Lighttpd

My WolfSSL instance is also compiled from source and includes the required --with-lighty flags.

Mea culpa, I actually meant to write:

My WolfSSL instance is also compiled from source and includes the required --enable-lighty flag.

Parts of the lighttpd core use some crypto functions (e.g. SHA256), and lighttpd will try to use the crypto functions from one of the TLS libraries against which lighttpd was built. It would appear that the lighttpd configure.ac is not providing the include path to the non-default location of wolfssl headers. I'll try to look into that later.

In the meantime, you can re-run
CFLAGS=-I/opt/wolfssl/include ./configure --prefix=/opt/lighttpd/ ...
or you can tell the lighttpd core to prefer openssl crypto
CFLAGS-DFORCE_OPENSSL_CRYPTO ./configure --prefix=/opt/lighttpd/ ...

When you run lighttpd with mod_wolfssl built against your custom location, you may need to specify LD_LIBRARY_PATH=/opt/wolfssl/lib /opt/lighttpd/sbin/lighttpd ... for lighttpd to find your wolfssl libs. (This assumes you have installed your wolfssl build to /opt/wolfssl path, and that /opt/wolfssl is not simply an unpack of the wolfssl source code.

Alternative:

InstallFromSource provides some instruction how to build a Debian package of lighttpd. Other than Debian being slooooooooooooooooooooow to update even when I spoon-feed signed updates to Debian, Debian does provide lighttpd with mod_wolfssl support. lighttpd 1.4.77 is in Sid and Trixie, but only older versions of lighttpd are currently available in Bookworm. You can create your own lighttpd 1.4.77 .deb for Bookworm, or you can install packages built by lighttpd which can be found at: https://debian.lighttpd.net/

Thank you, gstrauss -- I am most grateful for your advice and input.

Per your reply, I've updated my configure task with the prepended CFLAGS, and the original fatal error is now resolved. There's another error a little further on in the compile process (includes most recent libtool command for context):

libtool: link: gcc -I/opt/wolfssl/include -pipe -Wall -W -Wshadow -pedantic -o lighttpd lighttpd-server.o lighttpd-response.o lighttpd-connections.o lighttpd-h1.o lighttpd-sock_addr_cache.o lighttpd-network.o lighttpd-network_write.o lighttpd-fdevent_impl.o lighttpd-http_range.o lighttpd-data_config.o lighttpd-configfile.o lighttpd-configparser.o lighttpd-mod_rewrite.o lighttpd-mod_redirect.o lighttpd-mod_access.o lighttpd-mod_alias.o lighttpd-mod_indexfile.o lighttpd-mod_staticfile.o lighttpd-mod_setenv.o lighttpd-mod_expire.o lighttpd-mod_simple_vhost.o lighttpd-mod_evhost.o lighttpd-mod_fastcgi.o lighttpd-mod_scgi.o lighttpd-base64.o lighttpd-buffer.o lighttpd-burl.o lighttpd-log.o lighttpd-http_header.o lighttpd-http_kv.o lighttpd-keyvalue.o lighttpd-chunk.o lighttpd-http_chunk.o lighttpd-fdevent.o lighttpd-fdevent_fdnode.o lighttpd-gw_backend.o lighttpd-stat_cache.o lighttpd-http_etag.o lighttpd-array.o lighttpd-algo_md5.o lighttpd-algo_sha1.o lighttpd-algo_splaytree.o lighttpd-configfile-glue.o lighttpd-http-header-glue.o lighttpd-http_cgi.o lighttpd-http_date.o lighttpd-plugin.o lighttpd-reqpool.o lighttpd-request.o lighttpd-sock_addr.o lighttpd-rand.o lighttpd-fdlog_maint.o lighttpd-fdlog.o lighttpd-sys-setjmp.o lighttpd-ck.o lighttpd-fdevent_win32.o lighttpd-fs_win32.o -Wl,--export-dynamic  -lpcre2-8 -lcrypto
/usr/bin/ld: t_test_mod-rand.o: in function `li_rand_init':
rand.c:(.text+0x1c8): undefined reference to `wolfCrypt_Init'
/usr/bin/ld: rand.c:(.text+0x1dc): undefined reference to `wc_InitRng'
/usr/bin/ld: t_test_mod-rand.o: in function `li_rand_reseed':
rand.c:(.text+0x230): undefined reference to `wc_FreeRng'
/usr/bin/ld: rand.c:(.text+0x23c): undefined reference to `wc_InitRng'
/usr/bin/ld: t_test_mod-rand.o: in function `li_rand_pseudo':
rand.c:(.text+0x2bc): undefined reference to `wc_RNG_GenerateBlock'
/usr/bin/ld: t_test_mod-rand.o: in function `li_rand_pseudo_bytes':
rand.c:(.text+0x318): undefined reference to `wc_RNG_GenerateBlock'
/usr/bin/ld: t_test_mod-rand.o: in function `li_rand_cleanup':
rand.c:(.text+0x398): undefined reference to `wc_FreeRng'
/usr/bin/ld: rand.c:(.text+0x39c): undefined reference to `wolfCrypt_Cleanup'
collect2: error: ld returned 1 exit status
make[3]: *** [Makefile:2024: t/test_mod] Error 1
make[3]: *** Waiting for unfinished jobs....
/usr/bin/ld: lighttpd-rand.o: in function `li_rand_init':
rand.c:(.text+0x1c8): undefined reference to `wolfCrypt_Init'
/usr/bin/ld: rand.c:(.text+0x1dc): undefined reference to `wc_InitRng'
/usr/bin/ld: lighttpd-rand.o: in function `li_rand_reseed':
rand.c:(.text+0x230): undefined reference to `wc_FreeRng'
/usr/bin/ld: rand.c:(.text+0x23c): undefined reference to `wc_InitRng'
/usr/bin/ld: lighttpd-rand.o: in function `li_rand_pseudo':
rand.c:(.text+0x2bc): undefined reference to `wc_RNG_GenerateBlock'
/usr/bin/ld: lighttpd-rand.o: in function `li_rand_pseudo_bytes':
rand.c:(.text+0x318): undefined reference to `wc_RNG_GenerateBlock'
/usr/bin/ld: lighttpd-rand.o: in function `li_rand_cleanup':
rand.c:(.text+0x398): undefined reference to `wc_FreeRng'
/usr/bin/ld: rand.c:(.text+0x39c): undefined reference to `wolfCrypt_Cleanup'
collect2: error: ld returned 1 exit status
make[3]: *** [Makefile:1965: lighttpd] Error 1
make[2]: *** [Makefile:1721: all] Error 2
make[1]: *** [Makefile:471: all-recursive] Error 1
make: *** [Makefile:403: all] Error 2

