Checking for OpenSSL library not found

checking for OpenSSL library ... not found

./auto/configure: error: SSL modules require the OpenSSL library.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using --with-openssl= option.


I believe OpenSSL is present (I just built it from sources):

$ ls /usr/local/ssl/
bin certs include lib man misc openssl.cnf private

$ ls /usr/local/ssl/lib/
engines libcrypto.a libssl.a pkgconfig


Here was my configure. $THIS_USER and $THIS_GROUP was set properly to
my login and group.

./auto/configure --with-debug --with-http_ssl_module
–prefix="$THIS_DIR/ac" --http-proxy-temp-path="$THIS_DIR/ac/temp"
–user="$THIS_USER" --group="$THIS_GROUP"
–with-cc-opt="-I/usr/local/ssl/include"
–with-ld-opt="/usr/local/ssl/lib/libcrypto.a
/usr/local/ssl/lib/libssl.a /usr/local/ssl/lib/libcrypto.a


I believe --with-cc-opt and --with-ld-opt is the preferred (required?)
way to do things for local/custom OpenSSL
(http://mailman.nginx.org/pipermail/nginx/2010-April/019644.html).

Does anything look out of place?

Jeff

On Mon, Dec 16, 2013 at 4:12 PM, Jeffrey W. [email protected]
wrote:

checking for OpenSSL library ... not found ... with nginx by using --with-openssl= option.

–with-openssl=/some/path/to/ssl/root

works for me. try --with-openssl=/usr/local/ssl ?

if you are using centos/fedora you need to install openssl-devel

if you are using centos/fedora you need to install openssl-devel
Thanks Stefanita.

This is kind of weird in auto/lib/openssl/conf (the default case is no
non-MS|non-Borland compilers):

*)
have=NGX_OPENSSL . auto/have
have=NGX_SSL . auto/have

CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"
CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

;;

My directory structure does not look like that since I built OpenSSL
from sources and installed in /usr/local/ssl. The libs are in
/usr/local/ssl/lib, and I don’t believe there’s a way to force that
extra “.openssl” in front of it.

Jeff

On Mon, Dec 16, 2013 at 9:29 PM, Stefanita Rares Dumitrescu

So, looking into this more, it looks like the configure subsytem is
not flexible enough to handle OpenSSL with customizations. The problem
appears to be in auto/lib/conf, with some hard coded values around
line 49:

    ngx_feature_path=
    ngx_feature_libs="-lssl -lcrypto"
    ngx_feature_test="SSL_library_init()"

In my case, the path is not standard (i.e, /usr/include); and I do not
desire just any libssl or libcrypto (i.e., I want a particular version
of the static libraries from a certain location).

I think the best way to proceed is to patch conf and then fix whatever
problems may surface later. I know OpenSSL’s FIPS is likely going to
be a problem when I have to use fipsld and incore for backpatching
signatures, but that’s par for the course.

Does this sound reasonable? Or should I try to figure out a way to
make “ngx_feature_path” and “ngx_feature_libs” more helpful?

Jeff

Hello!

On Mon, Dec 16, 2013 at 07:12:56PM -0500, Jeffrey W. wrote:

Here was my configure. $THIS_USER and $THIS_GROUP was set properly to

I believe --with-cc-opt and --with-ld-opt is the preferred (required?)
way to do things for local/custom OpenSSL
(http://mailman.nginx.org/pipermail/nginx/2010-April/019644.html).

Does anything look out of place?

You are trying to explicitly specify library files to be loaded on
all ld invocations. This is wrong. Instead, you should specify a
path to load libraries from, much like you did with include
directories.

Something like this should work for you:

./configure --with-cc-opt="-I/usr/local/ssl/include"
–with-ld-opt="-L/usr/local/ssl/lib"


Maxim D.
http://nginx.org/

Any comments on this patch before it gets offered to Trac?

The patch allows a developer to specify OpenSSL include and library
directories through NGX_CONF_OPENSSL_INC and NGX_CONF_OPENSSL_LIB. The
developer must export them for the new functionality.

If NGX_CONF_OPENSSL_INC and NGX_CONF_OPENSSL_LIB are present, they get
tested and added to the configuration upon success. If not present or
config failure, then config falls back to the original test.

