New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NSD fails to build against openssl 1.1 on CentOS 7#188
Comments
Try to set CFLAGS and LIBS by passing them to ./configure. With the settings that you need, eg. CFLAGS=-I/usr/include/openssl11 LIBS=-L/usr/lib/locationofopenssl11. About pkg-config. I do not see how that would fix things, apart from not wanting to depend on it. How would configure run that pkg-config command, since it does not know about openssl11 or anything. But configure it limited in the placing of the openssl include and library directories, perhaps we could have separate flags to set these. One flag for the include and one flag for the lib directory. Having the directories in the same place is what everything else does, really, in /usr/local, /pkg, /sfw and also some macos open source package systems as well /usr/sfw and other places. I think it is your usecase of having multiple openssl versions, all installed in the same install prefix of /usr that is the difference here. |
Hi @wcawijngaards. I tried your suggestions, but it's not working. First, I set:
And ran configure. It failed. Next, I kept those flags, but I also set the flag
I think the issue seems to be on line 9293 of the configure script. It tries:
So it's trying to look for |
No, it won't work. The code has includes in the C code that include openssl/header.h and this is openssl, not openssl11. So this is not going to compile with any setting of CFLAGS or changes to the configure script to detect differently. Also, I think that is seriously broken placement for the other openssl library. There is really no way to use it exept to recode the source to I do not think I should do that, and that the |
If you want to compile with a different openssl and want it to 'just work now', compile openssl yourself, so you can specify the install prefix. And then use a ./config --prefix=/usr/local or --prefix=/opt/local for example, then make, make install. That would put the openssl version in the /usr/local or /opt/local directory. Then for unbound use --with-ssl=/usr/local or --with-ssl=/opt/local and that should work fine and use that openssl version with unbound. |
If I had a single server, with all the build tools, I could compile openssl 1.1 on it, and install it all under a single prefix, such as The next issue is FHS. On most Linux distributions, there is a standard for organising files. So include files all go into If I write some C program using openssl, I will have code like this:
When compiling, I can link it against either openssl 1.0 or 1.1. I just need to tell the compiler which paths to look for the header and library files, for example:
The entire issue I see here is that the |
Thank you for the detailed explanation. In the fix commit the ./configure can have There is a similar fix in Unbound, where --with-ssl=/usr/include/openssl11 should work for this. |
I checked out the latest NSD code from github, and tried to compile it. I got:
|
The sed expression was wrong, this commit fixes it c81891c |
Thanks @wcawijngaards! That fixed it. Now NSD compiles correctly against openssl 1.1, and has TLS 1.3 support too. |
CentOS 7's openssl version is 1.0, but I want to build NSD with openssl 1.1. The EPEL repository for CentOS 7 provides a newer openssl, and the RPM is called openssl11. It can be installed next to the older version without conflict. I can install the development files by installing the RPM called "openssl-devel". This puts the files into:
However, I'm finding it difficult to tell NSD to build and link against this. The
--with-ssl
configure option seems limited. It wants to look for the entire openssl 1.1 installation (headers, libraries) in a specific directory, but this is not how things are laid out in CentOS (or other Linux systems, for that matter). NSD's configure script doesn't seem to usepkg-config
, because if it did, it would be as simple as runningpkg-config --cflags --libs openssl11
to get the correct flags to pass to the compiler and linker. Is there any way I can get NSD to compile against this newer openssl under CentOS 7?The text was updated successfully, but these errors were encountered: