On Fri, 2008-12-19 at 10:56 +0100, xPostings wrote:
> > > compiled zlib:
> > > ./configure
> > > make
> > > make install
> >
> > What's your prefix here? It'd probably default to /usr/local
>
> default prefix is /usr/local (compiled library will be in /usr/local/lib and
> include files are in /usr/local/include)
>
> > > compiled openssl 0.9.8i:
> > > ./config no-zlib shared
> > > make
> > > make install
> >
> > Again, what's the prefix? And, specifying 'shared' will build the
> > *.so libraries which are then picked up by the Apache build system.
>
> default prefix is /usr/local/ssl
> If I do not use "shared" the ./configure of apache fails. To compile mod_ssl
> statically into httpd can't be done without having compiled the shared libs
> of openssl.
>
> > >
> > > compiled apache httpd:
> > > ./buildconf
> > > ./configure --prefix=/usr/local/apache2.2.11 \
> > > --enable-static-support \
> > > --with-mpm=worker \
> > > --enable-mods-shared=all \
> > > --enable-so \
> > > --enable-deflate=static \
> > > --with-z=/usr/local/lib \
> >
> > Usually, you point to the top of the zlib installation which
> > would be /
> > usr/local, under which the compiler finds the include/headers
> > and the
> > linker finds the lib/libraries.
>
> You're right, that was a mistake, I recompiled with --with-z=/usr/local, but
> the result is the same.
>
>
> > > --enable-ssl=static \
> > > --with-ssl=/usr/local/ssl \
> >
> > This must match your prefix above, or the default.
>
> that's correct.
>
> >
> > > --enable-rewrite=static \
> > > --enable-auth-basic=static \
> > > --enable-authn-file=static \
> > > --enable-authz-user=static \
> > > --enable-authz-groupfile=static \
> > > --enable-authz-host=static \
> > > --enable-expires=static \
> > > --enable-headers=static
> > >
> > > If I look to the depencies with ldd there is a dynamically linked
> > > libz and libssl:
> > >
> > > linux-gate.so.1 => (0xffffe000)
> > > libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8
> > > (0xb7eb9000)
> > > libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8
> > > (0xb7d7e000)
> >
> > That's your system installation of openssl 0.9.8*. Two things may
> > have happened:
> >
> > 1) You linked against the .so shared libraries in your installation,
> > but at runtime you're picking up the system copy. It seems that
> > embedding the hard path to the shared libraries in the
> > calling binary
> > doesn't work too well on Linnicks. This can be remedied by adding /
> > usr/local/ssl/lib (or whatever, see the discussion on prefix
> > above) to
> > the LD_LIBRARY_PATH environment variable when you start
> > Apache. This
> > can be done in the script that starts the server, or on the command
> > line for testing.
>
> We do use the compiled versions of httpd on other machines (production),
> that's the reason we do not wan't to have dynamic linked binaries. It was
> never necessary to modify LD_LIBRARY_PATH before because everything httpd
> needs (zlib and ssl) should be compiled into httpd.
>
> >
> > 2) The System openssl was found in favor of yours when configuring.
> > This should not happen. Study your ./configure output where
> > it tries
> > to find the proper openssl library and see what exactly happens there.
