On Thu, 7 Mar 2024 at 02:19, Damien Miller <djm at mindrot.org> wrote:> > > > On Tue, 5 Mar 2024, The Doctor wrote: > > > Showstopper problem! > > > > I want configure to work with /usr/local/bin/openssl and not /usr/bin/openssl > > You can use --with-ssl-dir for this. --with-ssl-dir=/foo will have > configure try /foo/bin/openssl and /foo/apps/openssl. Otherwise it > just searches $PATH. > > Nothing has changed here for the last couple of releases.I changed it to better support OpenSSL directories in non-default paths: https://github.com/openssh/openssh-portable/commit/26cab41c05 Just reversing the search path order will cause other problems, though, since there is no guarantee the bin/openssl in a non-default location is functional (eg if its libraries are not in the system default runtime linker path and it's built without -rpath, which it's usually not). -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Thu, Mar 07, 2024 at 09:39:31AM +1100, Darren Tucker wrote:> On Thu, 7 Mar 2024 at 02:19, Damien Miller <djm at mindrot.org> wrote: > > On Tue, 5 Mar 2024, The Doctor wrote: > > > Showstopper problem! > > > > > > I want configure to work with /usr/local/bin/openssl and not /usr/bin/openssl[...]> I changed it to better support OpenSSL directories in non-default paths: > https://github.com/openssh/openssh-portable/commit/26cab41c05 > > Just reversing the search path order will cause other problems, > though, since there is no guarantee the bin/openssl in a non-default > location is functional (eg if its libraries are not in the system > default runtime linker path and it's built without -rpath, which it's > usually not).Please try this patch. Note that you will need to run "autoreconf" to rebuild configure before rerunning it. I think it covers all of the cases correctly: $ which openssl /usr/bin/openssl $ ./configure | grep bin/openssl && grep OPENSSL_BIN Makefile checking for openssl... /usr/bin/openssl OPENSSL_BIN='/usr/bin/openssl' \ $ ./configure --with-ssl-dir=/usr/local | grep bin/openssl && grep OPENSSL_BIN Makefile checking for openssl... /usr/local/bin/openssl OPENSSL_BIN='/usr/local/bin/openssl' \ $ ./configure --with-ssl-dir=/opt/openssl/3.3.0-dev --with-rpath=-Wl,-rpath, | grep bin/openssl && grep OPENSSL_BIN Makefile checking for openssl... /usr/bin/openssl OPENSSL_BIN='/usr/bin/openssl' \ $ /opt/openssl/3.3.0-dev/bin/openssl version /opt/openssl/3.3.0-dev/bin/openssl: /lib64/libssl.so.3: version `OPENSSL_3.2.0' not found (required by /opt/openssl/3.3.0-dev/bin/openssl) $ make ssh >/dev/null && ./ssh -V OpenSSH_9.6p1, OpenSSL 3.3.0-dev diff --git a/configure.ac b/configure.ac index fda092830..1aba65c00 100644 --- a/configure.ac +++ b/configure.ac @@ -2735,7 +2735,15 @@ AC_ARG_WITH([ssl-dir], else CPPFLAGS="-I${withval} ${CPPFLAGS}" fi - openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps" + dnl Ensure specified openssl binary works, eg it can + dnl find its runtime libraries, before trying to use. + if test -x "${withval}/bin/openssl" && \ + "${withval}/bin/openssl" version >/dev/null 2>&1; then + openssl_bin_PATH="${withval}/bin${PATH_SEPARATOR}${PATH}" + elif test -x "${withval}/apps/openssl" && \ + "${withval}/apps/openssl" version >/dev/null 2>&1; then + openssl_bin_PATH="${withval}/apps${PATH_SEPARATOR}${PATH}" + fi fi ] ) -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Thu, Mar 07, 2024 at 09:39:31AM +1100, Darren Tucker wrote:> On Thu, 7 Mar 2024 at 02:19, Damien Miller <djm at mindrot.org> wrote: > > > > > > > > On Tue, 5 Mar 2024, The Doctor wrote: > > > > > Showstopper problem! > > > > > > I want configure to work with /usr/local/bin/openssl and not /usr/bin/openssl > > > > You can use --with-ssl-dir for this. --with-ssl-dir=/foo will have > > configure try /foo/bin/openssl and /foo/apps/openssl. Otherwise it > > just searches $PATH. > > > > Nothing has changed here for the last couple of releases. > > I changed it to better support OpenSSL directories in non-default paths: > https://github.com/openssh/openssh-portable/commit/26cab41c05 > > Just reversing the search path order will cause other problems, > though, since there is no guarantee the bin/openssl in a non-default > location is functional (eg if its libraries are not in the system > default runtime linker path and it's built without -rpath, which it's > usually not). >As long as /foo/bin/openssl is picked up, that should be the resolution.> -- > Darren Tucker (dtucker at dtucker.net) > GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement.-- Member - Liberal International This is doctor at nk.ca Ici doctor at nk.ca Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ; unsubscribe from Google Groups to be seen What worth the power of law that won't stop lawlessness? -unknown