Apache 2.4.4 failing to compile

I get the following error, trying to update Apache 2.4.3 to 2.4.4:


I'm not running 1.42.0 RC1 yet (because I have an internal license), but on another server of mine with CB 2.0 and DA 1.41 it compiled just fine.
Does anyone have any clues? Thanks in advance!

Looks like it might need a different openssl version, but that is just a guess. As you see it is failing trying to resolve "TLSv1_x_client_method' which I assume is either in libssl.so or libcrypto.so (further guess says libcrypto.so). Typically those shared libraries expose certain symbols (functions) than can be called by another program or shared library. When you link the program/library the system needs to find all the symbols or it fails, in this case those were the two it couldn't find searching through all the libraries passed (via the -l flag). See if there is a difference between the openssl/crypt libraries on the two boxes.

The newest stable DirectAdmin version is 1.421 (1.42.0 RC1 is old), so you should upgrade to 1.421. Did you remember to do ./build update before ./build apache ?

toml said:

Looks like it might need a different openssl version, but that is just a guess. As you see it is failing trying to resolve "TLSv1_x_client_method' which I assume is either in libssl.so or libcrypto.so (further guess says libcrypto.so). Typically those shared libraries expose certain symbols (functions) than can be called by another program or shared library. When you link the program/library the system needs to find all the symbols or it fails, in this case those were the two it couldn't find searching through all the libraries passed (via the -l flag). See if there is a difference between the openssl/crypt libraries on the two boxes.

Click to expand...

This could be the issue, do you have an idea how to quickly revert those libraries to the right ones? I'm on CentOS 6.3. Thank you very much for your help!

ditto said:

The newest stable DirectAdmin version is 1.421 (1.42.0 RC1 is old), so you should upgrade to 1.421. Did you remember to do ./build update before ./build apache ?

Click to expand...

Yes, I did ./build update first. I viewed it wrong, I'm already at DA v1.421. Thanks and apologies!

Hmm I did a 'yum reinstall openssh' to be sure. However, on CentOS 6.3 the latest version available is openssl-1.0.0-25.el6_3.1.x86_64. I don't think that openssl 1.0.0 supports TLSv1.1 and TLSv1.2 yet, am I correct? Which might explain the errors.
On my other machine, running CentOS 5.8, the installed openssl version is OpenSSL 1.0.1c.

Should I compile and install the latest openssl stable from source on the first machine? Or is there any way to do it via yum?
Thanks in advance for your efforts.

OK, I did a little more digging, and it is an openssl version issue. It appears that those particular TLS functions were added to openssl in a 1.0.1 version, at least according to the log I see athttp://cvs.openssl.org/filediff?f=openssl/ssl/s23_clnt.c&v1=1.43.2.4&v2=1.43.2.4.2.1
The log for that change says:
Perhaps you are still on a 0.9.8 version of openssl on this box, and the latest Apache will only work with 1.0.1+, or perhaps it found a later version of ssl in /usr/local but was attempting to link with the /usr/lib (older) version of openssl. It is hard to tell based on what was posted.

toml said:

OK, I did a little more digging, and it is an openssl version issue. It appears that those particular TLS functions were added to openssl in a 1.0.1 version, at least according to the log I see athttp://cvs.openssl.org/filediff?f=openssl/ssl/s23_clnt.c&v1=1.43.2.4&v2=1.43.2.4.2.1
The log for that change says:

Code:

2010-Jun-27 16:22 	   1.43...2.1    	Check-in [19723] on branch OpenSSL_1_0_1-stable: Backport TLS v1.1 support from HEAD, ssl/ changes By steve. (diff)

Perhaps you are still on a 0.9.8 version of openssl on this box, and the latest Apache will only work with 1.0.1+, or perhaps it found a later version of ssl in /usr/local but was attempting to link with the /usr/lib (older) version of openssl. It is hard to tell based on what was posted.

Click to expand...

