On Sat, Nov 30, 2013 at 9:38 PM, Igor Cicimov <[email protected]> wrote:
> > > > On Sun, Dec 1, 2013 at 2:29 AM, Jeff Trawick <[email protected]> wrote: > >> On Sat, Nov 30, 2013 at 4:20 AM, Igor Cicimov <[email protected]> wrote: >> >>> Hi all, >>> >>> Im trying to build apache2.2.26 on CentOS5.10 final x86_64, linked to >>> openssl1.0.1e which is also compiled and installed from source under >>> /usr/loca/lib64: >>> >>> $ ls -l /usr/local/lib64/ >>> total 7060 >>> drwxr-xr-x 2 root root 4096 Nov 30 18:50 engines >>> -rw-r--r-- 1 root root 3858348 Nov 30 18:50 libcrypto.a >>> lrwxrwxrwx 1 root root 18 Nov 30 18:50 libcrypto.so -> >>> libcrypto.so.1.0.0 >>> -r-xr-xr-x 1 root root 2145661 Nov 30 18:50 libcrypto.so.1.0.0 >>> -rw-r--r-- 1 root root 729426 Nov 30 18:50 libssl.a >>> lrwxrwxrwx 1 root root 15 Nov 30 18:50 libssl.so -> libssl.so.1.0.0 >>> -r-xr-xr-x 1 root root 463549 Nov 30 18:50 libssl.so.1.0.0 >>> drwxr-xr-x 2 root root 4096 Nov 30 01:21 pkgconfig >>> >>> I've used the following process to compile openssl1.0.1e: >>> >>> $ ./Configure --prefix=/usr/local --openssldir=/usr/local/openssl >>> enable-tlsext linux-x86_64 threads zlib enable-idea enable-rc5 enable-mdc2 >>> enable-ec shared >>> $ make depend >>> $ make >>> $ sudo make install >>> >>> $ openssl version >>> OpenSSL 1.0.1e 11 Feb 2013 >>> >>> $ openssl s_client -connect smtp.gmail.com:25 -starttls smtp | grep >>> Protocol >>> depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA >>> verify error:num=20:unable to get local issuer certificate >>> verify return:0 >>> 250 CHUNKING >>> Protocol : TLSv1.2 >>> >>> $ openssl s_client -connect gmail.com:443 | grep Protocol >>> depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA >>> verify error:num=20:unable to get local issuer certificate >>> verify return:0 >>> Protocol : TLSv1.2 >>> >>> So as expected the client gets to use the TLSv1.2 protocol. I guess that >>> means (maybe) openssl is good to go ... >>> >>> The relevant part of my apache configure command: >>> >>> $ ./configure LDFLAGS="-L/usr/local/lib64" --enable-ssl=shared >>> --with-ssl=/usr/local/lib64 ..... >>> >>> with double attempt to point apache to the openssl libraries, but make >>> is failing with following error: >>> >>> /home/igor.cicimov/httpd-2.2.26/srclib/apr/libtool --silent --mode=link >>> gcc -g -O2 -pthread -L/usr/lib64 -L/usr/local/lib64/lib >>> -L/usr/kerberos/lib64 -L/usr/local/lib64 -o ab ab.lo -lm >>> /home/igor.cicimov/httpd-2.2.26/srclib/pcre/libpcre.la/home/igor.cicimov/httpd-2.2.26/srclib/apr-util/ >>> libaprutil-1.la/home/igor.cicimov/httpd-2.2.26/srclib/apr-util/xml/expat/ >>> libexpat.la /home/igor.cicimov/httpd-2.2.26/srclib/apr/libapr-1.la-luuid >>> -lrt -lcrypt -lpthread -ldl -lssl -lcrypto -ldl -lz >>> .libs/ab.o: In function `main': >>> /home/igor.cicimov/httpd-2.2.26/support/ab.c:2241: undefined reference >>> to `TLSv1_2_client_method' >>> /home/igor.cicimov/httpd-2.2.26/support/ab.c:2239: undefined reference >>> to `TLSv1_1_client_method' >>> collect2: ld returned 1 exit status >>> make[2]: *** [ab] Error 1 >>> make[2]: Leaving directory `/home/igor.cicimov/httpd-2.2.26/support' >>> make[1]: *** [all-recursive] Error 1 >>> make[1]: Leaving directory `/home/igor.cicimov/httpd-2.2.26/support' >>> make: *** [all-recursive] Error 1 >>> >>> This is not my first time I compile apache and openssl and have never >>> seen this error about apache tools. What am I missing here? Any thoughts? >>> >> >> I guess it is because of the order of the system library and your local >> library dir in the linker search path: >> >> libtool --mode=link ... -L/usr/lib64 -L/usr/local/lib64/lib ... >> >> > Yeah but that kinda beats the purpose of "--with-ssl" switch when > compiling apache. This should tell apache to look for the openssl libraries > in that directory and nowhere else otherwise how are we going to be able to > build apache against specific openssl version on systems that have multiple > versions of it installed? > understood... open a bug... > > Something is definitely wrong here, either apache does not behave as > expected during compile time or I'm totally mistaken about the use of the > "--with-ssl" option. > > Cheers, > Igor > > -- Born in Roswell... married an alien... http://emptyhammock.com/
