Shared mod_ssl problems

Shared mod_ssl problems

am 25.02.2003 14:14:22 von Larry Cotton

--=====================_1746030==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed

Hi

I'm attempting to load mod_ssl into apache as a dynamic module.

I am using apache 2.0.44 (which comes with its own ssl module) and OpenSSL
version 0.9.7a.

I'm using red hat linux ver 7.1. uname -r gives the following output :
Linux localhost.localdomain 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000 i686
unknown.

I have configured and built apache to enable shared objects and include ssl
and have set up the configuration file to use ssl (this might be incorrect,
but I don't believe that would be related to the problem I have here).

When I try to start apache I get an error message :

Syntax error on line 251 of /home/Larry/WebServer/Apache/conf/httpd.conf:
Cannot load /home/Larry/WebServer/Apache/modules/mod_ssl.so into server:
undefined symbol: X509_free

From what I can gather this is because I've built a shared mod_ssl against
against a static OpenSSL.

Ideally I would like to link ssl dynamically and I guess the solution is to
use shared openssl libraries (libcrypto.so and libssl.so). Does anyone know :
a) How (or even if) I can build a shared OpenSSL (or where I can find out)
b) How I link these shared libraries into apache (can I use the standard
LoadModule directive for the OpenSSL libs, or do I need some special SSL
configuration ?) - or where I can find this out.

Cheers
Larry



--=====================_1746030==_.ALT
Content-Type: text/html; charset="us-ascii"


Hi


I'm attempting to load mod_ssl into apache as a dynamic module.


I am using apache 2.0.44 (which comes with its own ssl module) and
OpenSSL version 0.9.7a.


I'm using red hat linux ver 7.1. uname -r gives the following output
:

Linux localhost.localdomain 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000
i686 unknown.


I have configured and built apache to enable shared objects and include
ssl and have set up the configuration file to use ssl (this might be
incorrect, but I don't believe that would be related to the problem I
have here).


When I try to start apache I get an error message :


Syntax error on line 251 of
/home/Larry/WebServer/Apache/conf/httpd.conf:

Cannot load /home/Larry/WebServer/Apache/modules/mod_ssl.so into server:
undefined symbol: X509_free


From what I can gather this is because I've built a shared mod_ssl
against against a static OpenSSL.


Ideally I would like to link ssl dynamically and I guess the solution is
to use shared openssl libraries (libcrypto.so and libssl.so). Does anyone
know :

a) How (or even if) I can build a shared OpenSSL (or where I can find
out)

b) How I link these shared libraries into apache (can I use the standard
LoadModule directive for the OpenSSL libs, or do I need some special SSL
configuration ?) - or where I can find this out.


Cheers

Larry






--=====================_1746030==_.ALT--

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Shared mod_ssl problems

am 25.02.2003 23:46:52 von Jirka Vejrazka

Hi,

I've faced exactly the same problem "undefined symbol: X509_free"
> Ideally I would like to link ssl dynamically and I guess the solution is to use shared openssl libraries (libcrypto.so and libssl.so). Does anyone know :
> a) How (or even if) I can build a shared OpenSSL (or where I can find out)

"config shared" worked fine for me (instead of simple "config") - don't forget "configure -s" for zlib if you compile zlib that will be used by this OpenSSL

> b) How I link these shared libraries into apache (can I use the standard LoadModule directive for the OpenSSL libs, or do I need some special SSL configuration ?) - or where I can find this out.

LoadModule works well - of course you have to have Apache with mod_so module.

Jirka Vejrazka
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Shared mod_ssl problems

am 26.02.2003 14:22:50 von Larry Cotton

Hi thanks for this.

I'm still having a few problems and was wondering if you new anyhting about
the following:

1) Do I have to re-compile zlib ?

At 17:46 25/02/2003 -0500, you wrote:
>Hi,
>
> I've faced exactly the same problem "undefined symbol: X509_free"
> > Ideally I would like to link ssl dynamically and I guess the solution
> is to use shared openssl libraries (libcrypto.so and libssl.so). Does
> anyone know :
> > a) How (or even if) I can build a shared OpenSSL (or where I can find out)
>
> "config shared" worked fine for me (instead of simple "config")
> - don't forget "configure -s" for zlib if you compile zlib that will be
> used by this OpenSSL
>
> > b) How I link these shared libraries into apache (can I use the
> standard LoadModule directive for the OpenSSL libs, or do I need some
> special SSL configuration ?) - or where I can find this out.
>
> LoadModule works well - of course you have to have Apache with mod_so
> module.
>
> Jirka Vejrazka
>--
>__________________________________________________________
>Sign-up for your own FREE Personalized E-mail at Mail.com
>http://www.mail.com/?sr=signup
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Shared mod_ssl problems

