Bug #2534

lighty fails to start when compiled with openssl_from_ports

Added by oschonrock about 6 years ago. Updated about 6 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Missing in 1.5.x:


Freebsd has an old openssl in base system. To take advantage of new ciphers and protocols I tried to run lighty with openssl_from_ports:

By just install /usr/ports/security/openssl first and then recompiling lighty (the ports system detects the newer openssl is available and links against it). This used to work with lighty 1.4.32.

Now with 1.4.33 I get the following error when starting lightly after compiling with openssl_from ports:

2013-11-26 11:14:28: (plugin.c.169) dlopen() failed for: /usr/local/lib/lighttpd/ /usr/local/lib/lighttpd/ Undefined symbol "SHA1" 

At first I thought this issue was related to:

So I tried the patch, but then compilation fails with:

libtool: link: ranlib .libs/mod_compress.a
libtool: link: cc -shared  -fPIC -DPIC  .libs/mod_auth.o .libs/http_auth.o   -L/usr/local/lib -lcrypt -lssl -lcrypto  -O2 -Wl,-rpath=/usr/local/lib   -Wl,-soname -Wl, -o .libs/
libtool: link: ( cd ".libs" && rm -f "" && ln -s "../" "" )
/usr/bin/ld: /usr/local/lib/libcrypto.a(sha1_one.o): relocation R_X86_64_32 can not be used when making a shared object; recompile with -fPIC
/usr/local/lib/libcrypto.a: could not read symbols: Bad value


Updated by oschonrock about 6 years ago

I have notified the FreeBSD port maintainer of this issue with link to here.


Updated by oschonrock about 6 years ago

  • Assignee deleted (stbuehler)

Updated by stbuehler about 6 years ago

  • Status changed from New to Invalid
  • Priority changed from High to Normal

you should link to a shared openssl library, which is probably not available. linking static openssl seems like a bad idea to me, not sure whether -fPIC is even available for it.

Anyway, I don't think there is anything we can fix here.

(why would that be high priority? oO...)


Updated by oschonrock about 6 years ago

Sorry, if I got the priority wrong.

For me this issues means: "no way to support TLS v > 1.0 with lighty under FreeBsd", because I cannot compile/run it successfully against the openssl from ports. The base system openssl is 0.9.8, which does not support new protocols or cypher suites. Now that Chrome/IE and Firefox (nearly) have released versions which support TLS v1.2 and new GCM ciphers this makes lighty not a good choice for properly secure SSL on FreeBSD. It was working with 1.4.32, but not not with now with 1.4.33.

Probably the compile error is a red-herring. The real issue is that lighty will not start if compiled against openssl from ports:

2013-11-26 11:14:28: (plugin.c.169) dlopen() failed for: /usr/local/lib/lighttpd/ /usr/local/lib/lighttpd/ Undefined symbol "SHA1" 

I know this falls between lighty and FreeBSD, but I need some help to narrow it down.



Updated by stbuehler about 6 years ago

I just gave you a solution: build shared openssl libs (, (which should include the -fPIC flag).

Also available in: Atom