How to call Static OpenSSL libraries?

Weekly dev snapshots are available for testing.
We talk about them here. Testing features in the dev snapshot helps the features make it to stable.
Forum rules
Please report your experience with testing branch. Include what you were using and how
If there is a problem, the more info the better!
PLBarton
OpenVpn Newbie
Posts: 7
Joined: Fri Jun 01, 2012 4:05 pm

How to call Static OpenSSL libraries?

Postby PLBarton » Wed Aug 13, 2014 1:41 pm

I have compiled OpenSSL libraries statically and now have libssl.a and libcrypto.a. When I run ./configure it never finds ssl_ctx_new. I have tried many variations on the ./configure, here is my latest one:

./configure --disable-shared OPENSSL_SSL_LIBS="-L/usr/local/ssl/lib/ -lssl" OPENSSL_CRYPTO_LIBS="-L/usr/local/ssl/lib/ -lcrypto" OPESSL_SSL_CFLAGS="-I/usr/local/ssl/include/" OPENSSL_CRYPTO_CFLAGS="-I/usr/local/ssl/include/"

Any help with setting the static library would be appreciated.

Thanks

--
Peter Barton

User avatar
Nucleardragon
OpenVpn Newbie
Posts: 8
Joined: Mon Sep 02, 2013 12:05 pm
Contact:

Re: How to call Static OpenSSL libraries?

Postby Nucleardragon » Thu Feb 11, 2016 3:49 pm

I have same problem for OpenVPN 2.3.10, please see my environment below.

OpenSSL config:

Code: Select all

./config --prefix=/opt/lib/openssl-1.0.1r threads zlib shared

Settings for OpenVPN ./configure for openssl-1.0.1r and lzo-2.09:

Code: Select all

export PKG_CONFIG_LIBDIR="/opt/lib/openssl-1.0.1r/lib/pkgconfig/"
export CPPFLAGS="-I/opt/lib/openssl-1.0.1r/include/"
export LDFLAGS="-L/opt/lib/openssl-1.0.1r/lib/"
export OPENSSL_SSL_LIBS="-L/opt/lib/openssl-1.0.1r/lib/ -lssl"
export OPENSSL_SSL_CFLAGS="-I/opt/lib/openssl-1.0.1r/include/openssl/"
export OPENSSL_CRYPTO_LIBS="-L/opt/lib/openssl-1.0.1r/lib/ -lcrypto"
export OPENSSL_CRYPTO_CFLAGS="-I/opt/lib/openssl-1.0.1r/include/openssl/"
export LZO_LIBS="-L/opt/lib/lzo-2.09/lib/ -llzo2"
export LZO_CFLAGS="-I/opt/lib/lzo-2.09/include/lzo/"
./configure \
--prefix=/opt/openvpn-2.3.10 \
--enable-static \
--enable-iproute2

OpenVPN configure log:

Code: Select all

...
checking for OPENSSL_CRYPTO... yes
checking for OPENSSL_SSL... yes
checking lzo/lzoutil.h usability... yes
checking lzo/lzoutil.h presence... yes
...

It looks good, doesn't it? But in fact, it is too early to celebrate win...

Code: Select all

make
...
ude/openssl -I/opt/lib/lzo-2.09/include/lzo   -g -O2 -MT ssl_verify_openssl.o -MD -MP -MF .deps/ssl_verify_openssl.Tpo -c -o ssl_verify_openssl.o ssl_verify_openssl.c
...

Again looks no bad, make && make install completed without errors.
But now the fun, see library versions:
OpenSSL 1.0.1f 6 Jan 2014, LZO 2.09, but our OpenSSL library must be OpenSSL 1.0.1r.
My Lib LZO 2.09 successfully used, but what is happened with my OpenSSL 1.0.1r?
Can anybody help? SOS!

Code: Select all

/opt/openvpn-2.3.10/sbin/openvpn --version
OpenVPN 2.3.10 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Feb 11 2016
library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.09
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=no enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no


Return to “Testing branch”

Who is online

Users browsing this forum: No registered users and 2 guests