Cannot make on Centos 5 with SSL

Hello,

I have successfully built and tested nginx on Ubuntu at home and want to
now test it on my real server running Centos 5. I can build without ssl
option fine and it all works.

Now I want to build with ssl. I have provided the correct options afaik
and it configures ok but during the build it gives the errors below
(actually a huge list of linker errors but I cut just the first bit):

– snip snip –
objs/src/http/modules/ngx_http_browser_module.o
objs/src/http/modules/ngx_http_upstream_ip_hash_module.o
objs/ngx_modules.o
-lcrypt -lpcre /usr/lib/libssl.a /usr/lib/libcrypto.a -ldl -lz
/usr/lib/libssl.a(kssl.o): In function get_rc_clockskew': (.text+0x111): undefined reference tokrb5_rc_default’
/usr/lib/libssl.a(kssl.o): In function get_rc_clockskew': (.text+0x12c): undefined reference tokrb5_rc_initialize’
/usr/lib/libssl.a(kssl.o): In function `get_rc_clockskew’:
– snip snip –

Here is the configure line:
./configure --with-openssl=/usr/lib --with-http_ssl_module
–conf-path=/etc/nginx/nginx.conf --with-md5=auto/lib/md5
–with-sha1=auto/lib/sha1

seems like something wrong between krb5 and openssl. I checked that both
were updated with yum but I don’t know what to look at next.

Any suggestions gratefully requested.

Thanks,
Chris :slight_smile:

On Fri, Aug 15, 2008 at 07:58:01PM +0700, Chris S. wrote:

objs/src/http/modules/ngx_http_upstream_ip_hash_module.o
./configure --with-openssl=/usr/lib --with-http_ssl_module
–conf-path=/etc/nginx/nginx.conf --with-md5=auto/lib/md5
–with-sha1=auto/lib/sha1

seems like something wrong between krb5 and openssl. I checked that both
were updated with yum but I don’t know what to look at next.

–with-openssl=, --with-md5=, and --with-sha1= must point to directory
with
library sources. Remove them: nginx’s configure will find all by itself.

Thank you very much for that. It did the trick and I was able to build
easily then.

My next problem seems to be that SSL doesn’t want to work. Here is my
conf that I’m testing with - I have another server on port 443 so I’m
testing on 1443 here. But I cannot connect - just says connecting and
then never seems to get it. Nginx is werving fine on non-ssl though. No
messages in error log but at first it said cannot bind as I mistakenly
tried using port 443. Then I changed that.

If you see anything obvious here please let me know as I plug away on
it.
Chris :slight_smile:

server {
listen 74.223.185.26:1443;
server_name mydomain.com www.mydomain.com n1.mydomain.com;
root /var/www/mydomain/adminX;

    ssl                  on;
    ssl_certificate      /var/local/ssl/certs/wild.mydomain.crt;
    ssl_certificate_key  /var/local/ssl/private/wild.mydomain.key;

    ssl_session_timeout  5m;

    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers

ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;

    location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; include

fastcgi_params; }
}

On Sat, Aug 16, 2008 at 02:18:36AM +0700, Chris S. wrote:

If you see anything obvious here please let me know as I plug away on it.

   ssl_session_timeout  5m;

   ssl_protocols  SSLv2 SSLv3 TLSv1;
   ssl_ciphers  

ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;

   location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; include 

fastcgi_params; }
}

Try “telnet 74.223.185.26 1443”, if it says only

Trying 74.223.185.26…

and does not say then

Connected to […]

then you have some network problems: firewalls or so.

Igor S. wrote:

messages in error log but at first it said cannot bind as I mistakenly
ssl on;
location ~ .php$ { fastcgi_pass 127.0.0.1:9000; include
Connected to […]

then you have some network problems: firewalls or so.

Yes. Thank You. Sorry to bother you. I’m used to testing at home where
I’m inside the firewall that I didn’t even think about that. It’s my
firewall at the data center. Simply escaped me.
Chris :slight_smile: