about previous versions, but at least on 7.4 setting > OPENSSL_CFLAGS and OPENSSL_LIBS appropriately (e.g. using pkg-config > --static --cflags/--libs return values) should work. These environment > variables allow you to bypass normal pkg-config checks, which are generally > going to be non-static. I've tried pretty much anything, so if you have flags and env vars that work, please post them here. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On Sun, Oct 13, 2019 at 10:51 PM Jan Ehrhardt wrote: > "Helmut K. C. Tessarek" in php.internals (Thu, 7 Feb 2019 13:39:11 > +0100): > >On 2018-12-13 17:52, Rainer Jung wrote: > >> I might be wrong, but I vaguely remember that PHp does not call > >> "pkg-config --static --libs openssl" with a correctly setup > >> PKG_CONFIG_PAATZ to get the libs needed for static compilation. > >> Typically OpenSSL installs correct pc files that contain pthread as such > >> a dependency. Without asking pkg-config some fixed decisin logic would > >> need to find all the needed libs. > > > >I'd like to follow up on bug https://bugs.php.net/bug.php?id=77288 > > > >It's not stated in the documentation anywhere that a static openssl is > >not supported. > >It's ok, if devs don't have the time to look into it right away, but > >I've opened this bug 2 months ago, and it would be nice, if someone > >could at least acknowledge the bug and/or give some sort of a feedback. > > > >If PHP does not support static openssl, please change the documentation > >accordingly. > > > >However, it's wotking with openssl 1.0.2, so I must assume that there's > >a bug somewhere otherwise it would work with openssl 1.1.1 as well. > > Did you ever find a solution to compile PHP with a static OpenSSL 1.1.1? > -- > Jan > Don't know about previous versions, but at least on 7.4 setting OPENSSL_CFLAGS and OPENSSL_LIBS appropriately (e.g. using pkg-config --static --cflags/--libs return values) should work. These environment variables allow you to bypass normal pkg-config checks, which are generally going to be non-static. Nikita
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On 2019-10-13 16:50, Jan Ehrhardt wrote: > Did you ever find a solution to compile PHP with a static OpenSSL 1.1.1? Unfortunately not. I really hoped that someone would look into it, but I guess security is not that important. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
"Helmut K. C. Tessarek" in php.internals (Thu, 7 Feb 2019 13:39:11 +0100): >On 2018-12-13 17:52, Rainer Jung wrote: >> I might be wrong, but I vaguely remember that PHp does not call >> "pkg-config --static --libs openssl" with a correctly setup >> PKG_CONFIG_PAATZ to get the libs needed for static compilation. >> Typically OpenSSL installs correct pc files that contain pthread as such >> a dependency. Without asking pkg-config some fixed decisin logic would >> need to find all the needed libs. > >I'd like to follow up on bug https://bugs.php.net/bug.php?id=77288 > >It's not stated in the documentation anywhere that a static openssl is >not supported. >It's ok, if devs don't have the time to look into it right away, but >I've opened this bug 2 months ago, and it would be nice, if someone >could at least acknowledge the bug and/or give some sort of a feedback. > >If PHP does not support static openssl, please change the documentation >accordingly. > >However, it's wotking with openssl 1.0.2, so I must assume that there's >a bug somewhere otherwise it would work with openssl 1.1.1 as well. Did you ever find a solution to compile PHP with a static OpenSSL 1.1.1? -- Jan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
Thanks for the reply. On 2019-02-24 10:19, Jakub Zelenka wrote: > Looks like a bug. Just not the highest priority for me atm. It would be great, if you could add that info to the bug. e.g. change the status to verified, change priority to low, severity to high (since you can't use PHP with a static openssl 1.1.1). Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
On Thu, Feb 7, 2019 at 12:39 PM Helmut K. C. Tessarek wrote: > Hello, > > On 2018-12-13 17:52, Rainer Jung wrote: > > I might be wrong, but I vaguely remember that PHp does not call > > "pkg-config --static --libs openssl" with a correctly setup > > PKG_CONFIG_PAATZ to get the libs needed for static compilation. > > Typically OpenSSL installs correct pc files that contain pthread as such > > a dependency. Without asking pkg-config some fixed decisin logic would > > need to find all the needed libs. > > I'd like to follow up on bug https://bugs.php.net/bug.php?id=77288 > > It's not stated in the documentation anywhere that a static openssl is > not supported. > It's ok, if devs don't have the time to look into it right away, but > I've opened this bug 2 months ago, and it would be nice, if someone > could at least acknowledge the bug and/or give some sort of a feedback. > > If PHP does not support static openssl, please change the documentation > accordingly. > > However, it's wotking with openssl 1.0.2, so I must assume that there's > a bug somewhere otherwise it would work with openssl 1.1.1 as well. > > Looks like a bug. Just not the highest priority for me atm.
Re: [PHP-DEV] configure bug with static openssl 1.1.1? - bugid 77288
Hello, On 2018-12-13 17:52, Rainer Jung wrote: > I might be wrong, but I vaguely remember that PHp does not call > "pkg-config --static --libs openssl" with a correctly setup > PKG_CONFIG_PAATZ to get the libs needed for static compilation. > Typically OpenSSL installs correct pc files that contain pthread as such > a dependency. Without asking pkg-config some fixed decisin logic would > need to find all the needed libs. I'd like to follow up on bug https://bugs.php.net/bug.php?id=77288 It's not stated in the documentation anywhere that a static openssl is not supported. It's ok, if devs don't have the time to look into it right away, but I've opened this bug 2 months ago, and it would be nice, if someone could at least acknowledge the bug and/or give some sort of a feedback. If PHP does not support static openssl, please change the documentation accordingly. However, it's wotking with openssl 1.0.2, so I must assume that there's a bug somewhere otherwise it would work with openssl 1.1.1 as well. Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ signature.asc Description: OpenPGP digital signature