Bug 58944 - configure script breaks openssl static library dependencies by removing duplicates from LIBS
Summary: configure script breaks openssl static library dependencies by removing dupli...
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Build (show other bugs)
Version: 2.4.18
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2016-01-30 00:05 UTC by robert_s
Modified: 2016-02-02 15:28 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description robert_s 2016-01-30 00:05:13 UTC
Trying to compile httpd with openssl with zlib for TLS compression support (yes, I'm aware of CRIME and consider it no threat to my application), the httpd configure script always bombs out on the test compiles with openssl.

Closer inspection reveals that the required openssl libs are correctly retrieved in line 25273 of the configure script:

      ap_openssl_libs="`$PKGCONFIG $PKGCONFIG_LIBOPTS --libs-only-l --silence-errors openssl`"


-lssl -ldl -lz -lcrypto -ldl -lz

which would work, but then the script strips duplicates from libs, yielding

-lssl -ld -lz -lcrypto

which will fail to link since the dependencies inside lcrypto cannot be resolved.

The script code in question appears buggy, too:

  if test "x$MOD_LDFLAGS" = "x"; then
    test "x$silent" != "xyes" && echo "  setting MOD_LDFLAGS to \"$ap_openssl_libs\""
    for i in $apr_addto_bugger; do
      for j in $MOD_LDFLAGS; do
        if test "x$i" = "x$j"; then
      if test $apr_addto_duplicate = "0"; then
        test "x$silent" != "xyes" && echo "  adding \"$i\" to MOD_LDFLAGS"

If the variable in question is initially empty, duplicates are _not_ stripped from the new value it is set to.

Is this actually a bug in GNU autoconf...? Or is it just not being used correctly?
Comment 1 Rainer Jung 2016-02-02 10:48:18 UTC
This code comes form APACHE_CHECK_OPENSSL in acinclude.m4, which in turn uses APR_ADDTO to add the flags.

APR_ADDTO is part of APR and defined in apr_common.m4. It adds all tokens given in the second argument to the variable which name is given in the first argument. It does this by processing tokens fromleft to right.

Unfortunately for redundant library dependencies this can lead to a result that doesn't work, because ordering is relevant for library dependencies (-l...).

It looks to me as we would need a version of APR_ADDTO that works from right to left:

- combine original token and full list of new tokens in new token list
- create a new empty token result list
- work through new list from right to left, copy any token to the front of the result list that is not already part of the result list.

Because of APR versioning I guess we can't rely on such a new macro in httpd 2.4 and thus would have to add it to APR for future use but use a private copy in httpd.

The same problem might occur in any place we use APR_ADDTo to handle "-l" flags and where the libraries might have complex dependencies themselves. I don't have another concrete example than openssl in my mind though.
Comment 2 Rainer Jung 2016-02-02 15:28:22 UTC
Since fixing this might break subtle build config, can you please try as a workaround setting and exporting the environment variable

  MOD_SSL_LDADD="-lssl -lcrypto -ldl -lz"

before running configure?