openssh unix dev - Jun 2003 - Problem with Configure

I try to set up openssh-3.6.1p2  on a baox and get:


Script started on Sun Jun 22 07:55:36 2003
gallifrey.nk.ca//usr/source/openssh-3.6.1p2$ cat /usr/contrib/bin/configssh
./configure --prefix=/usr/contrib --localstatedir=/var
--infodir=/usr/share/info\
 --mandir=/usr/share/man --with-low-memory --with-elf --with-ncurses\
  --with-ssl=/usr/source/openssl-engine-0.9.7g\
  --with-ssl-dir=/usr/source/openssl-engine-0.9.7g\
 --with-openssl=/usr/source/openssl-engine-0.9.7g --with-bsd-auth
gallifrey.nk.ca//usr/source/openssh-3.6.1p2$ ^cat^
 /usr/contrib/bin/configssh
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables... 
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking build system type... i386-pc-bsdi5.0
checking host system type... i386-pc-bsdi5.0
checking whether byte ordering is bigendian... no
checking how to run the C preprocessor... gcc -E
checking for ranlib... ranlib
checking for a BSD-compatible install... /usr/bin/install -c
checking for ar... /usr/bin/ar
checking for perl5... /usr/bin/perl5
checking for sed... /usr/bin/sed
checking for ent... no
checking for bash... /bin/bash
checking for ksh... (cached) /bin/bash
checking for sh... (cached) /bin/bash
checking for sh... /bin/sh
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... no
checking for _LARGE_FILES value needed for large files... no
checking for login... /usr/bin/login
checking for inline... inline
checking for egrep... grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... no
checking for stdint.h... no
checking for unistd.h... yes
checking bstring.h usability... no
checking bstring.h presence... no
checking for bstring.h... no
checking crypt.h usability... no
checking crypt.h presence... no
checking for crypt.h... no
checking endian.h usability... no
checking endian.h presence... no
checking for endian.h... no
checking floatingpoint.h usability... no
checking floatingpoint.h presence... no
checking for floatingpoint.h... no
checking getopt.h usability... no
checking getopt.h presence... no
checking for getopt.h... no
checking glob.h usability... yes
checking glob.h presence... yes
checking for glob.h... yes
checking ia.h usability... no
checking ia.h presence... no
checking for ia.h... no
checking lastlog.h usability... no
checking lastlog.h presence... no
checking for lastlog.h... no
checking libgen.h usability... no
checking libgen.h presence... no
checking for libgen.h... no
checking limits.h usability... yes
checking limits.h presence... yes
checking for limits.h... yes
checking login.h usability... no
checking login.h presence... no
checking for login.h... no
checking login_cap.h usability... yes
checking login_cap.h presence... yes
checking for login_cap.h... yes
checking maillock.h usability... no
checking maillock.h presence... no
checking for maillock.h... no
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking netgroup.h usability... no
checking netgroup.h presence... no
checking for netgroup.h... no
checking netinet/in_systm.h usability... yes
checking netinet/in_systm.h presence... yes
checking for netinet/in_systm.h... yes
checking paths.h usability... yes
checking paths.h presence... yes
checking for paths.h... yes
checking pty.h usability... no
checking pty.h presence... no
checking for pty.h... no
checking readpassphrase.h usability... no
checking readpassphrase.h presence... no
checking for readpassphrase.h... no
checking rpc/types.h usability... yes
checking rpc/types.h presence... yes
checking for rpc/types.h... yes
checking security/pam_appl.h usability... no
checking security/pam_appl.h presence... no
checking for security/pam_appl.h... no
checking shadow.h usability... no
checking shadow.h presence... no
checking for shadow.h... no
checking stddef.h usability... yes
checking stddef.h presence... yes
checking for stddef.h... yes
checking for stdint.h... (cached) no
checking for strings.h... (cached) yes
checking sys/bitypes.h usability... yes
checking sys/bitypes.h presence... yes
checking for sys/bitypes.h... yes
checking sys/bsdtty.h usability... no
checking sys/bsdtty.h presence... no
checking for sys/bsdtty.h... no
checking sys/cdefs.h usability... yes
checking sys/cdefs.h presence... yes
checking for sys/cdefs.h... yes
checking sys/mman.h usability... yes
checking sys/mman.h presence... yes
checking for sys/mman.h... yes
checking sys/pstat.h usability... no
checking sys/pstat.h presence... no
checking for sys/pstat.h... no
checking sys/select.h usability... yes
checking sys/select.h presence... yes
checking for sys/select.h... yes
checking for sys/stat.h... (cached) yes
checking sys/stropts.h usability... no
checking sys/stropts.h presence... no
checking for sys/stropts.h... no
checking sys/sysmacros.h usability... no
checking sys/sysmacros.h presence... no
checking for sys/sysmacros.h... no
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking sys/timers.h usability... no