>
>
> The output of ./configure seems to be correct:
>
> checking for SSL/TLS toolkit base... /usr/local/ssl
> adding "-I/usr/local/ssl/include" to CPPFLAGS
> adding "-I/usr/local/ssl/include" to INCLUDES
> adding "-L/usr/local/ssl/lib" to LDFLAGS
> checking for OpenSSL version... checking openssl/opensslv.h usability... yes
> checking openssl/opensslv.h presence... yes
> checking for openssl/opensslv.h... yes
> checking openssl/ssl.h usability... yes
> checking openssl/ssl.h presence... yes
> checking for openssl/ssl.h... yes
> OK
> forcing SSL_LIBS to "-lssl -lcrypto -lrt -lcrypt -lpthread -ldl"
> adding "-lssl" to LIBS
> adding "-lcrypto" to LIBS
> adding "-lrt" to LIBS
> adding "-lcrypt" to LIBS
> adding "-lpthread" to LIBS
> adding "-ldl" to LIBS
> checking openssl/engine.h usability... yes
> checking openssl/engine.h presence... yes
> checking for openssl/engine.h... yes
> checking for SSLeay_version... yes
> checking for SSL_CTX_new... yes
> checking for ENGINE_init... yes
> checking for ENGINE_load_builtin_engines... yes
> checking for SSL_set_cert_store... no
> forcing MOD_SSL_LDADD to "$(SSL_LIBS)"
> checking whether Distcache is required... no (default)
> checking whether to enable mod_ssl... yes
> adding "-I$(top_srcdir)/modules/ssl" to INCLUDES
>
> >
> > >
> > > libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7d59000)
> > > libaprutil-1.so.0 => /usr/local/apache2.2.11/lib/
> > > libaprutil-1.so.0 (0xb7d3d000)
> > > libexpat.so.0 => /usr/local/apache2.2.11/lib/libexpat.so.0
> > > (0xb7d21000)
> > > libapr-1.so.0 => /usr/local/apache2.2.11/lib/libapr-1.so.0
> > > (0xb7cfc000)
> > > librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7cf3000)
> > > libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1
> > (0xb7cc4000)
> > > libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0
> > > (0xb7cb2000)
> > > libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7cae000)
> > > libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7b7d000)
> > > libz.so.1 => /usr/lib/libz.so.1 (0xb7b69000)
> >
> > Again, that's the system copy. Same story, plus it may not
> > have found
> > yours because your parameter was off. Again, see your ./configure
> > output.
>
> Output seems to be correct:
> checking whether to enable mod_deflate... checking dependencies
> adding "-I/usr/local/include" to INCLUDES
> adding "-L/usr/local/lib" to LDFLAGS
> adding "-lz" to LIBS
> checking for zlib library... found
> forcing MOD_DEFLATE_LDADD to "-lz"
> removed "-lz" from LIBS
> checking whether to enable mod_deflate... yes
>
> >
> > >
> > > /lib/ld-linux.so.2 (0xb7efe000)
> > >
> > > What's going wrong? libssl and libz shouldn't be linked
> > dynamically.
> > > With httpd 2.2.3 and the same configuration I haven't had these
> > > problems. ldd from the old 2.2.3 shows following depencies:
> > >
> > > linux-gate.so.1 => (0xffffe000)
> > > libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7edf000)
> > > libaprutil-1.so.0 => /usr/local/apache2.2.3/lib/
> > > libaprutil-1.so.0 (0xb7ec9000)
> > > libexpat.so.0 => /usr/local/apache2.2.3/lib/libexpat.so.0
> > > (0xb7eac000)
> > > libapr-1.so.0 => /usr/local/apache2.2.3/lib/libapr-1.so.0
> > > (0xb7e8a000)
> > > librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7e81000)
> > > libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1
> > (0xb7e53000)
> > > libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0
> > > (0xb7e40000)
> > > libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7e3c000)
> > > libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7d0b000)
> > > /lib/ld-linux.so.2 (0xb7f0a000)
> >
> > No openssl libraries linked to this one. Are you sure they weren't
> > just linked into mod_ssl.so?
>
> I'm pretty sure, in this case there's no mod_ssl.so because it's compiled
> into httpd,
>
> cheers
> mike
>
configure just builds up the list of locations where to find libraries
that have the features it needs. So, you tell it SSL is
in /usr/local/ssl, it goes away and looks there and says "you're right,
theres SSL libraries there, adding /usr/local/ssl/lib to
LDPATH, /usr/local/ssl/include to CFLAGS".
When it comes to build/link the components though, it has no idea that
it is supposed to be using the SSL libraries from /usr/local/ssl, just
that it has a list of folders which it CAN use. It searches them in
order, looking for a library that works in the manner required. Once the
linker has found a suitable library, it links it in.
Your problem is that your system SSL libraries are picked up before your
custom built ones are found. A simple way to fix this is to modify the
makefile rules for those modules, to remove the dynamic linking
statements and add some dirty static linking.
