Project

General

Profile

[Solved] Fatal error compiling with `--with-wolfssl=DIR`; `wolfssl/options.h` not found

Added by Anonymous about 1 month ago

Hello.
I'm compiling lighttpd from source, specifically the 1.4.77 tarball. I can successfully compile where required system libraries are present. I am falling short on the command line magic to compile with WolfSSL support, which errors out.

My WolfSSL instance is also compiled from source and includes the required --with-lighty flags:

./configure \
--enable-certgen \
--enable-curve25519 \
--enable-ed25519 \
--enable-keygen \
--enable-lighty \
--enable-memcached \
--enable-nginx \
--enable-opensslall \
--enable-opensslextra \
--enable-quic \
--prefix=/opt/wolfssl

My lighttpd configure flags point to the WolfSSL headers in /opt/wolfssl/:

./configure \
--prefix=/opt/lighttpd/ \
--with-brotli \
--with-bzip2 \
--with-libdeflate \
--with-libxml \
--with-openssl \
--with-wolfssl=/opt/wolfssl \
--with-zlib \
--with-zstd

The fatal error comprises:

In file included from algo_md5.c:3:
sys-crypto-md.h:437:10: fatal error: wolfssl/options.h: No such file or directory
  437 | #include <wolfssl/options.h> /* wolfssl NO_* macros */
      |          ^~~~~~~~~~~~~~~~~~~
compilation terminated.
make[3]: *** [Makefile:4179: t_test_mod-algo_md5.o] Error 1
make[3]: *** Waiting for unfinished jobs....
mv -f .deps/t_test_mod-gw_backend.Tpo .deps/t_test_mod-gw_backend.Po
make[2]: *** [Makefile:1721: all] Error 2
make[1]: *** [Makefile:471: all-recursive] Error 1
make: *** [Makefile:403: all] Error 2

The named wolfssl/options.h file exists at include/wolfssl/options.h, as well as uncompressed WolfSSL source:

$ sudo find / -name options.h
/opt/wolfssl/include/wolfssl/options.h
[…]
/home/pete/wolfssl-source/wolfssl-5.7.2-stable/zephyr/wolfssl/options.h
/home/pete/wolfssl-source/wolfssl-5.7.2-stable/wolfssl/options.h

I would be most grateful for any advice on how to proceed. I can make 1 or more symlinks to get around the 'missing' file, but if there's a smarter route in / out, I'm all ears. Thank you.

Additional info: Debian 12 on aarch64, lighttpd 1.4.77 when compiled without WolfSSL support.

$ sudo uname -a
Linux hobby 6.1.0-31-arm64 #1 SMP Debian 6.1.128-1 (2025-02-07) aarch64 GNU/Linux
$ sudo \
> /opt/lighttpd/sbin/lighttpd -v
lighttpd/1.4.77 (ssl) - a light and fast webserver

Replies (7)

RE: Fatal error compiling with `--with-wolfssl=DIR`; `wolfssl/options.h` not found - Added by Anonymous about 1 month ago

My WolfSSL instance is also compiled from source and includes the required --with-lighty flags.

Mea culpa, I actually meant to write:

My WolfSSL instance is also compiled from source and includes the required --enable-lighty flag.

RE: Fatal error compiling with `--with-wolfssl=DIR`; `wolfssl/options.h` not found - Added by gstrauss about 1 month ago

Parts of the lighttpd core use some crypto functions (e.g. SHA256), and lighttpd will try to use the crypto functions from one of the TLS libraries against which lighttpd was built. It would appear that the lighttpd configure.ac is not providing the include path to the non-default location of wolfssl headers. I'll try to look into that later.

In the meantime, you can re-run
CFLAGS=-I/opt/wolfssl/include ./configure --prefix=/opt/lighttpd/ ...
or you can tell the lighttpd core to prefer openssl crypto
CFLAGS-DFORCE_OPENSSL_CRYPTO ./configure --prefix=/opt/lighttpd/ ...

When you run lighttpd with mod_wolfssl built against your custom location, you may need to specify LD_LIBRARY_PATH=/opt/wolfssl/lib /opt/lighttpd/sbin/lighttpd ... for lighttpd to find your wolfssl libs. (This assumes you have installed your wolfssl build to /opt/wolfssl path, and that /opt/wolfssl is not simply an unpack of the wolfssl source code.