checking sys/timers.h presence... no
checking for sys/timers.h... no
checking sys/un.h usability... yes
checking sys/un.h presence... yes
checking for sys/un.h... yes
checking time.h usability... yes
checking time.h presence... yes
checking for time.h... yes
checking tmpdir.h usability... no
checking tmpdir.h presence... no
checking for tmpdir.h... no
checking ttyent.h usability... yes
checking ttyent.h presence... yes
checking for ttyent.h... yes
checking usersec.h usability... no
checking usersec.h presence... no
checking for usersec.h... no
checking util.h usability... no
checking util.h presence... no
checking for util.h... no
checking utime.h usability... yes
checking utime.h presence... yes
checking for utime.h... yes
checking utmp.h usability... yes
checking utmp.h presence... yes
checking for utmp.h... yes
checking utmpx.h usability... no
checking utmpx.h presence... no
checking for utmpx.h... no
checking for yp_match... yes
checking for setsockopt... yes
checking for getspnam... no
checking for getspnam in -lgen... no
checking for deflate in -lz... yes
checking for strcasecmp... yes
checking for utimes... yes
checking libutil.h usability... no
checking libutil.h presence... no
checking for libutil.h... no
checking for library containing login... -lutil
checking for logout... yes
checking for updwtmp... no
checking for logwtmp... yes
checking for strftime... yes
checking for GLOB_ALTDIRFUNC support... yes
checking for gl_matchc field in glob_t... no
checking whether struct dirent allocates space for d_name... yes
checking for arc4random... no
checking for __b64_ntop... yes
checking for b64_ntop... no
checking for __b64_pton... yes
checking for b64_pton... no
checking for basename... no
checking for bcopy... yes
checking for bindresvport_sa... no
checking for clock... yes
checking for fchmod... yes
checking for fchown... yes
checking for freeaddrinfo... yes
checking for futimes... no
checking for gai_strerror... yes
checking for getaddrinfo... yes
checking for getcwd... yes
checking for getgrouplist... yes
checking for getnameinfo... yes
checking for getopt... yes
checking for getpeereid... no
checking for _getpty... no
checking for getrlimit... yes
checking for getrusage... yes
checking for getttyent... yes
checking for glob... yes
checking for inet_aton... yes
checking for inet_ntoa... yes
checking for inet_ntop... yes
checking for innetgr... yes
checking for login_getcapbool... yes
checking for md5_crypt... no
checking for memmove... yes
checking for mkdtemp... no
checking for mmap... yes
checking for ngetaddrinfo... no
checking for nsleep... no
checking for ogetaddrinfo... no
checking for openpty... yes
checking for pstat... no
checking for readpassphrase... no
checking for realpath... yes
checking for recvmsg... yes
checking for rresvport_af... yes
checking for sendmsg... yes
checking for setdtablesize... no
checking for setegid... yes
checking for setenv... yes
checking for seteuid... yes
checking for setgroups... yes
checking for setlogin... yes
checking for setpcred... no
checking for setproctitle... yes
checking for setresgid... no
checking for setreuid... yes
checking for setrlimit... yes
checking for setsid... yes
checking for setvbuf... yes
checking for sigaction... yes
checking for sigvec... yes
checking for snprintf... yes
checking for socketpair... yes
checking for strerror... yes
checking for strlcat... yes
checking for strlcpy... yes
checking for strmode... yes
checking for strnvis... no
checking for sysconf... yes
checking for tcgetpgrp... yes
checking for truncate... yes
checking for utimes... (cached) yes
checking for vhangup... no
checking for vsnprintf... yes
checking for waitpid... yes
checking for library containing nanosleep... none required
checking for library containing basename... no
checking whether strsep is declared... yes
checking for strsep... yes
checking for dirname... no
checking for dirname in -lgen... no
checking for gettimeofday... yes
checking for time... yes
checking for endutent... no
checking for getutent... no
checking for getutid... no
checking for getutline... no
checking for pututline... no
checking for setutent... no
checking for utmpname... no
checking for endutxent... no
checking for getutxent... no
checking for getutxid... no
checking for getutxline... no
checking for pututxline... no
checking for setutxent... no
checking for utmpxname... no
checking for daemon... yes
checking for getpagesize... yes
checking whether snprintf correctly terminates long strings... yes
checking whether getpgrp requires zero arguments... yes
checking OpenSSL header version... 9060af (OpenSSL 0.9.6j [engine] 10 Apr 2003)
checking OpenSSL library version... 90605f (OpenSSL 0.9.6e 30 Jul 2002)
checking whether OpenSSL's headers match the library... no
configure: error: Your OpenSSL headers do not match your library
gallifrey.nk.ca//usr/source/openssh-3.6.1p2$ exit
exit

