Building nginx 1.8.0, linking to local-install of Openssl, 'nginx -V' still reports "built with" *system* openssl. why?
Ruslan Ermilov
ru at nginx.com
Fri Apr 24 06:02:47 UTC 2015
On Thu, Apr 23, 2015 at 04:15:40PM -0700, grantksupport at operamail.com wrote:
> I'm building nginx 1.8.0 on linux/64.
>
> I have openssl 1.0.2a built locally, and installed into /usr/local/ssl
>
> which openssl
> /usr/local/ssl/bin/openssl
>
> I've configured nginx build with
>
> ./configure \
> ...
> --with-cc-opt='... -I/usr/local/ssl/include -I/usr/local/include' \
> --with-ld-opt='-L/usr/local/ssl/lib64 -Wl,-rpath,/usr/local/ssl/lib64 -lssl -lcrypto -ldl -lz' \
> --with-http_ssl_module \
> ...
Pass absolutely the same CFLAGS as you specified in --with-cc-opt,
including those hidden by "...", to the following command:
$ cpp -include openssl/opensslv.h -dM /dev/null | grep OPENSSL_VERSION_TEXT
If it shows 1.0.1k, then probably something in the search path (verify
with the same command plus -v) picks up the wrong include file.
> checking after build/install, the intended ssl libs ARE correctly linked
>
> ldd objs/nginx | egrep -i "ssl|crypto"
> libssl.so.1.0.0 => /usr/local/ssl/lib64/libssl.so.1.0.0 (0x00007f9cedd2b000)
> libcrypto.so.1.0.0 => /usr/local/ssl/lib64/libcrypto.so.1.0.0 (0x00007f9ced8e8000)
>
> But 'nginx -V' references BOTH the system-installed OpenSSL 1.0.1k-fips, and 'my' OpenSSL 1.0.2a
>
> nginx -V
> nginx version: nginx/1.8.0
> built with OpenSSL 1.0.1k-fips 8 Jan 2015 (running with OpenSSL 1.0.2a 19 Mar 2015)
> TLS SNI support enabled
> configure arguments: ...
>
> I want to ensure that the system-installed OpenSSL 1.0.1k-fips is completely UNinvolved.
>
> What needs to change in the build/config to make sure that it's not?
>
> grant
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
--
Ruslan Ermilov
More information about the nginx-devel
mailing list