Alternative:

InstallFromSource provides some instruction how to build a Debian package of lighttpd. Other than Debian being slooooooooooooooooooooow to update even when I spoon-feed signed updates to Debian, Debian does provide lighttpd with mod_wolfssl support. lighttpd 1.4.77 is in Sid and Trixie, but only older versions of lighttpd are currently available in Bookworm. You can create your own lighttpd 1.4.77 .deb for Bookworm, or you can install packages built by lighttpd which can be found at: https://debian.lighttpd.net/

RE: Fatal error compiling with `--with-wolfssl=DIR`; `wolfssl/options.h` not found - Added by Anonymous about 1 month ago

Thank you, gstrauss -- I am most grateful for your advice and input.

Per your reply, I've updated my configure task with the prepended CFLAGS, and the original fatal error is now resolved. There's another error a little further on in the compile process (includes most recent libtool command for context):

libtool: link: gcc -I/opt/wolfssl/include -pipe -Wall -W -Wshadow -pedantic -o lighttpd lighttpd-server.o lighttpd-response.o lighttpd-connections.o lighttpd-h1.o lighttpd-sock_addr_cache.o lighttpd-network.o lighttpd-network_write.o lighttpd-fdevent_impl.o lighttpd-http_range.o lighttpd-data_config.o lighttpd-configfile.o lighttpd-configparser.o lighttpd-mod_rewrite.o lighttpd-mod_redirect.o lighttpd-mod_access.o lighttpd-mod_alias.o lighttpd-mod_indexfile.o lighttpd-mod_staticfile.o lighttpd-mod_setenv.o lighttpd-mod_expire.o lighttpd-mod_simple_vhost.o lighttpd-mod_evhost.o lighttpd-mod_fastcgi.o lighttpd-mod_scgi.o lighttpd-base64.o lighttpd-buffer.o lighttpd-burl.o lighttpd-log.o lighttpd-http_header.o lighttpd-http_kv.o lighttpd-keyvalue.o lighttpd-chunk.o lighttpd-http_chunk.o lighttpd-fdevent.o lighttpd-fdevent_fdnode.o lighttpd-gw_backend.o lighttpd-stat_cache.o lighttpd-http_etag.o lighttpd-array.o lighttpd-algo_md5.o lighttpd-algo_sha1.o lighttpd-algo_splaytree.o lighttpd-configfile-glue.o lighttpd-http-header-glue.o lighttpd-http_cgi.o lighttpd-http_date.o lighttpd-plugin.o lighttpd-reqpool.o lighttpd-request.o lighttpd-sock_addr.o lighttpd-rand.o lighttpd-fdlog_maint.o lighttpd-fdlog.o lighttpd-sys-setjmp.o lighttpd-ck.o lighttpd-fdevent_win32.o lighttpd-fs_win32.o -Wl,--export-dynamic  -lpcre2-8 -lcrypto
/usr/bin/ld: t_test_mod-rand.o: in function `li_rand_init':
rand.c:(.text+0x1c8): undefined reference to `wolfCrypt_Init'
/usr/bin/ld: rand.c:(.text+0x1dc): undefined reference to `wc_InitRng'
/usr/bin/ld: t_test_mod-rand.o: in function `li_rand_reseed':
rand.c:(.text+0x230): undefined reference to `wc_FreeRng'
/usr/bin/ld: rand.c:(.text+0x23c): undefined reference to `wc_InitRng'
/usr/bin/ld: t_test_mod-rand.o: in function `li_rand_pseudo':
rand.c:(.text+0x2bc): undefined reference to `wc_RNG_GenerateBlock'
/usr/bin/ld: t_test_mod-rand.o: in function `li_rand_pseudo_bytes':
rand.c:(.text+0x318): undefined reference to `wc_RNG_GenerateBlock'
/usr/bin/ld: t_test_mod-rand.o: in function `li_rand_cleanup':
rand.c:(.text+0x398): undefined reference to `wc_FreeRng'
/usr/bin/ld: rand.c:(.text+0x39c): undefined reference to `wolfCrypt_Cleanup'
collect2: error: ld returned 1 exit status
make[3]: *** [Makefile:2024: t/test_mod] Error 1
make[3]: *** Waiting for unfinished jobs....
/usr/bin/ld: lighttpd-rand.o: in function `li_rand_init':
rand.c:(.text+0x1c8): undefined reference to `wolfCrypt_Init'
/usr/bin/ld: rand.c:(.text+0x1dc): undefined reference to `wc_InitRng'
/usr/bin/ld: lighttpd-rand.o: in function `li_rand_reseed':
rand.c:(.text+0x230): undefined reference to `wc_FreeRng'
/usr/bin/ld: rand.c:(.text+0x23c): undefined reference to `wc_InitRng'
/usr/bin/ld: lighttpd-rand.o: in function `li_rand_pseudo':
rand.c:(.text+0x2bc): undefined reference to `wc_RNG_GenerateBlock'
/usr/bin/ld: lighttpd-rand.o: in function `li_rand_pseudo_bytes':
rand.c:(.text+0x318): undefined reference to `wc_RNG_GenerateBlock'
/usr/bin/ld: lighttpd-rand.o: in function `li_rand_cleanup':
rand.c:(.text+0x398): undefined reference to `wc_FreeRng'
/usr/bin/ld: rand.c:(.text+0x39c): undefined reference to `wolfCrypt_Cleanup'
collect2: error: ld returned 1 exit status
make[3]: *** [Makefile:1965: lighttpd] Error 1
make[2]: *** [Makefile:1721: all] Error 2
make[1]: *** [Makefile:471: all-recursive] Error 1
make: *** [Makefile:403: all] Error 2

