SSL Compile

ronrudman · Post by **ronrudman** » Sun Apr 11, 2004 10:21 pm

I'm trying to get SSL working but get the following error when I try to start the server:

unrealircd.conf:269: listen with SSL flag enabled on a non SSL compile

I am using this configure, which worked fine before I added the SSL line:

./configure \
--prefix=/usr/$TYPE \
--enable-hub \
--with-listen=5 \
--with-dpath=/etc/$TYPE/unreal/$TAG \
--with-spath=/usr/$TYPE/sbin/unreal/unreal-$TAG \
--with-nick-history=2000 \
--with-sendq=3000000 \
--with-bufferpool=18 \
--with-hostname=hhdev \
--with-permissions=0600 \
--with-fd-setsize=1024 \
--enable-SSL \
--enable-dynamic-linking

I have also tried:
--enable-SSL=/usr/bin (this is where the OpenSSL command is)
and
--enable-SSL=/usr/share/lib (where the OpenSSL library is)

all with the same result.

Any suggestions???

ronrudman · Post by **ronrudman** » Mon Apr 12, 2004 2:28 am

I don't know if this is relevant to my question, but I followed the investigation I found in one of the FAQs and got the following.

# locate libssl.so
/usr/lib/libssl.so
/lib/libssl.so.2
/lib/libssl.so.0.9.6b

# locate opensslv.h
/usr/include/openssl/opensslv.h

# grep OPENSSL_VERSION /usr/include/openssl/opensslv.h
#define OPENSSL_VERSION_NUMBER 0x0090602fL
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6b [engine] 9 Jul 2001"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

# strings /usr/lib/libcrypto.so|grep 0.9.
OpenSSL 0.9.6b [engine] 9 Jul 2001
MD2 part of OpenSSL 0.9.6b [engine] 9 Jul 2001
MD4 part of OpenSSL 0.9.6b [engine] 9 Jul 2001
MD5 part of OpenSSL 0.9.6b [engine] 9 Jul 2001
SHA part of OpenSSL 0.9.6b [engine] 9 Jul 2001
SHA1 part of OpenSSL 0.9.6b [engine] 9 Jul 2001
RIPE-MD160 part of OpenSSL 0.9.6b [engine] 9 Jul 2001
libdes part of OpenSSL 0.9.6b [engine] 9 Jul 2001
DES part of OpenSSL 0.9.6b [engine] 9 Jul 2001
RC2 part of OpenSSL 0.9.6b [engine] 9 Jul 2001
RC4 part of OpenSSL 0.9.6b [engine] 9 Jul 2001
Blowfish part of OpenSSL 0.9.6b [engine] 9 Jul 2001
CAST part of OpenSSL 0.9.6b [engine] 9 Jul 2001
Big Number part of OpenSSL 0.9.6b [engine] 9 Jul 2001
RSA part of OpenSSL 0.9.6b [engine] 9 Jul 2001
DSA part of OpenSSL 0.9.6b [engine] 9 Jul 2001
Diffie-Hellman part of OpenSSL 0.9.6b [engine] 9 Jul 2001
Stack part of OpenSSL 0.9.6b [engine] 9 Jul 2001
lhash part of OpenSSL 0.9.6b [engine] 9 Jul 2001
RAND part of OpenSSL 0.9.6b [engine] 9 Jul 2001
EVP part of OpenSSL 0.9.6b [engine] 9 Jul 2001
ASN.1 part of OpenSSL 0.9.6b [engine] 9 Jul 2001
PEM part of OpenSSL 0.9.6b [engine] 9 Jul 2001
X.509 part of OpenSSL 0.9.6b [engine] 9 Jul 2001
CONF part of OpenSSL 0.9.6b [engine] 9 Jul 2001
CONF_def part of OpenSSL 0.9.6b [engine] 9 Jul 2001
TXT_DB part of OpenSSL 0.9.6b [engine] 9 Jul 2001

codemastr · Post by **codemastr** » Mon Apr 12, 2004 3:17 am

You're not supposed to be running ./configure to begin with. You are supposed to use ./Config.

Hindifarai · Post by **Hindifarai** » Mon Apr 12, 2004 9:59 am

I've got the same problem as ronrudman.

Code: Select all

listen with SSL flag enabled on a non SSL compile

I compiled an other time but there were no effect.
Note that on the end of ./configure I have done the certificate so ths ssl argument is taken.

I don't understant were is the problem.

