Date: Thu, 3 Dec 2009 19:13:26 +0200 From: Dmitry Pryanishnikov <lynx.ripe@gmail.com> To: Peter Beckman <beckman@angryox.com> Cc: Mark Linimon <linimon@lonesome.com>, Jim Pazarena <fports@paz.bz>, freebsd-ports@freebsd.org Subject: Re: sshd on FBSD 8.0-RC2/3 Message-ID: <754a9c140912030913t17c68142u1eec510d73411fef@mail.gmail.com> In-Reply-To: <alpine.BSF.2.00.0912031148470.56665@nog.angryox.com> References: <4B17D7F3.7080005@gmail.com> <alpine.BSF.2.00.0912031148470.56665@nog.angryox.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello! 2009/12/3 Peter Beckman <beckman@angryox.com>: >> ports/138466 (affects www/apache22 built >> WITH_OPENSSL_PORT=yes). It is critical to make sure that right runtime >> libraries (those from /usr/local/lib, not from the base) are used by _every_ >> application built WITH_OPENSSL_PORT=YES - and it's not always true ;( > > Agreed. I ran into this problem, I had an old ENV var LD_LIBRARY_PATH in > one of my .tcshrc scripts that caused lighttpd to compile with the libssl > from base but the libcrypto from the port. Running make, then confirming > your binary/binaries are linked correctly to the right libraries using > 'ldd' is recommended to confirm what you expect. Well, ldd's output _itself_ depends on the current environment and thus can't insure that correct libraries will be used by the application. Compare: 1) $ echo $LD_LIBRARY_PATH $ ldd /usr/local/libexec/apache22/mod_ssl.so /usr/local/libexec/apache22/mod_ssl.so: libssl.so.5 => /usr/lib/libssl.so.5 (0x2818c000) libcrypto.so.5 => /usr/lib/libcrypto.so.5 (0x281c5000) libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x282e2000) libm.so.4 => /lib/libm.so.4 (0x283ad000) libcrypto.so.5 => /usr/local/lib/libcrypto.so.5 (0x283c3000) Weird, isn't it? libssl.so from the base + 2 different libcrypro.so.5! However, apache's rc.d script sources /usr/local/sbin/envvars before starting httpd (though not always - that's why my PR exists) to set LD_LIBRARY_PATH properly: 2) $ . /usr/local/sbin/envvars $ echo $LD_LIBRARY_PATH /usr/local/lib: $ ldd /usr/local/libexec/apache22/mod_ssl.so /usr/local/libexec/apache22/mod_ssl.so: libssl.so.5 => /usr/local/lib/libssl.so.5 (0x2818c000) libcrypto.so.5 => /usr/local/lib/libcrypto.so.5 (0x281c9000) libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x282ec000) libm.so.4 => /lib/libm.so.4 (0x283b7000) Now ldd shows proper libraries. Likewise, if one omit setting LD_LIBRARY_PATH before running httpd, it (httpd itself) will just use OpenSSL libraries from base instead of port-installed (despite being built properly). So this is also run-time issue. > > Beckman > --------------------------------------------------------------------------- > Peter Beckman Internet Guy > beckman@angryox.com http://www.angryox.com/ > --------------------------------------------------------------------------- > -- Sincerely, Dmitry nic-hdl: LYNX-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?754a9c140912030913t17c68142u1eec510d73411fef>