NGX_CONF_OPENSSL_LIB is especially important because nginx assumes
dynamic linking is OK via ‘-lssl’ and ‘-lcrypto’. A developer is free
to use them, or he/she can specify the exact library code they want
(e.g., /usr/local/ssl/lib/libssla.).

Tested OK on Fedora 19 and Ubuntu 13.04.

Hello!

On Tue, Dec 17, 2013 at 07:17:47AM -0500, Jeffrey W. wrote:

into the system, or build the OpenSSL library statically from the source
$ ls /usr/local/ssl/lib/
–with-cc-opt="-I/usr/local/ssl/include"

to fully specify everything.

–with-ld-opt="-L/usr/local/ssl/lib -ldl /usr/local/ssl/lib/libssla.
/usr/local/ssl/lib/libcrypto.a"


Any thoughts on how to proceed?

First of all, try fixing typo in your configure arguments. If it
doesn’t help, try looking into objs/autoconf.err.


Maxim D.
http://nginx.org/

On Tue, Dec 17, 2013 at 8:01 AM, Maxim D. [email protected]
wrote:

        --with-ld-opt="-L/usr/local/ssl/lib"
  • using GNU C compiler

auto/configure: error: the invalid value in
–with-ld-opt="-L/usr/local/ssl/lib -ldl /usr/local/ssl/lib/libssla.
/usr/local/ssl/lib/libcrypto.a"


Any thoughts on how to proceed?

First of all, try fixing typo in your configure arguments. If it
doesn’t help, try looking into objs/autoconf.err.
You’ll have to forgive my ignorance. I would not have made the typo if
I was aware. Would you kindly point it out?

On Tue, Dec 17, 2013 at 7:02 AM, Maxim D. [email protected]
wrote:

with nginx by using --with-openssl= option.
engines libcrypto.a libssl.a pkgconfig
–with-ld-opt="/usr/local/ssl/lib/libcrypto.a
You are trying to explicitly specify library files to be loaded on
all ld invocations. This is wrong. Instead, you should specify a
path to load libraries from, much like you did with include
directories.

Something like this should work for you:

./configure --with-cc-opt="-I/usr/local/ssl/include"
–with-ld-opt="-L/usr/local/ssl/lib"
Thanks Maxim. This did not work, and its the reason I moved to envars
to fully specify everything.


$ auto/configure --with-cc-opt="-I/usr/local/ssl/include"
–with-ld-opt="-L/usr/local/ssl/lib -ldl"
checking for OS

  • Linux 3.11.10-200.fc19.x86_64 x86_64
    checking for C compiler … found
  • using GNU C compiler

Configuration summary

  • using system PCRE library
  • OpenSSL library is not used
  • md5: using system crypto library
  • sha1: using system crypto library
  • using system zlib library

$ auto/configure --with-cc-opt="-I/usr/local/ssl/include"
–with-ld-opt="-L/usr/local/ssl/lib -ldl /usr/local/ssl/lib/libssla.
/usr/local/ssl/lib/libcrypto.a"
checking for OS

  • Linux 3.11.10-200.fc19.x86_64 x86_64

checking for --with-ld-opt="-L/usr/local/ssl/lib -ldl
/usr/local/ssl/lib/libssla. /usr/local/ssl/lib/libcrypto.a" … not
found
auto/configure: error: the invalid value in
–with-ld-opt="-L/usr/local/ssl/lib -ldl /usr/local/ssl/lib/libssla.
/usr/local/ssl/lib/libcrypto.a"


Any thoughts on how to proceed?

Jeff

On Tue, Dec 17, 2013 at 8:07 AM, Maxim D. [email protected]
wrote:

doesn’t help, try looking into objs/autoconf.err.
You’ll have to forgive my ignorance. I would not have made the typo if
I was aware. Would you kindly point it out?

The “libssla.” is certainly wrong.
Perfect, thanks. Looking back, I think the original problem was the
lack of ‘-ldl’ on Fedora. That caused autotest.c to fail. But output
error output was silently swallowed, so I went down the wrong road.

Thanks again.

Jeff

Hello!

On Tue, Dec 17, 2013 at 08:05:49AM -0500, Jeffrey W. wrote:

./configure --with-cc-opt="-I/usr/local/ssl/include"
checking for C compiler … found


found
You’ll have to forgive my ignorance. I would not have made the typo if
I was aware. Would you kindly point it out?

The “libssla.” is certainly wrong.


Maxim D.
http://nginx.org/

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs