|Summary:||Apache does not honor the openssl library path given by --with-ssl during compile|
|Product:||Apache httpd-2||Reporter:||Igor Cicimov <icicimov>|
|Component:||Build||Assignee:||Apache HTTPD Bugs Mailing List <bugs>|
Description Igor Cicimov 2013-12-02 01:43:05 UTC
Hi all, I've been trying to compile apache2.2.26 on two separate CentOS boxes, one with CentOS-5.6 and one with CentOS-5.10 final. The compile process failed on both of them with the following error message at the point of compiling the apache tools: /home/igorc/httpd-2.2.26/srclib/apr/libtool --silent --mode=link gcc -g -O2 -pthread -L/usr/lib64 -L/opt/openssl/lib -o ab ab.lo -lm /home/igorc/httpd-2.2.26/srclib/pcre/libpcre.la /home/igorc/httpd-2.2.26/srclib/apr-util/libaprutil-1.la -lexpat /home/igorc/httpd-2.2.26/srclib/apr/libapr-1.la -luuid -lrt -lcrypt -lpthread -ldl -lssl -lcrypto .libs/ab.o: In function `main': /home/igorc/httpd-2.2.26/support/ab.c:2241: undefined reference to `TLSv1_2_client_method' /home/igorc/httpd-2.2.26/support/ab.c:2239: undefined reference to `TLSv1_1_client_method' collect2: ld returned 1 exit status make: *** [ab] Error 1 make: Leaving directory `/home/igorc/httpd-2.2.26/support' make: *** [all-recursive] Error 1 make: Leaving directory `/home/igorc/httpd-2.2.26/support' make: *** [all-recursive] Error 1 The exact config command I used is as follows: ./configure LDFLAGS="-L/opt/openssl/lib" --prefix=/usr/local/apache2-2.2.26 --with-mpm=worker --with-included-apr --enable-info --enable-proxy --enable-proxy-connect --enable-proxy-ftp --enable-proxy-http --enable-proxy-balancer --enable-rewrite --enable-headers --enable-cache --enable-mem-cache --enable-disk-cache --enable-expires --enable-dav --enable-deflate --enable-ssl --with-ssl=/opt/openssl --with-ldap=ldap --with-ldap-lib=/usr/lib64 --with-ldap-include=/usr/include --enable-ldap --enable-authnz-ldap --enable-mods-shared="all ldap authnz_ldap proxy proxy-http proxy-ftp proxy-balancer deflate info rewrite headers expires authn_alias cache mem_cache disk_cache file_cache charset_lite dav dav_lock ssl" pointing apache compiler to the appropriate custom install of openss-1.0.1e libraries under /opt/openssl. The config used for openssl compile was: ./Configure --prefix=/opt/openssl enable-tlsext linux-x86_64 threads zlib enable-idea enable-rc5 enable-mdc2 enable-ec enable-ecdh enable-ecdsa shared $ ls -lR /opt/openssl/lib/ /opt/openssl/lib/: total 7060 drwxr-xr-x 2 root root 4096 Dec 2 12:00 engines -rw-r--r-- 1 root root 3858364 Dec 2 12:00 libcrypto.a lrwxrwxrwx 1 root root 18 Dec 2 12:00 libcrypto.so -> libcrypto.so.1.0.0 -r-xr-xr-x 1 root root 2145661 Dec 2 12:00 libcrypto.so.1.0.0 -rw-r--r-- 1 root root 729410 Dec 2 12:00 libssl.a lrwxrwxrwx 1 root root 15 Dec 2 12:00 libssl.so -> libssl.so.1.0.0 -r-xr-xr-x 1 root root 463549 Dec 2 12:00 libssl.so.1.0.0 drwxr-xr-x 2 root root 4096 Dec 2 12:00 pkgconfig /opt/openssl/lib/engines: total 352 -r-xr-xr-x 1 root root 23714 Dec 2 12:00 lib4758cca.so -r-xr-xr-x 1 root root 25611 Dec 2 12:00 libaep.so -r-xr-xr-x 1 root root 18601 Dec 2 12:00 libatalla.so -r-xr-xr-x 1 root root 5866 Dec 2 12:00 libcapi.so -r-xr-xr-x 1 root root 32035 Dec 2 12:00 libchil.so -r-xr-xr-x 1 root root 26300 Dec 2 12:00 libcswift.so -r-xr-xr-x 1 root root 5865 Dec 2 12:00 libgmp.so -r-xr-xr-x 1 root root 115028 Dec 2 12:00 libgost.so -r-xr-xr-x 1 root root 16168 Dec 2 12:00 libnuron.so -r-xr-xr-x 1 root root 5869 