[Solved] Compile with OpenSSL 3.x.x support
Hi,
I'm trying to compile the latest release (lighttpd_1.4.76-3) and upgrade mod_openssl from using openssl 1.1.1w to 3.0.8 but when checking the library I see :
ldd mod_openssl.so
linux-vdso.so.1 (0xbec56000)
libssl.so.1.1 => /lib/arm-linux-gnueabihf/libssl.so.1.1 (0xb6e99000)
libcrypto.so.1.1 => /lib/arm-linux-gnueabihf/libcrypto.so.1.1 (0xb6cdd000)
libc.so.6 => /lib/arm-linux-gnueabihf/libc.so.6 (0xb6bde000)
/lib/ld-linux-armhf.so.3 (0xb6f18000)
libpthread.so.0 => /lib/arm-linux-gnueabihf/libpthread.so.0 (0xb6bb8000)
libdl.so.2 => /lib/arm-linux-gnueabihf/libdl.so.2 (0xb6ba5000)
The resulting packages are installing fine but once I enable the ssl module and restarting the service I get :
/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf 2024-05-16 19:09:14: (plugin.c.221) dlopen() failed for: /usr/lib/lighttpd/mod_openssl.so /usr/lib/lighttpd/mod_openssl.so: undefined symbol: ERR_new 2024-05-16 19:09:14: (server.c.1649) loading plugins finally failed
The new version of OpenSSL was installed using the steps from this article (https://orcacore.com/install-openssl-3-debian-11/)
Compiled lighttpd using the details from https://redmine.lighttpd.net/projects/1/wiki/InstallFromSource#distro-packaging-external-examples
Details about the system :
Linux orangepizero 6.1.63-current-sunxi #1 SMP Mon Nov 20 10:52:19 UTC 2023 armv7l GNU/Linux cat /etc/os-release PRETTY_NAME="Armbian 23.8.1 bullseye" NAME="Debian GNU/Linux" VERSION_ID="11" VERSION="11 (bullseye)" VERSION_CODENAME=bullseye ID=debian HOME_URL="https://www.armbian.com" SUPPORT_URL="https://forum.armbian.com" BUG_REPORT_URL="https://www.armbian.com/bugs" ARMBIAN_PRETTY_NAME="Armbian 23.8.1 bullseye" openssl version -a OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023) built on: Thu May 16 15:17:42 2024 UTC platform: linux-armv4 options: bn(64,32) compiler: gcc -fPIC -pthread -march=armv7-a -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DNDEBUG OPENSSLDIR: "/usr/local/ssl" ENGINESDIR: "/usr/local/lib/engines-3" MODULESDIR: "/usr/local/lib/ossl-modules" Seeding source: os-specific CPUINFO: OPENSSL_armcap=0x1
Is there something I'm missing or anybody has any idea how to transition to the a more current version of OpenSSL?
Thank you,
Razvan
Replies (3)
RE: Compile with OpenSSL 3.x.x support - Added by gstrauss 4 months ago
Is there something I'm missing or anybody has any idea how to transition to the a more current version of OpenSSL?
The best solution is to avoid ancient, poorly maintained distros. Your life would be much easier if you were using a more modern version of armbian based on a more modern version of Debian, e.g. Debian Bookworm.
If you can't upgrade the system, then using the the lighttpd instructions to build a debian package builds against the system openssl. While there are ways to override this, that is effort spent fighting with the Debian intergration. It would be better to just upgrade the system.
However, since you do not seem to want to update the system, you should build lighttpd following the more basic build commands examples and specify the paths to find your build of openssl headers and openssl libraries. Then, once you build and link against your specified location of openssl includes and libraries, you can set LD_LIBRARY_PATH to the library location of openssl. Set LD_LIBRARY_PATH in the script environment you use to start the lighttpd executable to tell lighttpd where to find those libraries.
RE: Compile with OpenSSL 3.x.x support - Added by yo6nam 4 months ago
Thanks for your input, gstrauss.
Debian Bullseye is near EOL, but it's not ancient :)
I went ahead and compiled from GitHub using
./configure -C --prefix=/usr --with-openssl --with-openssl-libs=/usr/local/lib --with-openssl-includes --disable-static --enable-shared
Cheers!
RE: Compile with OpenSSL 3.x.x support - Added by gstrauss 3 months ago
Debian Bullseye is near EOL, but it's not ancient :)
LOL. Then why do you need to upgrade from openssl 1.1.1w? Is it because openssl 1.1.1 is EOL? (yes) https://endoflife.date/openssl openssl.org support for openssl 1.1.1 ended Sep 2023.
Anyway, I am glad you found a solution. Upgrading from an older Debian release may sometimes be another solution.