OpenSSH-7.1p1 fails configure check with LibreSSL-2.2.4

Austin English austinenglish at
Tue Nov 10 15:23:12 AEDT 2015

On Mon, Nov 9, 2015 at 5:35 PM, Darren Tucker <dtucker at> wrote:
> On Tue, Nov 10, 2015 at 9:22 AM, Austin English <austinenglish at> wrote:
>> Howdy,
>> I'm attempting to compile openssh-7.1p1 using libressl-2.2.4 for the
>> ssl implementation. Unfortunately, this fails to work (tested on
>> Debian Unstable and Gentoo):
> [...]
>> conftest.c:225:4: warning: implicit declaration of function 'exit'
>> [-Wimplicit-function-declaration]
>>     exit(1);
>>     ^
> These things are noise.  I'll fix them, but they're not the cause of
> your problem.

Sure, just wanted to be complete.

>> ./conftest: error while loading shared libraries:
>> cannot open shared object file: No such file or directory
> This is the problem: configure is telling the linker to link against
> libcrypto in the libressl directory but you have not told the runtime
> linker to look there for shared libraries, so your binaries (in this
> case, the configure test) fail at runtime.
> To fix this you probably want to either:
>  - add /opt/libressl-2.2.4/lib to /etc/ld.conf or /etc/ld.conf.d/ and
> run ldconfig
>  - remove the .so files from /opt/libressl-2.2.4/lib so that the
> linker will pick up the static libcrypto.

I tried removing the .so's, but openssh then falls back to the system
openssl instead of the specified ssl. The .a's are present (I also
tried explicitly building libressl with --enable-shared, but that made
no difference).

>> doing:
>> export LD_LIBRARY_PATH=/opt/libressl-2.2.4
>> Works around this issue, and allows OpenSSH to compile (though some
>> tests fail that don't with openssl-1.0.2d.
> That'll help anything that inherits the environment, but anything that
> sanitizes its environment (eg sudo) will fail, and the resulting
> binaries won't work without the environment variable.
> --
> Darren Tucker (dtucker at
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.


More information about the openssh-unix-dev mailing list