Eg, I just grabbed 2.2.11, ran
./configure \
--prefix=/tmp/foobar \
--enable-so \
--enable-mods-shared="ssl deflate"
built and installed it. This gave me an httpd binary and module files
linked like so (this is FreeBSD, so YMMV):
bin/httpd:
libm.so.5 => /lib/libm.so.5 (0x280f3000)
libaprutil-1.so.3 => /usr/local/lib/libaprutil-1.so.3 (0x28108000)
libdb-4.2.so.2 => /usr/local/lib/libdb-4.2.so.2 (0x28124000)
libexpat.so.6 => /usr/local/lib/libexpat.so.6 (0x281f8000)
libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28218000)
libapr-1.so.3 => /usr/local/lib/libapr-1.so.3 (0x2830d000)
libcrypt.so.4 => /lib/libcrypt.so.4 (0x28331000)
libthr.so.3 => /lib/libthr.so.3 (0x2834a000)
libc.so.7 => /lib/libc.so.7 (0x2835d000)
modules/mod_deflate.so:
libz.so.4 => /lib/libz.so.4 (0x28187000)
libc.so.7 => /lib/libc.so.7 (0x28080000)
modules/mod_ssl.so:
libssl.so.5 => /usr/lib/libssl.so.5 (0x281ac000)
libcrypto.so.5 => /lib/libcrypto.so.5 (0x281ed000)
libcrypt.so.4 => /lib/libcrypt.so.4 (0x28347000)
libthr.so.3 => /lib/libthr.so.3 (0x28360000)
libc.so.7 => /lib/libc.so.7 (0x28080000)
I dont want to use dynamic libz in mod_deflate, and I dont want to use
dynamic libssl in mod_ssl. I therefore edit (from apache top build
directory) build/config_vars.mk and make these changes:
--- build/config_vars.mk.orig
+++ build/config_vars.mk
@@ -50,5 +50,5 @@
MOD_INCLUDE_LDADD =
MOD_FILTER_LDADD =
-MOD_DEFLATE_LDADD = -lz
+MOD_DEFLATE_LDADD = /usr/lib/libz.a
MOD_LOG_CONFIG_LDADD =
MOD_ENV_LDADD =
@@ -60,5 +60,5 @@
MOD_PROXY_AJP_LDADD =
MOD_PROXY_BALANCER_LDADD =
-SSL_LIBS = -lssl -lcrypto -lcrypt -lpthread
+SSL_LIBS = /usr/lib/libssl.a -lcrypto -lcrypt -lpthread
MOD_SSL_LDADD = $(SSL_LIBS) -export-symbols-regex ssl_module
MPM_NAME = prefork
and clean, rebuild and reinstall (make clean all && make install). You
should get warnings about this not being portable - and it isnt. These
binaries probably wont run on differently setup boxes. This then gives
me the modules built like so:
bin/httpd:
libm.so.5 => /lib/libm.so.5 (0x280f3000)
libaprutil-1.so.3 => /usr/local/lib/libaprutil-1.so.3 (0x28108000)
libdb-4.2.so.2 => /usr/local/lib/libdb-4.2.so.2 (0x28124000)
libexpat.so.6 => /usr/local/lib/libexpat.so.6 (0x281f8000)
libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28218000)
libapr-1.so.3 => /usr/local/lib/libapr-1.so.3 (0x2830d000)
libcrypt.so.4 => /lib/libcrypt.so.4 (0x28331000)
libthr.so.3 => /lib/libthr.so.3 (0x2834a000)
libc.so.7 => /lib/libc.so.7 (0x2835d000)
modules/mod_deflate.so:
libc.so.7 => /lib/libc.so.7 (0x28080000)
modules/mod_ssl.so:
libcrypto.so.5 => /lib/libcrypto.so.5 (0x281e2000)
libcrypt.so.4 => /lib/libcrypt.so.4 (0x2833c000)
libthr.so.3 => /lib/libthr.so.3 (0x28355000)
libc.so.7 => /lib/libc.so.7 (0x28080000)
HTH
Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