If there's anything above that you'd like more information on for testing, I'll gladly provide feedback.

I'll follow your advice and stick with OpenSSL for now. For clarity, /opt/wolfssl is indeed installed and not raw source.

Thank you for the pointer to vendor packages, I appreciate that.

Best wishes.

RE: Fatal error compiling with `--with-wolfssl=DIR`; `wolfssl/options.h` not found - Added by gstrauss about 1 month ago

CFLAGS=-I/opt/wolfssl/include LDFLAGS=/opt/wolfssl/lib ./configure --prefix=/opt/lighttpd/ ...

I think you should seriously question why you are trying to build these from source when these build error messages and how to solve them are so foreign to you. Please invest some time learning how to build software, or consider using some of the alternatives that I have suggested in my previous post.

RE: Fatal error compiling with `--with-wolfssl=DIR`; `wolfssl/options.h` not found - Added by gstrauss about 1 month ago

A simpler solution is to build lighttpd with your original ./configure command and add --with-nettle so that Nettle provides the crypto functions to the base lighttpd modules (assuming you have Debian nettle-dev package installed). Then, mod_openssl is the only lighttpd module dependent on OpenSSL libraries, and mod_wolfssl is the only lighttpd module dependent on WolfSSL.

RE: Fatal error compiling with `--with-wolfssl=DIR`; `wolfssl/options.h` not found - Added by Anonymous about 1 month ago

Please invest some time learning how to build software, or consider using some of the alternatives that I have suggested in my previous post.

Respectfully, that's what I meant when I wrote:

I'll follow your advice and stick with OpenSSL for now.

I am grateful for your time and assistance. I will use another route. Please close this topic / ticket. Thank you.

RE: Fatal error compiling with `--with-wolfssl=DIR`; `wolfssl/options.h` not found - Added by gstrauss about 1 month ago

I wrote:

Parts of the lighttpd core use some crypto functions (e.g. SHA256), and lighttpd will try to use the crypto functions from one of the TLS libraries against which lighttpd was built. It would appear that the lighttpd configure.ac is not providing the include path to the non-default location of wolfssl headers. I'll try to look into that later.

commit message cddbad19 explains the history where initial wolfssl integration with lighttpd used wolfssl compatibility layer for openssl, and that could have caused conflicts when other parts of lighttpd were built with openssl. Since a separate lighttpd mod_wolfssl was created (long ago) and does not use wolfssl compatibility layer for openssl, I have adjusted the build. This only appears to have been an historical issue with autotools configure.ac, not with CMake, SCONS, or meson builds of lighttpd, and occurred when building wolfssl with a non-default location (--with-wolfssl=/path/to/wolf-install), and also building --with-openssl.

    (1-7/7)