Hi, I'm trying to compile OpenSSH snapshot 20020603 with the dynamic libraries compiled from OpenSSL 0.9.6d. Using the "shared" option I can compile the OpenSSL source files to produce libssl.so and libcrypto.so (and libssl.a and libcrypto.a). When I run the OpenSSH configure script, I get "cannot find OpenSSL libraries" if I specify the dynamically compiled OpenSSL libraries in "--with-ssl-dir=..." When I use the statically compiled SSL libraries, SSH compiles and installs correctly. System notes: Statically compiled OpenSSL files in /opt/openssl-0.9.6d-stat gmake clean;./configure --prefix=/opt/openssh323p1 --with-ssl-dir=/opt/openssl- 0.9.6d-stat --with-zlib=/opt/zlib --with-pam Generates Makefile then compiles and installs. Dynamically compiled OpenSSL files in /opt/openssl-0.9.6d-sh gmake clean;./configure --prefix=/opt/openssh323p1 --with-ssl-dir=/opt/openssl- 0.9.6d-sh --with-zlib=/opt/zlib --with-pam checking for pam_set_item in -lpam... yes checking for pam_getenvlist... yes checking whether pam_strerror takes only one argument... no configure: error: *** Can't find recent OpenSSL libcrypto (see config.log for details) *** Here are the last 8 lines from config.log: #define HAVE_INTTYPES_H 1 #define HAVE_UNISTD_H 1 #define GETPGRP_VOID 1 #define HAVE_LIBDL 1 #define HAVE_LIBPAM 1 #define HAVE_PAM_GETENVLIST 1 #define USE_PAM 1 configure: exit 1 This issue is reproducible with OpenSSL 0.9.6c and OpenSSH 3.2.3p1 This issue is important because system security updates are a lot more difficult if I have to keep track of statically linked binaries, which have to be updated every time a component from a different package is patched. This issue is also a matter of concern as the "--with-zlib=/opt/zlib" option is correctly processed to use the dynamic library /opt/zlib/lib/libz.so. Please let me know if you are able to fix this. Thanks, Adrian
First of all, are you sure you want to do that? The OpenSSL INSTALL file says: "Shared library is currently an experimental feature. The only reason to have them would be to conserve memory on systems where several program are using OpenSSL. Binary backward compatibility can't be guaranteed before OpenSSL version 1.0." If you update your OpenSSL shared library, you're likely to break ssh. This is a pain, particularly if the system is some remote place. If you still want to do this, you'll need to provide more info: What compiler? Which version of Solaris? Do you have OpenSSL libraries or headers installed anywhere else in the link/include paths ("find / -name 'libcrypto.[a|so]' -print -o -name opensslv.h -print")? What's the rest of config.log say? (Add it as an attachment to this bug report). If you're using gcc then there is a bug in 2.95.2 (and possibly others) that caused the -L link paths to be searched last, so if you've got an older libcrypto somewhere (eg /usr/local/lib) it'll pick that up. See: http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=32 6 If that's your problem you can override -L by setting you LIBRARY_PATH environment variable. For what it's worth, what you're doing works on my Sol8/gcc-3.1 box: $ ./configure --with-ssl-dir=/opt/src/openssl-0.9.6d && make ssh [snip] $ ldd ssh [snip] libcrypto.so.0.9.6 => /opt/src/openssl-0.9.6d/libcrypto.so.0.9.6
Created attachment 113 [details] As requested, config.log(.gz), --with-ssl-dir meant to override /usr/local/ssl path
Further information: In response to the email from dtucker@zip.com.au: On my system: $ echo $LIBRARY_PATH /usr/local/lib:/usr/local/glib/lib:/usr/local/gtk/lib:/usr/lib:/usr/ucblib:/opt/gi mp/lib:/usr/local/kde/lib:/usr/local/qt230/lib:/usr/local/kde/lib:/usr/dt/lib:/usr /openwin/lib:/opt/gnome-1.4/lib /usr/local/ssl is a symlink to /opt/openssl096c-eng $ find /usr/local/ssl/lib -follow /usr/local/ssl/lib/libcrypto.a /usr/local/ssl/lib/libssl.a /usr/local/ssl/lib/libcrypto.so.0.9.6 /usr/local/ssl/lib/libssl.so.0.9.6 /usr/local/ssl/lib/libcrypto.so.0 /usr/local/ssl/lib/libcrypto.so /usr/local/ssl/lib/libssl.so.0 /usr/local/ssl/lib/libssl.so Adrian
I think gcc is picking up a libcrypto from somewhere other than where you expect (maybe /usr/lib or /usr/local/lib). configure:8264: gcc -o conftest -O3 -Wall -Wpointer-arith -Wno-uninitialized -I/usr/local/ssl/include -I/opt/zlib/include -O3 -I/usr/local/include -L/usr/local/ssl/lib -R/usr/local/ssl/lib -L/opt/zlib/lib -R/opt/zlib/lib -L/usr/local/lib -R/usr/local/lib conftest.c -lpam -ldl -lz -lsocket -lnsl -lcrypto >&5 /var/tmp/ccikDouh.o: In function `main': /var/tmp/ccikDouh.o(.text+0x4): undefined reference to `RAND_add' collect2: ld returned 1 exit status Check for other libcrypto's: $ find / -name 'libcrypto.*' -print If any show up try: $ LIBRARY_PATH=/usr/local/ssl/lib:$LIBRARY_PATH $ export LIBRARY_PATH $ cd openssh-3.2.3p1 $ make distclean && ./configure
5 months no reply == closed bug.
Mass change of RESOLVED bugs to CLOSED