Script done on Sun Jun 22 07:57:23 2003

Script done on Sun Jun 22 07:57:23 2003

Why are 2 openssls showing up when I am supposed exclusively
 using openssl-engine-0.9.6g?

The Doctor wrote:
> I try to set up openssh-3.6.1p2  on a baox and get:
What OS and version?
> checking OpenSSL header version... 9060af (OpenSSL 0.9.6j [engine] 10 Apr
2003)
> checking OpenSSL library version... 90605f (OpenSSL 0.9.6e 30 Jul 2002)
> checking whether OpenSSL's headers match the library... no
> configure: error: Your OpenSSL headers do not match your library
[snip]
> Why are 2 openssls showing up when I am supposed exclusively
>  using openssl-engine-0.9.6g?
You have headers from an earlier version of OpenSSL someplace on your
system.  There's a tool called findssl.sh at [1] which can help you
identify them.  I'd start looking in /usr/include.

[1] http://www.zip.com.au/~dtucker/openssh/

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

The Doctor wrote:
[snip]
> checking OpenSSL header version... 9060af (OpenSSL 0.9.6j [engine] 10 Apr
2003)
> checking OpenSSL library version... 90605f (OpenSSL 0.9.6e 30 Jul 2002)
> checking whether OpenSSL's headers match the library... no
> configure: error: Your OpenSSL headers do not match your library
To head off future bug reports, how about including findssl.sh in contrib/
and having configure refer to it?

Like so:
checking whether OpenSSL's headers match the library... no
configure: error: Your OpenSSL headers do not match your library.
Check config.log for details.
Also see contrib/findssl.sh for help identifying header/library
mismatches.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
Index: configure.ac
==================================================================RCS file:
/usr/local/src/security/openssh/cvs/openssh_cvs/configure.ac,v
retrieving revision 1.126
diff -u -r1.126 configure.ac
--- configure.ac	4 Jun 2003 23:53:31 -0000	1.126
+++ configure.ac	24 Jun 2003 03:38:14 -0000
@@ -957,7 +957,9 @@
 	],
 	[
 		AC_MSG_RESULT(no)
-		AC_MSG_ERROR(Your OpenSSL headers do not match your library)
+		AC_MSG_ERROR([Your OpenSSL headers do not match your library.
+Check config.log for details.
+Also see contrib/findssl.sh for help identifying header/library mismatches.])
 	]
 )
 
