Error building cURL

[sevenymedia]

Yesterday I started the upgrade process for cURL to 7.61.0, it failed somewhere half way, haven’t saved the error though

I tried several things, reinstalled openssl/nghttp2 using the pinned guide. Tried openssl version 1.0.1, 1.0.2 and finally 1.1.0, all without luck.

Now I pinned cURL to 7.60.0 and tried building but also getting an error on that one now. Anyone able to tell me what might be the issue?

vtls/openssl.c: In function ‘ossl_connect_step1’:
vtls/openssl.c:2423: error: implicit declaration of function ‘SSL_CTX_set_srp_username’
vtls/openssl.c:2427: error: implicit declaration of function ‘SSL_CTX_set_srp_password’
make[2]: *** [vtls/libcurl_la-openssl.lo] Error 1
make[2]: Leaving directory `/usr/local/directadmin/custombuild/curl-7.60.0/lib'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/usr/local/directadmin/custombuild/curl-7.60.0/lib'
make: *** [all-recursive] Error 1

The error occurs on a CentOS 6.10 box, with openssl 1.0.1e in system and 1.1.0h in local (used to build nghttp2 and cURL)

 

[wattie]

Sounds like the same as:

https://help.poralix.com/articles/error-building-curl-7.54.0-on-directadmin-with-openssl-1.0.2

 

[sevenymedia]

Found that one, but that will replace the system OpenSSL with the one installed using the given script, I'm not sure if that won't give any other complications on the server?

I just did some tests again and found this in the output of ./build curl

configure: Added /usr/local/lib_http2/lib to CURL_LIBRARY_PATH
checking for OpenSSL headers version... 1.1.0 - 0x1010008fL
checking for OpenSSL library version... 1.1.0

I guess that would mean that compilation is taking the correct OpenSSL version, but still I'm getting the same error

 

[SeLLeRoNe]

Or it simply means that is an old SSL and it is not compatible

I think I saw the same problem on a CentOS 5 Server, and because there are no longer updates provided by the repository, cURL will not build unless you manually install a newer openSSL from source.

Best regards

 

[wattie]

Found that one, but that will replace the system OpenSSL with the one installed using the given script, I'm not sure if that won't give any other complications on the server?

Indeed it will. If you are updating OpenSSL, you'll need to recompile all programs that depend on it.

I would recommend you to go with OpenSSL 1.0.2o and not with the 1.1.* branch. It's much safer and more compatible at the moment.

 

[sevenymedia]

@wattie, thanks you this tip, I'll stick with 1.0.2 then

I just tried building cURL 7.61.1, but getting the same error.

When I scroll through the build-process I'm also seeing this:

checking for OpenSSL headers version... 1.0.2 - 0x1000210fL
checking for OpenSSL library version... 1.1.0
checking for OpenSSL headers and library versions matching... no

So headers are correct, but somehow libraries are still 1.1.0, but I'm not sure where/how to fix this.

EDIT 1
Nevermind after renaming /usr/local/lib_http2 and rebuilding 1.0.2 the headers and library match, though still getting the initial error

vtls/openssl.c: In function ‘ossl_connect_step1’:
vtls/openssl.c:2476: error: implicit declaration of function ‘SSL_CTX_set_srp_username’
vtls/openssl.c:2480: error: implicit declaration of function ‘SSL_CTX_set_srp_password’

EDIT 2
After lots of trying over and over again, I decided to disable the custom configure for curl (renamed to /usr/local/directadmin/custombuild/custom/curl/configure.curl.disabled). Now I can build cURL just fine and here's some output

/usr/local/bin/curl --version
curl 7.61.1 (x86_64-pc-linux-gnu) libcurl/7.61.1 OpenSSL/1.0.1e zlib/1.2.3 nghttp2/1.33.0
Release-Date: 2018-09-05
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz HTTP2 UnixSockets HTTPS-proxy

/usr/local/bin/curl --http2 -I https://nghttp2.org/
HTTP/2 200
date: Fri, 07 Sep 2018 11:08:55 GMT
content-type: text/html
last-modified: Sun, 02 Sep 2018 06:50:48 GMT
etag: "5b8b8848-19d8"
accept-ranges: bytes
content-length: 6616
x-backend-header-rtt: 0.000872
strict-transport-security: max-age=31536000
server: nghttpx
via: 2 nghttpx
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff

Does this mean the custom configure isn't required anymore and cURL now just works as it should?

 

[wattie]

OpenSSL/1.0.1e ?!?

 

[sevenymedia]

OpenSSL/1.0.1e ?!?

Weird right..

 

[ben29]

do reinstall of your openssl

yum reinstall openssl openssl-devel

 

[zEitEr]

Does this mean the custom configure isn't required anymore and cURL now just works as it should?

OpenSSL 1.0.2 or newer is required to get HTTP/2 support enabled in cURL.

To check what OpenSSL version is cURL build against run this:

/usr/local/bin/curl --version

in my case on CentOS 6 the cURL is built against a custom version of OpenSSL:

curl 7.61.1 (x86_64-pc-linux-gnu) libcurl/7.61.1 OpenSSL/1.0.2k zlib/1.2.11 nghttp2/1.33.0Release-Date: 2018-09-05
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy

as the default version on CentOS 6 is still 1.01:

# openssl version
OpenSSL 1.0.1u  22 Sep 2016

When you install OpenSSL into a custom location cURL installation might break. So I've got this:

#!/bin/sh
perl -pi -e 's|CURL_CHECK_PKGCONFIG\(zlib\)|#CURL_CHECK_PKGCONFIG(zlib)|g' configure.ac
LIBS="-ldl" ./configure  --with-nghttp2=/usr/local --with-ssl=/usr/local/ssl

in /usr/local/directadmin/custombuild/custom/curl/configure.curl and custom version of OpenSSL can be found under /usr/local/ssl on my server.