I have OpenSSL 1.0.0-fips installed, which yum reports to be the latest.
However, I fixed it, by installing openssl and changing the apache configure parameter to point to the new library;


Everything works! This way I didn't have to manually update the system openssl (/usr/bin/openssl).
I hope this helps someone Thanks everyone, for pointing me in the right direction!

httpd 2.2.24 build failure with openssl fips 1.0.1c

Hi,
I am trying to compile httpd 2.2.24 against openssl fips 1.0.1c(I built openssl 1.0.1c with fips, and it looks fine after installing) . Build fails with following errors.
Any pointers on this issue? httpd 2.4.4 doesnt even reach till here. Just saw Destralak mentioning about fips enabled openssl

Commands: 1) ./configure --prefix=/software/apache2/ --with-ssl=/software/openssl/openssl-1.0.1c --enable-ssl --enable-so

2) make

/software/apache2/httpd-2.2.24/lib/apr/libtool --silent --mode=link gcc -g -O2 -pthread -L/software/openssl/openssl-1.0.1c/lib -L/usr/kerberos/lib -L/usr/kerberos/lib64 -o httpd modules.lo buildmark.o -export-dynamic server/libmain.la modules/aaa/libmod_authn_file.la modules/aaa/libmod_authn_default.la modules/aaa/libmod_authz_host.la modules/aaa/libmod_authz_groupfile.la modules/aaa/libmod_authz_user.la modules/aaa/libmod_authz_default.la modules/aaa/libmod_auth_basic.la modules/filters/libmod_include.la modules/filters/libmod_filter.la modules/loggers/libmod_log_config.la modules/metadata/libmod_env.la modules/metadata/libmod_setenvif.la modules/metadata/libmod_version.la modules/ssl/libmod_ssl.la modules/http/libmod_http.la modules/http/libmod_mime.la modules/generators/libmod_status.la modules/generators/libmod_autoindex.la modules/generators/libmod_asis.la modules/generators/libmod_cgi.la modules/mappers/libmod_negotiation.la modules/mappers/libmod_dir.la modules/mappers/libmod_actions.la modules/mappers/libmod_userdir.la modules/mappers/libmod_alias.la modules/mappers/libmod_so.la server/mpm/prefork/libprefork.la os/unix/libos.la -lm /software/apache2/httpd-2.2.24/lib/pcre/libpcre.la /software/apache2/httpd-2.2.24/lib/apr-util/libaprutil-1.la -lexpat /software/apache2/httpd-2.2.24/lib/apr/libapr-1.la -luuid -lrt -lcrypt -lpthread -ldl
modules/ssl/.libs/libmod_ssl.a(ssl_engine_init.o)(.text+0x32): In function `ssl_tmp_key_init_rsa':
/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_init.c:84: undefined reference to `FIPS_mode'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_init.o)(.text+0x162): In function `ssl_tmp_key_init_dh':
/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_init.c:114: undefined reference to `FIPS_mode'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_init.o)(.text+0xdc5): In function `ssl_init_ctx':
/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_init.c:588: undefined reference to `SSL_CTX_sess_set_new_cb'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_init.o)(.text+0xdd2):/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_init.c:589: undefined reference to `SSL_CTX_sess_set_get_cb'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_init.o)(.text+0xddf):/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_init.c:590: undefined reference to `SSL_CTX_sess_set_remove_cb'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_init.o)(.text+0xe0b):/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_init.c:603: undefined reference to `SSL_CTX_set_info_callback'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_init.o)(.text+0x1131):/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_init.c:484: undefined reference to `TLSv1_1_client_method'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_init.o)(.text+0x1161):/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_init.c:489: undefined reference to `TLSv1_2_client_method'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_init.o)(.text+0x1181):/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_init.c:484: undefined reference to `TLSv1_1_server_method'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_init.o)(.text+0x13fd):/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_init.c:489: undefined reference to `TLSv1_2_server_method'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_init.o)(.text+0x1717): In function `ssl_init_ConfigureServer':
/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_init.c:1025: undefined reference to `SSL_CTX_set_client_cert_cb'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_init.o)(.text+0x1e50): In function `ssl_init_Module':
/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_init.c:266: undefined reference to `FIPS_mode'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_init.o)(.text+0x205c):/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_init.c:267: undefined reference to `FIPS_mode_set'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_io.o)(.text+0x184): In function `bio_filter_out_write':
/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_io.c:208: undefined reference to `BIO_clear_flags'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_io.o)(.text+0x408): In function `bio_filter_in_read':
/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_io.c:503: undefined reference to `BIO_clear_flags'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_io.o)(.text+0x5be):/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_io.c:542: undefined reference to `BIO_set_flags'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_io.o)(.text+0x673):/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_io.c:522: undefined reference to `BIO_set_flags'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_io.o)(.text+0x2291): In function `ssl_io_filter_init':
/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_io.c:1795: undefined reference to `BIO_set_callback'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_io.o)(.text+0x2334): In function `ssl_io_data_cb':
/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_io.c:1898: undefined reference to `BIO_get_callback_arg'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_io.o)(.text+0x22ac): In function `ssl_io_filter_init':
/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_io.c:1796: undefined reference to `BIO_set_callback_arg'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_kernel.o)(.text+0x64): In function `ssl_hook_ReadReq':
/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_kernel.c:99: undefined reference to `SSL_get_servername'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_kernel.o)(.text+0xf4b): In function `ssl_hook_Access':
/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_kernel.c:701: undefined reference to `X509_STORE_CTX_set_depth'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_kernel.o)(.text+0x1541): In function `ssl_hook_Fixup':
/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_kernel.c:1119: undefined reference to `SSL_get_servername'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_kernel.o)(.text+0x2aac): In function `ssl_callback_ServerNameIndication':
/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_kernel.c:1984: undefined reference to `SSL_get_servername'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_kernel.o)(.text+0x2c62): In function `ssl_find_vhost':
/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_kernel.c:2068: undefined reference to `SSL_set_SSL_CTX'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_kernel.o)(.text+0x2d4e):/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_kernel.c:2102: undefined reference to `BIO_set_callback'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_kernel.o)(.text+0x2d61):/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_kernel.c:2103: undefined reference to `BIO_set_callback_arg'
modules/ssl/.libs/libmod_ssl.a(ssl_engine_vars.o)(.text+0x17cd): In function `ssl_var_lookup':
/software/apache2/httpd-2.2.24/modules/ssl/ssl_engine_vars.c:325: undefined reference to `SSL_get_servername'
collect2: ld returned 1 exit status

