openssh unix dev - Nov 2015 - OpenSSH-7.1p1 fails configure check with LibreSSL-2.2.4

Howdy,

I'm attempting to compile openssh-7.1p1 using libressl-2.2.4 for the
ssl implementation. Unfortunately, this fails to work (tested on
Debian Unstable and Gentoo):

cd libressl-2.2.4
./configure --prefix=/opt/libressl-2.2.4 && make -j8 && sudo
make install
cd ../openssh-7.1p1
./configure --with-ssl-dir=/opt/libressl-2.2.4

fails with:
checking OpenSSL header version... not found
configure: error: OpenSSL version header not found.

config.log shows:
configure:20986: checking OpenSSL header version
configure:21033: ccache gcc -o conftest -g -O2 -Wall -Wpointer-arith
-Wuninitialized -Wsign-compare -Wformat-security
-Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result
-fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset
-fstack-protector-strong -fPIE -I/opt/libressl-2.2.4//include
-L/opt/libressl-2.2.4//lib  -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack
-fstack-protector-strong -pie conftest.c -lcrypto -ldl -lutil -lz
-lnsl  >&5
conftest.c: In function 'main':
conftest.c:225:4: warning: implicit declaration of function 'exit'
[-Wimplicit-function-declaration]
    exit(1);
    ^
conftest.c:225:4: warning: incompatible implicit declaration of
built-in function 'exit'
conftest.c:225:4: note: include '<stdlib.h>' or provide a
declaration of 'exit'
conftest.c:227:25: warning: format '%x' expects argument of type
'unsigned int', but argument 3 has type 'long int' [-Wformat=]
   if ((rc = fprintf(fd ,"%08x (%s)\n", OPENSSL_VERSION_NUMBER,
OPENSSL_VERSION_TEXT)) <0)
                         ^
conftest.c:228:4: warning: incompatible implicit declaration of
built-in function 'exit'
    exit(1);
    ^
conftest.c:228:4: note: include '<stdlib.h>' or provide a
declaration of 'exit'
conftest.c:230:3: warning: incompatible implicit declaration of
built-in function 'exit'
   exit(0);
   ^
conftest.c:230:3: note: include '<stdlib.h>' or provide a
declaration of 'exit'
configure:21036: $? = 0
configure:21042: ./conftest
./conftest: error while loading shared libraries: libcrypto.so.35:
cannot open shared object file: No such file or directory

doing:
export LD_LIBRARY_PATH=/opt/libressl-2.2.4

Works around this issue, and allows OpenSSH to compile (though some
tests fail that don't with openssl-1.0.2d.

Please keep me in CC, as I'm not subscribed.

--
-Austin

On Tue, Nov 10, 2015 at 9:22 AM, Austin English <austinenglish at
gmail.com> wrote:
> Howdy,
>
> I'm attempting to compile openssh-7.1p1 using libressl-2.2.4 for the
> ssl implementation. Unfortunately, this fails to work (tested on
> Debian Unstable and Gentoo):
[...]
> conftest.c:225:4: warning: implicit declaration of function 'exit'
> [-Wimplicit-function-declaration]
>     exit(1);
>     ^
These things are noise.  I'll fix them, but they're not the cause of
your problem.
> ./conftest: error while loading shared libraries: libcrypto.so.35:
> cannot open shared object file: No such file or directory
This is the problem: configure is telling the linker to link against
libcrypto in the libressl directory but you have not told the runtime
linker to look there for shared libraries, so your binaries (in this
case, the configure test) fail at runtime.

To fix this you probably want to either:
 - add /opt/libressl-2.2.4/lib to /etc/ld.conf or /etc/ld.conf.d/ and
run ldconfig
 - remove the .so files from /opt/libressl-2.2.4/lib so that the
linker will pick up the static libcrypto.
> doing:
> export LD_LIBRARY_PATH=/opt/libressl-2.2.4
>
> Works around this issue, and allows OpenSSH to compile (though some
> tests fail that don't with openssl-1.0.2d.
That'll help anything that inherits the environment, but anything that
sanitizes its environment (eg sudo) will fail, and the resulting
binaries won't work without the environment variable.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

On Mon, Nov 9, 2015 at 5:35 PM, Darren Tucker <dtucker at zip.com.au>
wrote:
> On Tue, Nov 10, 2015 at 9:22 AM, Austin English <austinenglish at
gmail.com> wrote:
>> Howdy,
>>
>> I'm attempting to compile openssh-7.1p1 using libressl-2.2.4 for
the
>> ssl implementation. Unfortunately, this fails to work (tested on
>> Debian Unstable and Gentoo):
> [...]
>> conftest.c:225:4: warning: implicit declaration of function
'exit'
>> [-Wimplicit-function-declaration]
>>     exit(1);
>>     ^
>
> These things are noise.  I'll fix them, but they're not the cause
of
> your problem.
Sure, just wanted to be complete.
>> ./conftest: error while loading shared libraries: libcrypto.so.35:
>> cannot open shared object file: No such file or directory
>
> This is the problem: configure is telling the linker to link against
> libcrypto in the libressl directory but you have not told the runtime
> linker to look there for shared libraries, so your binaries (in this
> case, the configure test) fail at runtime.
>
> To fix this you probably want to either:
>  - add /opt/libressl-2.2.4/lib to /etc/ld.conf or /etc/ld.conf.d/ and
> run ldconfig
>  - remove the .so files from /opt/libressl-2.2.4/lib so that the
> linker will pick up the static libcrypto.
I tried removing the .so's, but openssh then falls back to the system
openssl instead of the specified ssl. The .a's are present (I also
tried explicitly building libressl with --enable-shared, but that made
no difference).
>> doing:
>> export LD_LIBRARY_PATH=/opt/libressl-2.2.4
>>
>> Works around this issue, and allows OpenSSH to compile (though some
>> tests fail that don't with openssl-1.0.2d.
>
> That'll help anything that inherits the environment, but anything that
> sanitizes its environment (eg sudo) will fail, and the resulting
> binaries won't work without the environment variable.
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.


-- 
-Austin