am 26.02.2003 15:01:08 von Larry Cotton

Hi

Thanks for these tips Jirka

When I build openssl, having configured it

At 17:46 25/02/2003 -0500, you wrote:
>Hi,
>
> I've faced exactly the same problem "undefined symbol: X509_free"
> > Ideally I would like to link ssl dynamically and I guess the solution
> is to use shared openssl libraries (libcrypto.so and libssl.so). Does
> anyone know :
> > a) How (or even if) I can build a shared OpenSSL (or where I can find out)
>
> "config shared" worked fine for me (instead of simple "config")
> - don't forget "configure -s" for zlib if you compile zlib that will be
> used by this OpenSSL
>
> > b) How I link these shared libraries into apache (can I use the
> standard LoadModule directive for the OpenSSL libs, or do I need some
> special SSL configuration ?) - or where I can find this out.
>
> LoadModule works well - of course you have to have Apache with mod_so
> module.
>
> Jirka Vejrazka
>--
>__________________________________________________________
>Sign-up for your own FREE Personalized E-mail at Mail.com
>http://www.mail.com/?sr=signup
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Shared mod_ssl problems

am 26.02.2003 15:09:52 von Larry Cotton

Hi

Thanks for this Jirka.

When I build the openssl shared libs :
> ./configure
> make
> make install

and try and run openssl
> openssl

I get an error message saying it can't find the shared libraries :
openssl: error while loading shared libraries: libssl.so.0.9.7: cannot open
shared object file: No such file or directory

If I run ldd on the openssl exe I get the following message :
> ldd -v openssl
libssl.so.0.9.7 => not found
libcrypto.so.0.9.7 => not found
libdl.so.2 => /lib/libdl.so.2 (0x4001f000)
libc.so.6 => /lib/libc.so.6 (0x40022000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

Version information:
./openssl:
libc.so.6 (GLIBC_2.1.3) => /lib/libc.so.6
libc.so.6 (GLIBC_2.1) => /lib/libc.so.6
libc.so.6 (GLIBC_2.0) => /lib/libc.so.6
/lib/libdl.so.2:
libc.so.6 (GLIBC_2.1.3) => /lib/libc.so.6
libc.so.6 (GLIBC_2.1) => /lib/libc.so.6
libc.so.6 (GLIBC_2.2) => /lib/libc.so.6
libc.so.6 (GLIBC_2.0) => /lib/libc.so.6
/lib/libc.so.6:
ld-linux.so.2 (GLIBC_2.1.1) => /lib/ld-linux.so.2
ld-linux.so.2 (GLIBC_2.2) => /lib/ld-linux.so.2
ld-linux.so.2 (GLIBC_2.1) => /lib/ld-linux.so.2
ld-linux.so.2 (GLIBC_2.0) => /lib/ld-linux.so.2

[ also attemting to configure apache also comes up with an error saying
that it can't find the shared libraries].

Does anyone know what might be going on here ?

Cheers
Larry

At 17:46 25/02/2003 -0500, you wrote:
>Hi,
>
> I've faced exactly the same problem "undefined symbol: X509_free"
> > Ideally I would like to link ssl dynamically and I guess the solution
> is to use shared openssl libraries (libcrypto.so and libssl.so). Does
> anyone know :
> > a) How (or even if) I can build a shared OpenSSL (or where I can find out)
>
> "config shared" worked fine for me (instead of simple "config")
> - don't forget "configure -s" for zlib if you compile zlib that will be
> used by this OpenSSL
>
> > b) How I link these shared libraries into apache (can I use the
> standard LoadModule directive for the OpenSSL libs, or do I need some
> special SSL configuration ?) - or where I can find this out.
>
> LoadModule works well - of course you have to have Apache with mod_so
> module.
>
> Jirka Vejrazka
>--
>__________________________________________________________
>Sign-up for your own FREE Personalized E-mail at Mail.com
>http://www.mail.com/?sr=signup
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Shared mod_ssl problems

am 26.02.2003 15:17:22 von Jirka Vejrazka

> Do I have to re-compile zlib ?

It depends - check your lib directory (/usr/local/lib at my system). If you can find libz.so.1.1.4, then you're fine. If you have older version, you probably want to upgrade, since older version has a security bug and there is no point in having up-to-date OpenSSL based on vulnerable zlib.

Jirka Vejrazka
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org