checking for OpenSSL library ... not found

Jeffrey Walton noloader at gmail.com
Tue Dec 17 11:45:03 UTC 2013


Any comments on this patch before it gets offered to Trac?

The patch allows a developer to specify OpenSSL include and library
directories through NGX_CONF_OPENSSL_INC and NGX_CONF_OPENSSL_LIB. The
developer must export them for the new functionality.

If NGX_CONF_OPENSSL_INC and NGX_CONF_OPENSSL_LIB are present, they get
tested and added to the configuration upon success. If not present or
config failure, then config falls back to the original test.

NGX_CONF_OPENSSL_LIB is especially important because nginx assumes
dynamic linking is OK via '-lssl' and '-lcrypto'. A developer is free
to use them, or he/she can specify the exact library code they want
(e.g., /usr/local/ssl/lib/libssla.).

Tested OK on Fedora 19 and Ubuntu 13.04.

On Mon, Dec 16, 2013 at 7:12 PM, Jeffrey Walton <noloader at gmail.com> wrote:
> <snip>
> checking for OpenSSL library ... not found
>
> ./auto/configure: error: SSL modules require the OpenSSL library.
> You can either do not enable the modules, or install the OpenSSL library
> into the system, or build the OpenSSL library statically from the source
> with nginx by using --with-openssl=<path> option.
> </snip>
>
> *****
>
> I believe OpenSSL is present (I just built it from sources):
>
> $ ls /usr/local/ssl/
> bin  certs  include  lib  man  misc  openssl.cnf  private
>
> $ ls /usr/local/ssl/lib/
> engines  libcrypto.a  libssl.a  pkgconfig
>
> *****
>
> Here was my configure. $THIS_USER and $THIS_GROUP was set properly to
> my login and group.
>
> ./auto/configure --with-debug --with-http_ssl_module
> --prefix="$THIS_DIR/ac" --http-proxy-temp-path="$THIS_DIR/ac/temp"
> --user="$THIS_USER" --group="$THIS_GROUP"
> --with-cc-opt="-I/usr/local/ssl/include"
> --with-ld-opt="/usr/local/ssl/lib/libcrypto.a
> /usr/local/ssl/lib/libssl.a /usr/local/ssl/lib/libcrypto.a
>
> *****
>
> I believe --with-cc-opt and --with-ld-opt is the preferred (required?)
> way to do things for local/custom OpenSSL
> (http://mailman.nginx.org/pipermail/nginx/2010-April/019644.html).
>
> Does anything look out of place?
>
> Jeff
-------------- next part --------------
diff -r 7e9543faf5f0 auto/lib/openssl/conf
--- a/auto/lib/openssl/conf	Tue Nov 19 15:25:24 2013 +0400
+++ b/auto/lib/openssl/conf	Tue Dec 17 06:36:21 2013 -0500
@@ -42,19 +42,56 @@
 
         OPENSSL=NO
 
-        ngx_feature="OpenSSL library"
-        ngx_feature_name="NGX_OPENSSL"
-        ngx_feature_run=no
-        ngx_feature_incs="#include <openssl/ssl.h>"
-        ngx_feature_path=
-        ngx_feature_libs="-lssl -lcrypto"
-        ngx_feature_test="SSL_library_init()"
-        . auto/feature
+        # First, test if a dev has specified an OpenSSL from non-standard location.
+        # The include should be exported by the developer in NGX_CONF_OPENSSL_INC;
+        # and the libraries should be exported by the developer in
+        # NGX_CONF_OPENSSL_LIB. NOTE: nginx does not set NGX_CONF_OPENSSL_INC or
+        # NGX_CONF_OPENSSL_LIB; its consumes them if they are set.
+        #
+        # NOTE: on Red Hat and Fedora, be sure the NGX_CONF_OPENSSL_LIB includes
+        # '-ldl' for dlopen and friends during configuration testing.
+        if [ ! -z "$NGX_CONF_OPENSSL_INC" ] || [ ! -z "$NGX_CONF_OPENSSL_LIB" ]; then
 
-        if [ $ngx_found = yes ]; then
-            have=NGX_SSL . auto/have
-            CORE_LIBS="$CORE_LIBS $ngx_feature_libs $NGX_LIBDL"
-            OPENSSL=YES
+            ngx_feature="OpenSSL library"
+            ngx_feature_name="NGX_OPENSSL"
+            ngx_feature_run=no
+            ngx_feature_incs="#include <openssl/ssl.h>"
+            ngx_feature_path="$NGX_CONF_OPENSSL_INC"
+            ngx_feature_libs="$NGX_CONF_OPENSSL_LIB"
+            ngx_feature_test="SSL_library_init()"
+            . auto/feature
+
+            if [ $ngx_found = yes ]; then
+                have=NGX_SSL . auto/have
+                CORE_INCS="$CORE_INCS $ngx_feature_path"
+                CORE_LIBS="$CORE_LIBS $ngx_feature_libs $NGX_LIBDL"
+                OPENSSL=YES
+            fi
+        fi
+
+        # Second, perform the original test. The original test is somewhat limited
+        # because it makes certain assumptions. The assumtions include particular
+        # locations for components and a dev is OK with linking to shared objects.
+        # Assuming shared object linking is bad on platforms like Ubuntu 12.04 and
+        # Ubuntu 12.10 because Ubuntu disabled TLSv1.1 and TLSv1.2 and refuses to
+        # enable it due to [years old] concern over interoperability. (Ubuntu 12.04
+        # is LTS and it will be available until 2017).
+        if [ $OPENSSL != YES ]; then
+
+            ngx_feature="OpenSSL library"
+            ngx_feature_name="NGX_OPENSSL"
+            ngx_feature_run=no
+            ngx_feature_incs="#include <openssl/ssl.h>"
+            ngx_feature_path=
+            ngx_feature_libs="-lssl -lcrypto"
+            ngx_feature_test="SSL_library_init()"
+            . auto/feature
+
+            if [ $ngx_found = yes ]; then
+                have=NGX_SSL . auto/have
+                CORE_LIBS="$CORE_LIBS $ngx_feature_libs $NGX_LIBDL"
+                OPENSSL=YES
+            fi
         fi
     fi
 
@@ -70,5 +107,5 @@
 END
         exit 1
     fi
+fi
 
-fi


More information about the nginx mailing list