Re: building shared libraries with OpenSSL

Re: building shared libraries with OpenSSL

am 10.01.2003 00:40:18 von Cliff Woolley

On Thu, 9 Jan 2003, Tai Do wrote:

> I'm trying to get Apache2 working on Solaris 8. I have the following error
> and saw that your answer on the mailing list work. I was wondering if you
> can help me out with it because I'm not too sure what to do.
>
> Syntax error on line 234 of /usr/local/apache2/conf/httpd.conf:
>
> Cannot load /usr/local/apache2/modules/mod_ssl.so into server: ld.so.1:
> /usr/local/apache2/bin/httpd: fatal: relocation error: file
> /usr/local/apache2/modules/mod_ssl.so: symbol X509_INFO_free: referenced
> symbol not found.
>
> Here is the answer you posted:
>
>> Yes, it's a fairly frequently asked question. The problem is that
>> you've built a shared mod_ssl against a static OpenSSL (ie, libssl.a
>> and libcrypto.a instead of .so). That won't work because the way the
>> build system currently works, OpenSSL is linked into httpd, not
>> mod_ssl. httpd doesn't need the symbols from the OpenSSL libraries, so
>> the static linker throws them away, meaning they're no longer available
>> when mod_ssl is dynamically linked at runtime.
>>
>> Solution: use a shared OpenSSL.
>
> I was wondering how I use a shared OpenSSL. I was wondering if you can
> point me to where I can find steps to do this or show me how.


I'm CC:'ing this to the modssl-users list, since I'm sure somebody else
out there probably has the same question.

It's kind of annoying, because the shared library support in OpenSSL is
"experimental", which in practice just means that the Makefile is
non-intuitive. I just ran through it again to make sure I got all the
steps right... here's what you do.

I'm going to assume that you have the static version of OpenSSL installed
in /usr/local/lib in this example... just fix the path to match where
OpenSSL gets installed on your machine.

So let's say you've installed OpenSSL previously, but it's the static
version, so you have /usr/local/lib/libssl.a and
/usr/local/lib/libcrypto.a . Remove those.

Go back to the OpenSSL source directory and do the following:

../config
make
make build-shared
mv libssl.so* /usr/local/lib
mv libcrypto.so* /usr/local/lib
ldconfig

(note: do NOT run make install, or it will remove all your shared
libraries and install the static ones, and you'll have to start over
again. :-)

That ought to do it. I recommend doing a search on your filesystem for
other, older copies of libssl* and libcrypto* that might be hanging
around, as sometimes copies get put in strange places and you want to be
sure to only have one: the most recent.

Hope that helps...

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org