My Apache install also fails at:

/usr/local/directadmin/custombuild/httpd-2.4.4/support/ab.c:2271: undefined reference to `TLSv1_1_client_method'
/usr/local/directadmin/custombuild/httpd-2.4.4/support/ab.c:2273: undefined reference to `TLSv1_2_client_method'
collect2: ld returned 1 exit status
make[2]: *** [ab] Error 1
make[2]: Leaving directory `/usr/local/directadmin/custombuild/httpd-2.4.4/support'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/local/directadmin/custombuild/httpd-2.4.4/support'
make: *** [all-recursive] Error 1

*** The make has failed, would you like to try to make again? (y,n):

Apache 2.4.4 with OpenSSL 1.0.1e 11 Feb 2013

/usr/lib/libssl.so points to /usr/lib64/libssl.so

Please try downgrading the version of OpenSSL, that should help in this case.

smtalk said:

Please try downgrading the version of OpenSSL, that should help in this case.

Click to expand...

Ouch! It's not a good idea to downgrade OpenSSL NEVER NEVR!
I was having problems on apache2 compilation, using the git repository I was able to compile everything. be sure to switch the the correct tag.
I followed this apache2 steps to compile from source.

hausprot said:

Ouch! It's not a good idea to downgrade OpenSSL NEVER NEVR!
I was having problems on apache2 compilation, using the git repository I was able to compile everything. be sure to switch the the correct tag.
I followed this apache2 steps to compile from source.

Click to expand...

Why it is not? The customer compiled openssl from the source and upgraded it on the system globally, and that's what shouldn't have been done.