build problem with 2.9p1 & p2

Rachit Siamwalla rachit at ensim.com
Sat Aug 11 07:37:14 EST 2001


i general for openssl, if you are not overly concerned about executable size
and code sharing, you should link with it statically when compiling with
openssh. This is because other programs may use specific versions of openssl
as well, and openssl has had a bad history of having different versions of
the library binary compatible with each other.

-rchit

-----Original Message-----
From: Jim Knoble [mailto:jmknoble at pobox.com]
Sent: Thursday, August 09, 2001 8:33 AM
To: OpenSSH Unix Dev
Subject: Re: build problem with 2.9p1 & p2


Circa 2001-Aug-08 15:34:19 -0700 dixit Mike Vihel:

: Greetings -
: 
: I don't think this is a bug; just something I don't understand.
: 
: I'm using RedHat Linux v7.0 with an i686 processor.
: 
: I've been using openssl v0.9.5a with openssh v2.2.1
: 
: I've upgraded to openssl v0.9.6b and openssh v2.9.p2
: 
: I've built both packages with the '--prefix=/usr' option.
: 
: During the openssh 'make install' at 'host-key' I get an error 255
:   OpenSSL Version mismatch.  Built against 90601f, you have 90581f
: 
: I also get the same error when trying to start the sshd daemon.
: 
: I've re-installed openssl v0.9.5a and it fixed the problem.
: 
: Can you tell me what's goin on here?

If you're installing OpenSSL by compiling from source instead of from a
pre-built RPM package, then it's very likely that you're not installing
everything that Red Hat's OpenSSL RPM package does.  In particular, Red
Hat's package installs shared libraries, and, by default,
OpenSSL-0.9.6b does not.  Additionally, gcc on Red Hat Linux is set up
to link against a shared library if one exists in preference to a
static library.

If you're going to install OpenSSL from source, you really should
uninstall the existing openssl-devel package before doing so:

  su
  rpm -e openssl-devel

Also, under package-managed systems such as Red Hat Linux (or Mandrake,
SuSE, Connectiva, or Debian) it's recommended to configure packages you
install from source with a --prefix of /usr/local or /opt or similar,
so that you (or someone else) can tell the software is not installed
via the package management system.  Otherwise, you end up with a system
where 'rpm -q openssl' claims that openssl-0.9.5a is installed, but
somehow magically openssl-0.9.6b is what applications get built
against....

Of course, it can often be worth the time to roll your own RPM packages
of openssl-0.9.6b, using Red Hat's packages as an example.  Then you
can install them on multiple systems without having to compile each
time, and you've got the spec file to document how the package was
built and with what options it was configured.

-- 
jim knoble | jmknoble at pobox.com   | http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)



More information about the openssh-unix-dev mailing list