Bug 54252

Summary: acinclude.m4 requires -lz when linking with ssl static libraries
Product: Apache httpd-2 Reporter: Alan Hourihane <alanh>
Component: mod_sslAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED FIXED    
Severity: normal Keywords: FixedInTrunk
Priority: P2    
Version: 2.4-HEAD   
Target Milestone: ---   
Hardware: All   
OS: All   

Description Alan Hourihane 2012-12-05 17:42:55 UTC
openssl is  linked with -lz, so acinclude.m4 needs this modification for static libraries.

Maybe this should be using pkg-config instead ?

--- acinclude.m4.old	2012-12-05 11:48:06.000000000 +0000
+++ acinclude.m4	2012-12-05 11:48:13.000000000 +0000
@@ -543,7 +543,7 @@
       [AC_MSG_RESULT(FAILED)])
 
     if test "x$ac_cv_openssl" = "xyes"; then
-      ap_openssl_libs="-lssl -lcrypto `$apr_config --libs`"
+      ap_openssl_libs="-lssl -lcrypto -lz `$apr_config --libs`"
       APR_ADDTO(SSL_LIBS, [$ap_openssl_libs])
       APR_ADDTO(LIBS, [$ap_openssl_libs])
       APACHE_SUBST(SSL_LIBS)
Comment 1 Kaspar Brand 2012-12-26 12:02:42 UTC
(In reply to comment #0)
> openssl is  linked with -lz, so acinclude.m4 needs this modification for
> static libraries.
> 
> Maybe this should be using pkg-config instead ?

AFAICT, using pkg-config wouldn't solve this particular problem, unfortunately... "-lz" would only appear in pkg-config's --libs output if pkg-config was called with" --static" - and that's something we don't want to unconditionally add to pkg-config calls in acinclude.m4/configure.

Calling configure with LDFLAGS=-lz might be a workaround for you, but for a more thorough fix, we would have to add another configure option, I guess (comparable to the --enable-static-* options for the support binaries).
Comment 2 Kaspar Brand 2013-01-02 13:28:43 UTC
(In reply to comment #1)
> "-lz" would only appear in pkg-config's --libs output if
> pkg-config was called with" --static" - and that's something we don't want
> to unconditionally add to pkg-config calls in acinclude.m4/configure.

After a closer look at the OpenSSL sources, I realized that -lz (and other potential linker flags for the static libs) were only moved to Libs.private in the openssl.pc file with OpenSSL 1.0.0h/1.0.1 and later (http://cvs.openssl.org/chngview?cn=22120 and http://cvs.openssl.org/chngview?cn=22121, respectively). With previous releases, pkg-config would output -lz also when "--static" was not specified.

That being said, relying on pkg-config for figuring out the proper ap_openssl_libs should be doable, I think... could you try the changes shown below and let me know if they fix the problem for you? (to be applied against a checkout of http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x, and buildconf must be run afterwards)

With the modifications from r1390518, additional flags from pkg-config's "--static" option will only be added to modules/ssl/modules.mk and ab_LDFLAGS, i.e. we avoid the side effect of everything having unnecessary references to libz.


--- acinclude.m4        (revision 1427763)
+++ acinclude.m4        (working copy)
@@ -517,7 +517,7 @@
         PKG_CONFIG_PATH="${ap_openssl_base}/lib/pkgconfig${PKG_CONFIG_PATH+:}${PKG_CONFIG_PATH}"
         export PKG_CONFIG_PATH
       fi
-      ap_openssl_libs="`$PKGCONFIG --libs-only-l openssl 2>&1`"
+      ap_openssl_libs="`$PKGCONFIG --silence-errors --static --libs-only-l openssl`"
       if test $? -eq 0; then
         ap_openssl_found="yes"
         pkglookup="`$PKGCONFIG --cflags-only-I openssl`"
@@ -557,7 +557,7 @@
       [AC_MSG_RESULT(FAILED)])

     if test "x$ac_cv_openssl" = "xyes"; then
-      ap_openssl_libs="-lssl -lcrypto `$apr_config --libs`"
+      ap_openssl_libs="${ap_openssl_libs:--lssl -lcrypto} `$apr_config --libs`"
       APR_ADDTO(MOD_LDFLAGS, [$ap_openssl_libs])
       APR_ADDTO(LIBS, [$ap_openssl_libs])
       APR_SETVAR(ab_LDFLAGS, [$MOD_LDFLAGS])
Comment 3 Alan Hourihane 2013-01-02 15:50:50 UTC
Yes, that works.
Comment 4 Kaspar Brand 2013-01-03 07:28:58 UTC
Addressed in trunk with r1428184. Proposed for backport to 2.4.x in r1428185.
Comment 5 Kaspar Brand 2013-01-05 08:01:35 UTC
(In reply to comment #1)
> for a more thorough fix, we would have to add another configure option, I guess
> (comparable to the --enable-static-* options for the support binaries).

Feedback on the dev list suggests that people aren't really comfortable with adding --static to pkg-config by default (cf. e.g. http://mail-archives.apache.org/mod_mbox/httpd-dev/201301.mbox/%3C20130103132934.GA23175@redhat.com%3E). A new option has been therefore been added with r1429228:

  --enable-ssl-staticlib-deps
                          link mod_ssl with dependencies of OpenSSL's static
                          libraries (as indicated by "pkg-config --static").
                          Must be specified in addition to --enable-ssl.

Proposed for backport to 2.4.x in r1429229.
Comment 6 Christophe JAILLET 2018-03-27 18:09:39 UTC
r1428184 and r1429228 have been backported in 2.4.x in r1440507.
This is part of 2.4.4