Dec 2 12:00 libpadlock.so -r-xr-xr-x 1 root root 31966 Dec 2 12:00 libsureware.so -r-xr-xr-x 1 root root 26114 Dec 2 12:00 libubsec.so /opt/openssl/lib/pkgconfig: total 12 -rw-r--r-- 1 root root 266 Dec 2 12:00 libcrypto.pc -rw-r--r-- 1 root root 281 Dec 2 12:00 libssl.pc -rw-r--r-- 1 root root 291 Dec 2 12:00 openssl.pc $ /opt/openssl/bin/openssl version OpenSSL 1.0.1e 11 Feb 2013 Additionally to this I have set my $PATH and $LD_LIBRARY_PATH to point to this location as well in the shell terminal I ran the compile from: $ export PATH=/opt/openssl/bin:$PATH $ export LD_LIBRARY_PATH=/opt/openssl/lib:$LD_LIBRARY_PATH and on top of that I've put /opt/openssl/lib in /etc/ld.so.conf file and ran ldconfig. My guess the problem is that during the compile time the order of the libraries as given just before the error "-L/usr/lib64 -L/opt/openssl/lib" makes the compiler to pick up the wrong version of openssl. My understanding is that apache should look for ssl libraries only in the path given by "--with-ssl" switch but that is not the case here. # lsb_release -a LSB Version: :core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-ia32:printing-4.0-noarch Distributor ID: CentOS Description: CentOS release 5.6 (Final) Release: 5.6 Codename: Final # gcc -v Using built-in specs. Target: x86_64-redhat-linux Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-libgcj-multifile --enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk --disable-dssi --disable-plugin --with-java-home=/usr/lib/jvm/java-1.4.2-gcj-184.108.40.206/jre --with-cpu=generic --host=x86_64-redhat-linux Thread model: posix gcc version 4.1.2 20080704 (Red Hat 4.1.2-50) Please let me know if any more info needed. Thanks, Igor
Comment 1 Igor Cicimov 2013-12-02 02:04:37 UTC
$ libtool --version ltmain.sh (GNU libtool) 1.5.22 (1.1220.2.365 2005/12/18 22:14:06) Copyright (C) 2005 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Comment 2 Igor Cicimov 2013-12-02 04:27:29 UTC
Ok, the problem was obviously with apache apr/libtoll which probably comes with some hard coded library paths in libtool. The solution, omit the "--with-included-apr" from your configure options to by-pass the apache apr and use the system provided one. After that apache builds and installs fine. Additionally, you need to include the openssl library path into $LD_LIBRARY_PATH of the user that is starting apache so for me I put: export LD_LIBRARY_PATH=/opt/openssl/lib:$LD_LIBRARY_PATH in the /root/.bashrc for the root user. Just as confirmation, here it is up and running: [Mon Dec 02 15:08:27 2013] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Mon Dec 02 15:08:27 2013] [notice] Digest: generating secret for digest authentication ... [Mon Dec 02 15:08:27 2013] [notice] Digest: done [Mon Dec 02 15:08:28 2013] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Mon Dec 02 15:08:28 2013] [warn] pid file /usr/local/apache2-2.2.26/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run? [Mon Dec 02 15:08:28 2013] [notice] Apache/2.2.26 (Unix) DAV/2 mod_ssl/2.2.26 OpenSSL/1.0.1e configured -- resuming normal operations
Comment 3 William A. Rowe Jr. 2018-11-07 21:09:27 UTC
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd. As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd. If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question. If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with. Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.