I believe that the following error also occured with earlier versions of openssh and I just worked around it. Trying to build openssh 4.4p1 with openssl 0.9.8, I get the following link failure. Undefined first referenced symbol in file DSA_generate_parameters ./libssh.a(key.o) RSA_generate_key ./libssh.a(key.o) ld: fatal: Symbol referencing errors. No output written to ssh *** Error code 1 If I revert to openssl 0.9.7, there is no problem. Checking the libcrypto.so library with nm, I find that 0.9.8 has DSA_generate_parameters_ex and RSA_generate_key_ex defined whereas 0.9.7 has DSA_generate_parameters and RSA_generate_key defined.
If I follow a hint in the openssl changes file and add -DOPENSSL_NO_DEPRECATED to the c flags, I get an error much earlier. cc -O -DOPENSSL_NO_DEPRECATED -I. -I. -I/opt/local/include -I/opt/local /include -DSSHDIR=\"/opt/local/etc\" -D_PATH_SSH_PROGRAM=\"/opt/local /bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/opt/local/libexec/ssh-askpass \" -D_PATH_SFTP_SERVER=\"/opt/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/opt/local/libexec/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/em pty\" -DSSH_RAND_HELPER=\"/opt/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c kexdhc.c "kexdhc.c", line 68: improper member use: pub_key "kexdhc.c", line 113: warning: implicit function declaration: DH_size "kexdhc.c", line 115: warning: implicit function declaration: DH_compute_key "kexdhc.c", line 132: improper member use: pub_key "kexdhc.c", line 139: warning: implicit function declaration: DH_free cc: acomp failed for kexdhc.c *** Error code 2 make: Fatal error: Command failed for target `kexdhc.o'
Where did you put the openssl install, and what configure options did you use? I suspect that OpenSSL has converted DSA_generate_parameters and RSA_generate_key from functions to a compatibility #defines, and that you have an old version of the headers in your include path somewhere.
Openssl 0.9.8d was built as follows: ./Configure shared --prefix=/opt/local enable-rc5 enable-mdc2 zlib-dynamic -DOPENSSL_NO_DEPRECATED -I/opt/local/include -R/opt/local/lib solaris-sparcv7-cc Ah! I expect that you need it to be built without the '-DOPENSSL_NO_DEPRECATED'. I will try that and see if that helps. There are compatibility versons of those functions in crypto/dsa/dsa_depr.c and crypto/rsa/rsa_depr.c in the openssl source.
Rebuilding Openssl 0.9.8d without '-DOPENSSL_NO_DEPRECATED' fixed the undefined symbol problem. Note that the Openssl 0.9.7 build was also done with '-DOPENSSL_NO_DEPRECATED'. Perhaps DSA_generate_parameters and RSA_generate_key were not deprecated in that version. Your call as to whether this is a bug or not. The Openssl people do suggest building with '-DOPENSSL_NO_DEPRECATED' defined.
(In reply to comment #4) > Your call as to whether this is a bug or not. The Openssl people do > suggest building with '-DOPENSSL_NO_DEPRECATED' defined. From what I can see the problem with that is that the replacement functions don't exist in OpenSSL 0.9.7x or earlier, which OpenSSH supports, so it would have to carry compatibility code for OpenSSL instead. I'd prefer not to have to do that.
Created attachment 1914 [details] /home/djm/ssh-openssl-no-deprecated.diff remove use of "deprecated" functions
This patch has been committed. It will be in OpenSSH 5.7.
Move resolved bugs to CLOSED after 5.7 release