Compiling openssh v6.5 with --with-ssl-dir not working

Ethier, Michael methier at CGR.Harvard.edu
Tue Feb 4 06:18:58 EST 2014 

Hi Iain,

Yup that did it. I recompiled OpenSSL with:

./config -fPIC --prefix=.....

And the OpenSSH 6.5 worked. This was not required in previous versions of OpenSSH.

Thanks for your reply.
Mike

-----Original Message-----
From: Iain Morgan [mailto:imorgan at nas.nasa.gov] 
Sent: Monday, February 03, 2014 1:48 PM
To: Ethier, Michael
Cc: openssh-unix-dev at mindrot.org
Subject: Re: Compiling openssh v6.5 with --with-ssl-dir not working

On Mon, Feb 03, 2014 at 14:46:20 +0000, Ethier, Michael wrote:
> Hello,
> 
> I am trying to compile openssh v6.5p1 with openssl-1.0.1f and it 
> doesn't seem to find my custom openssl libraries and defaults to the 
> system version. This has been working on all previous openssh version until v6.5. Is this a bug ? More details below:
> 
> [root at test openssh-6.5p1]# ./configure 
> --prefix=/usr/local/openssh-6.5p1 --with-tcp-wrappers --with-selinux 
> --with-kerberos5 --with-ssl-engine --with-pam --with-md5-passwords 
> --with-ssl-dir=/usr/local/openssl-1.0.1f
> ...
> ...
> checking whether getpgrp requires zero arguments... yes checking 
> openssl/opensslv.h usability... yes checking openssl/opensslv.h 
> presence... yes checking for openssl/opensslv.h... yes checking 
> OpenSSL header version... 90802f (OpenSSL 0.9.8e-rhel5 01 Jul 2008) 
> checking OpenSSL library version... 90802f (OpenSSL 0.9.8e-fips-rhel5 
> 01 Jul 2008) checking whether OpenSSL's headers match the library... 
> yes checking if programs using OpenSSL functions will link... yes
> 
> 
> So the version of SSL is not the proper one. I have installed openssl-1.0.1f in /usr/local:
> [root at iliadaccess04 src]# ls -l /usr/local/openssl-1.0.1f total 16 
> drwxr-xr-x 2 root root 4096 Jan 15 08:35 bin drwxr-xr-x 3 root root 
> 4096 Jan 15 08:35 include drwxr-xr-x 4 root root 4096 Jan 15 08:35 lib 
> drwxr-xr-x 6 root root 4096 Jan 15 08:35 openssl
> 
> Any ideas ?
> 
> Thanks,
> Mike
> 

I suspect that you are running into a similar issue to what I encountered during the early testing of the additional build-hardening options.

If you check config.log, you will most likely find that linking against your copy of libcrypto failed and that the build system fell back to the system-provided library. Try rebuilding OpenSSL, but add -fPIC when you run ./config. At least, that worked for me.

--
Iain Morgan

More information about the openssh-unix-dev mailing list