On Thu, Mar 07, 2024 at 01:51:28PM +1100, Darren Tucker wrote:> On Thu, 7 Mar 2024 at 13:39, The Doctor <doctor at doctor.nl2k.ab.ca> wrote: > > > > On Thu, Mar 07, 2024 at 01:19:36PM +1100, Darren Tucker wrote: > > > On Thu, 7 Mar 2024 at 12:00, The Doctor <doctor at doctor.nl2k.ab.ca> wrote: > > > > On Thu, Mar 07, 2024 at 09:58:38AM +1100, Darren Tucker wrote: > > > [...] > > > > > Please try this patch. Note that you will need to run "autoreconf" to > > > > > rebuild configure before rerunning it. > > > [...] > > > > In which test release can this be made available? > > > > > > It has not been committed and is not currently in any test release or > > > snapshot. We're trying to confirm it does in fact fix what you have > > > observed. You will need to apply the patch yourself to a snapshot or > > > git HEAD and run "autoreconf" to rebuild configure, then run > > > ./configure with your options. > > > > > > > > > > Tried it and got > > > > checking for openssl... /usr/bin/openssl > > checking for openssl/opensslv.h... yes > > checking OpenSSL header version... 30200020 (OpenSSL 3.2.2-dev ) > > checking for OpenSSL_version... yes > > checking for OpenSSL_version_num... yes > > checking OpenSSL library version... 300000e0 (OpenSSL 3.0.14-dev ) > > checking whether OpenSSL's headers match the library... no > > configure: error: Your OpenSSL headers do not match your > > library. Check config.log for details. > > If you are sure your installation is consistent, you can disable the check > > by running "./configure --without-openssl-header-check". > > Also see contrib/findssl.sh for help identifying header/library mismatches. > > That sounds like the runtime linker path problem I described in my > first reply. Is the OpenSSL 3.2.2-dev version of libcrypto in your > runtime linker path? I assume that's in /usr/local/lib? Does > /usr/local/bin/openssl actually work?This is odd. /usr/local/bin/openssl version -a ld-elf.so.1: /usr/lib/libssl.so.3: version OPENSSL_3.2.0 required by /usr/local/bin/openssl not found It should be reference /usr/local/lib/libssl.so> > You can use --with-rpath in your configure invocation to set -R/-rpath > (exact details will vary by system and/or linker, for GNU ld, that > would be --with-rpath=-Wl,-rpath,). > > -- > Darren Tucker (dtucker at dtucker.net) > GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev-- Member - Liberal International This is doctor at nk.ca Ici doctor at nk.ca Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ; unsubscribe from Google Groups to be seen What worth the power of law that won't stop lawlessness? -unknown
On Wed, 6 Mar 2024, The Doctor wrote:> > > > snapshot. We're trying to confirm it does in fact fix what you have > > > > observed. You will need to apply the patch yourself to a snapshot or > > > > git HEAD and run "autoreconf" to rebuild configure, then run > > > > ./configure with your options. > > > > > > > > > > > > > > Tried it and got > > > > > > checking for openssl... /usr/bin/openssl > > > checking for openssl/opensslv.h... yes > > > checking OpenSSL header version... 30200020 (OpenSSL 3.2.2-dev ) > > > checking for OpenSSL_version... yes > > > checking for OpenSSL_version_num... yes > > > checking OpenSSL library version... 300000e0 (OpenSSL 3.0.14-dev ) > > > checking whether OpenSSL's headers match the library... no > > > configure: error: Your OpenSSL headers do not match your > > > library. Check config.log for details. > > > If you are sure your installation is consistent, you can disable the check > > > by running "./configure --without-openssl-header-check". > > > Also see contrib/findssl.sh for help identifying header/library mismatches. > > > > That sounds like the runtime linker path problem I described in my > > first reply. Is the OpenSSL 3.2.2-dev version of libcrypto in your > > runtime linker path? I assume that's in /usr/local/lib? Does > > /usr/local/bin/openssl actually work? > > This is odd. > > /usr/local/bin/openssl version -a > ld-elf.so.1: /usr/lib/libssl.so.3: version OPENSSL_3.2.0 required by /usr/local/bin/openssl not found > > > It should be reference /usr/local/lib/libssl.soThis is the same problem Darren described. You have openssl libraries installed that are not in the runtime linker search path. --with-rpath will fix this for OpenSSH, but it can't fix the openssl binary you already have installed. Your options include (if your system support them) things like adjusting ld.so.conf or manually setting LD_LIBRARY_PATH. -d
On Thu, 7 Mar 2024 at 14:54, The Doctor <doctor at doctor.nl2k.ab.ca> wrote: [...]> /usr/local/bin/openssl version -a > ld-elf.so.1: /usr/lib/libssl.so.3: version OPENSSL_3.2.0 required by /usr/local/bin/openssl not foundThis is why configure (with the patch) didn't use that openssl binary: it doesn't work. Trying something like this ought prove whether or not the patch works for your use case (I'm using /opt/openssl instead of /usr/local, but it should otherwise should be equivalent): $ uname -sr FreeBSD 14.0-RELEASE-p3 $ /opt/openssl/bin/openssl version ld-elf.so.1: Shared object "libssl.so.3" not found, required by "openssl" $ env LD_LIBRARY_PATH=/opt/openssl/lib:/lib:/usr/lib PATH=/bin:/usr/bin ./configure --with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath, [...] $ grep OPENSSL_BIN Makefile OPENSSL_BIN='/opt/openssl/bin/openssl' \ -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
The Doctor wrote:> [] > This is odd. > > /usr/local/bin/openssl version -a > ld-elf.so.1: /usr/lib/libssl.so.3: version OPENSSL_3.2.0 required by /usr/local/bin/openssl not foundRUNPATH (new) vs RPATH (classical)> It should be reference /usr/local/lib/libssl.so[] If I remember well with new model enabled indirect dependent library is searched in system default library search path. a) build OpenSSL with rpath. Remarks: by default openssl build is new model. Also some compilers by default support new model. b) some Linux-es does to include /usr/local/lib to library search path. I use a) as each builds from each project are installed in separate directory. Note b) is default on my systems. Roumen -- Advanced secure shell implementation with X.509 certificate support http://roumenpetrov.info/secsh/