If there's anything above that you'd like more information on for testing, I'll gladly provide feedback.

I'll follow your advice and stick with OpenSSL for now. For clarity, /opt/wolfssl is indeed installed and not raw source.

Thank you for the pointer to vendor packages, I appreciate that.

Best wishes.

CFLAGS=-I/opt/wolfssl/include LDFLAGS=/opt/wolfssl/lib ./configure --prefix=/opt/lighttpd/ ...

I think you should seriously question why you are trying to build these from source when these build error messages and how to solve them are so foreign to you. Please invest some time learning how to build software, or consider using some of the alternatives that I have suggested in my previous post.

A simpler solution is to build lighttpd with your original ./configure command and add --with-nettle so that Nettle provides the crypto functions to the base lighttpd modules (assuming you have Debian nettle-dev package installed). Then, mod_openssl is the only lighttpd module dependent on OpenSSL libraries, and mod_wolfssl is the only lighttpd module dependent on WolfSSL.

Please invest some time learning how to build software, or consider using some of the alternatives that I have suggested in my previous post.

Respectfully, that's what I meant when I wrote:

I'll follow your advice and stick with OpenSSL for now.

I am grateful for your time and assistance. I will use another route. Please close this topic / ticket. Thank you.

I wrote:

Parts of the lighttpd core use some crypto functions (e.g. SHA256), and lighttpd will try to use the crypto functions from one of the TLS libraries against which lighttpd was built. It would appear that the lighttpd configure.ac is not providing the include path to the non-default location of wolfssl headers. I'll try to look into that later.

commit message cddbad19 explains the history where initial wolfssl integration with lighttpd used wolfssl compatibility layer for openssl, and that could have caused conflicts when other parts of lighttpd were built with openssl. Since a separate lighttpd mod_wolfssl was created (long ago) and does not use wolfssl compatibility layer for openssl, I have adjusted the build. This only appears to have been an historical issue with autotools configure.ac, not with CMake, SCONS, or meson builds of lighttpd, and occurred when building wolfssl with a non-default location (--with-wolfssl=/path/to/wolf-install), and also building --with-openssl.