--- /dev/null	2002-08-31 09:31:37.000000000 +1000
+++ contrib/findssl.sh	2003-06-24 13:24:50.000000000 +1000
@@ -0,0 +1,159 @@
+#!/bin/sh
+#
+# findssl.sh
+#	Search for all instances of OpenSSL headers and libraries
+#	and print their versions.
+#	Intended to help diagnose OpenSSH's "OpenSSL headers do not
+#	match your library" errors.
+#
+#	Written by Darren Tucker (dtucker at zip dot com dot au)
+#	This file is placed in the public domain.
+#
+# $Id$
+#	2002-07-27: Initial release.
+#	2002-08-04: Added public domain notice.
+#	2003-06-24: Incorporated readme, set library paths. First cvs version.
+#
+# "OpenSSL headers do not match your library" are usually caused by 
+# OpenSSH's configure picking up an older version of OpenSSL headers
+# or libraries.  You can use the following # procedure to help identify
+# the cause.
+# 
+# The  output  of  configure  will  tell you the versions of the OpenSSL
+# headers and libraries that were picked up, for example:
+# 
+# checking OpenSSL header version... 90604f (OpenSSL 0.9.6d 9 May 2002)
+# checking OpenSSL library version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul
2001)
+# checking whether OpenSSL's headers match the library... no
+# configure: error: Your OpenSSL headers do not match your library
+# 
+# Now run findssl.sh. This should identify the headers and libraries
+# present  and  their  versions.  You  should  be  able  to identify the
+# libraries  and headers used and adjust your CFLAGS or remove incorrect
+# versions.  The  output will show OpenSSL's internal version identifier
+# and should look something like:
+
+# $ ./findssl.sh
+# Searching for OpenSSL header files.
+# 0x0090604fL /usr/include/openssl/opensslv.h
+# 0x0090604fL /usr/local/ssl/include/openssl/opensslv.h
+# 
+# Searching for OpenSSL shared library files.
+# 0x0090602fL /lib/libcrypto.so.0.9.6b
+# 0x0090602fL /lib/libcrypto.so.2
+# 0x0090581fL /usr/lib/libcrypto.so.0
+# 0x0090602fL /usr/lib/libcrypto.so
+# 0x0090581fL /usr/lib/libcrypto.so.0.9.5a
+# 0x0090600fL /usr/lib/libcrypto.so.0.9.6
+# 0x0090600fL /usr/lib/libcrypto.so.1
+# 
+# Searching for OpenSSL static library files.
+# 0x0090602fL /usr/lib/libcrypto.a
+# 0x0090604fL /usr/local/ssl/lib/libcrypto.a
+# 
+# In  this  example, I gave configure no extra flags, so it's picking up
+# the  OpenSSL header from /usr/include/openssl (90604f) and the library
+# from /usr/lib/ (90602f).
+
+#
+# Adjust these to suit your compiler.
+# You may also need to set the *LIB*PATH environment variables if
+# DEFAULT_LIBPATH is not correct for your system.
+#
+CC=gcc
+STATIC=-static
+
+#
+# Set up conftest C source
+#
+rm -f findssl.log
+cat >conftest.c <<EOD
+#include <stdio.h>
+int main(){printf("0x%08xL\n", SSLeay());}
+EOD
+
+#
+# Set default library paths if not already set
+#
+DEFAULT_LIBPATH=/usr/lib:/usr/local/lib
+LIBPATH=${LIBPATH:=$DEFAULT_LIBPATH}
+LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH}
+LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH}
+export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
+
+#
+# Search for OpenSSL headers and print versions
+#
+echo Searching for OpenSSL header files.
+if [ -x "`which locate`" ]
+then
+	headers=`locate opensslv.h`
+else
+	headers=`find / -name opensslv.h -print 2>/dev/null`
+fi
+
+for header in $headers
+do
+	ver=`awk '/OPENSSL_VERSION_NUMBER/{printf \$3}' $header`
+	echo "$ver $header"
+done
+echo
+
+#
+# Search for shared libraries.
+# Relies on shared libraries looking like "libcrypto.s*"
+#
+echo Searching for OpenSSL shared library files.
+if [ -x "`which locate`" ]
+then
+	libraries=`locate libcrypto.s`
+else
+	libraries=`find / -name 'libcrypto.s*' -print 2>/dev/null`
+fi
+
+for lib in $libraries
+do
+	(echo "Trying libcrypto $lib" >>findssl.log
+	dir=`dirname $lib`
+	LIBPATH="$dir:$LIBPATH"
+	LD_LIBRARY_PATH="$dir:$LIBPATH"
+	LIBRARY_PATH="$dir:$LIBPATH"
+	export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
+	${CC} -o conftest conftest.c $lib 2>>findssl.log
+	if [ -x ./conftest ]
+	then
+		ver=`./conftest 2>/dev/null`
+		rm -f ./conftest
+		echo "$ver $lib"
+	fi)
+done
+echo
+
+#
+# Search for static OpenSSL libraries and print versions
+#
+echo Searching for OpenSSL static library files.
+if [ -x "`which locate`" ]
+then
+	libraries=`locate libcrypto.a`
+else
+	libraries=`find / -name libcrypto.a -print 2>/dev/null`
+fi
+
+for lib in $libraries
+do
+	libdir=`dirname $lib`
+	echo "Trying libcrypto $lib" >>findssl.log
+	${CC} ${STATIC} -o conftest conftest.c -L${libdir} -lcrypto
2>>findssl.log
+	if [ -x ./conftest ]
+	then
+		ver=`./conftest 2>/dev/null`
+		rm -f ./conftest
+		echo "$ver $lib"
+	fi
+done
+
+#
+# Clean up
+#
+rm -f conftest.c