Sorry for my poor english :s

AngryWolf · Post by **AngryWolf** » Mon Apr 12, 2004 11:10 am

Everytime you make a change in the compile-time settings by running ./Config, you also have to run make, otherwise the changes won't take effect. As you can see, the problem is that you ran ./Config to enable SSL support, however you didn't recompile the ircd. That's why your ircd doesn't work as you want.

jewles · Post by **jewles** » Mon Apr 12, 2004 11:19 am

To Hindifarai: I would advise you to read the documentation.

To ronrudman:I would advise you to read the documentation.

As codemastr said:

You're not supposed to be running ./configure to begin with. You are supposed to use ./Config.

Hindifarai · Post by **Hindifarai** » Mon Apr 12, 2004 1:15 pm

I used ./Config and then make.
And after post here I read documentation and I analyze each bloc of config.
I've verified openssl on my server.

If you have an idea about my problem or a piece of idea i would be glad to you. If you don't I will continue other tests.

I think that my english isn't correct , thanks if you read it fully.

codemastr · Post by **codemastr** » Mon Apr 12, 2004 2:16 pm

open config.log and paste all lines that mention ssl (case insensitive)

Hindifarai · Post by **Hindifarai** » Mon Apr 12, 2004 2:29 pm

Code: Select all

configure:2153: checking for openssl
configure:2171: found /usr/bin/openssl
configure:2183: result: /usr/bin/openssl

Code: Select all

configure:9509: checking for openssl
configure:9533: result: not found
configure:9535: WARNING: disabling ssl support

ronrudman · Post by **ronrudman** » Mon Apr 12, 2004 11:56 pm

jewles wrote: To ronrudman:I would advise you to read the documentation.

Actually, I DID read the documentation and I DID use ./Config. But then, I pasted the generated ./configure into a script so I could automate this without answering prompts, since I have to do this in multiple environments and want to be consistent. Mea Culpa - I didn't look at what else ./Config does: export OPENSSLPATH, make pem, etc.

OK, so I started completely from scratch and used ./Config (and make). It prompted me for values for a self-signed cert and generated the pem files, so this is good progress. But still, when I start the server I get the same error!

codemastr · Post by **codemastr** » Tue Apr 13, 2004 4:07 am

Hindifarai, you're problem is it can not find where the SSL libraries are installed. You'll have to tell it when it prompts you to enter the directory.

ronrudman: Use ./Config -q (quiet mode) when you don't feel like answering the questions again. Anyway, you haven't given the config.log output. That's what we need, not an explanation of why you did what you did.

ronrudman · Post by **ronrudman** » Tue Apr 13, 2004 11:29 am

Here is the config.log output...

*moderator:
Please actually read what I told you to do. I never said include the whole file. I asked you to do exactly what Hindifarai did.

ronrudman · Post by **ronrudman** » Wed Apr 14, 2004 4:14 am

Let's try this again:

# grep -i ssl config.log
$ ./configure --enable-hub --enable-ssl --with-listen=5 --with-dpath=/etc/hhtest/unreal/tli --with-spath=/usr/hhtest/sbin/unreal/unreal-tli --with-nick-history=2000 --with-sendq=3000000 --with-bufferpool=18 --with-hostname=hhprod --with-permissions=0600 --with-fd-setsize=1024 --enable-dynamic-linking
configure:2153: checking for openssl
configure:2171: found /usr/bin/openssl
configure:2183: result: /usr/bin/openssl
configure:9509: checking for openssl
configure:9514: result: found in /usr/include/openssl
ac_cv_path_OPENSSLPATH=/usr/bin/openssl
#define USE_SSL 1

Also, I don't know if this is relevant, but it fails to find descrypt (because I don't have it). Is it required?

jewles · Post by **jewles** » Thu Apr 15, 2004 6:51 pm

To ronrudman: Okay, first of what is your current operating system and version. "uname -a" What version is your openssl. "openssl version"

ronrudman · Post by **ronrudman** » Fri Apr 16, 2004 2:04 am

jewles wrote:To ronrudman: Okay, first of what is your current operating system and version. "uname -a" What version is your openssl. "openssl version"

Code: Select all

[root@hhprod ~] # uname -a
Linux hhprod 2.4.18-3smp #1 SMP Thu Apr 18 07:27:31 EDT 2002 i686 unknown
[root@hhprod ~] # openssl version
OpenSSL 0.9.6b [engine] 9 Jul 2001

UnrealIRCd Forums

SSL Compile

SSL Compile

OpenSSL detective work