Login/Register
OpenSSL header does not match current version when compiling
Asked Answered
headeropensslfreeradius
P

7

8

When trying to compile freeRADIUS server 2.2.3, I've gotten the following error message:

checking for OpenSSL version >= 0.9.7... yes
checking OpenSSL library and header version consistency... library: 90819f header: 90812f... no
configure: error: in `/Users/tyrexionibus/Downloads/freeradius-server-2.2.3':
configure: error: OpenSSL library version does not match header version

Actually, the openSSL version is:

tyrexionibus$ openssl version
OpenSSL 1.0.1f 6 Jan 2014

And the header, located in /usr/include/openssl/opensslv.h contains:

#define OPENSSL_VERSION_NUMBER 0x0090819fL

Editing it doesn't solve the issue.

How do I solve this?

Postpaid answered 14/1, 2014 at 7:31 Comment(1)
I assume this is the autoconf's configure tool, there should be a config.log generated that can give more clues about how it's doing the openssl header verification.Hydrosol
N
4

try to remove libssl-dev and install libssl1.0-dev

  1. sudo apt remove libssl-dev
  2. sudo apt install libssl1.0-dev

That worked for me

Novia answered 17/2, 2019 at 16:41 Comment(0)
A
3

The problem is that often the compiler and linker search paths aren't consistent.

By default (unless modified with -isystem or -I) the GCC search path is:

  • /usr/local/include
  • libdir/gcc/target/version/include
  • /usr/target/include
  • /usr/include

By default (unless modified with -L) Apple's linker's search path is:

  • /usr/lib
  • /usr/local/lib

and by default (at least with 2.23.52.20130913 on Ubuntu 13.04) (unless modified with -L) the GNU linker's search path is:

  • /usr/local/lib:
  • /lib/x86_64-linux-gnu:
  • /usr/lib/x86_64-linux-gnu:
  • /usr/lib/x86_64-linux-gnu/mesa:
  • /lib:
  • /usr/lib:

The linker and the compiler may pick up completely different versions of the library's headers and binaries when multiple versions are installed on the system. The compiler may then emit code which is incompatible with the library's ABI, with undefined and usually undesirable behaviour. This is why the check was added.

To ensure consistency you should pass the --with-openssl-includes= and --with-openssl-libraries= flags to the configure script. These directories will then be searched first by the compiler and linker.

./configure --with-openssl-includes=/usr/include --with-openssl-libraries=/usr/lib

will result in the bundled or packaged OpenSSL libraries/headers being used on most systems.

Another option is to set LD_LIBRARY_PATH at configure time, though you'll also need to set this in your init scripts, else the runtime version check (yes, we were thorough) will fail.

Arnitaarno answered 14/1, 2014 at 23:22 Comment(2)
Thank you for your comment, Stack Overflow hasn't notified me of your reply so I've posted this also in the freeRADIUS GitHub. However, setting --with-openssl-includes=/usr/include and --with-openssl-libraries=/usr/lib doesn't solve the issue. Same error message as before. What to do? :(Postpaid
Try /usr/local/lib. I didn't realise you were using OSX where the system headers actually have the incorrect version in the #defines. --with-openssl-includes=/usr/local/include and --with-openssl-libraries=/usr/local/libArnitaarno
A
3

In OSX 10.10 (Yosemite), I have to custom install openssl using brew.

$ brew update
$ brew install openssl
$ brew link --force openssl

Verify the version.

$ openssl version
OpenSSL 1.0.2 22 Jan 2015

I can see which library it is linked to.

$ otool -L /usr/local/bin/openssl
/usr/local/bin/openssl:
    /usr/local/Cellar/openssl/1.0.2/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
    /usr/local/Cellar/openssl/1.0.2/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1213.0.0)

In my configure script I can then specify the OpenSSL path.

$ ./configure --with-ssl-dir=/usr/local/Cellar/openssl/1.0.2
Artery answered 20/2, 2015 at 21:26 Comment(0)
E
1

You should probably check config.log generated by configure (in the same folder): it seems like you have at least 2 or even 3 versions of OpenSSL: 0.9.8r, 0.9.8y and 1.0.1f.

Explanation:

1) OPENSSL_VERSION_NUMBER = 0x0090819f in /usr/include/openssl/opensslv.h means 0.9.8y is installed into /usr;

2) output of command openssl version suggests that you have 1.0.1f somewhere in your PATH, but 1.0.1f defines OPENSSL_VERSION_NUMBER as 0x1000106fL, not 0x0090819f, so it's a different copy from the 1) above.

tyrexionibus$ openssl version
OpenSSL 1.0.1f 6 Jan 2014

3) 90812f in the output of configure means 0.9.8r.

You may also find an OpenSSL version matrix useful to match version numbers in hex (from opensslv.h) with human-readable version strings.

Elswick answered 14/1, 2014 at 10:49 Comment(1)
OK, I'm assuming what you're saying is true. I probably have at least two versions of OpenSSL installed: the one by Apple, and the one by Homebrew. The third may just be due to the header mismatch. But, if I invoke "openssl version", it returns 1.0.1f . My question is, where are the other versions ubicated? What version is freeRADIUS looking?Postpaid
D
0

Just don't forget to add line into /etc/ld.so.conf 

/usr/local/ssl/lib

and run ldconfig.

Without this step your libssl uses system lybcrypto instead of yours one.

Compare

BEFORE:
=======
[root]/usr/local/ssl/lib> ldd ./libssl.so
    linux-vdso.so.1 (0x00007ffe4c93f000)
    libcrypto.so.1.0.0 => /lib64/libcrypto.so.1.0.0 (0x00007febbdcd3000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00007febbdacf000)
    libc.so.6 => /lib64/libc.so.6 (0x00007febbd702000)
     /lib64/ld-linux-x86-64.so.2 (0x0000558484e69000)

AFTER:
======
[root]/usr/local/ssl/lib> ldd ./libssl.so
    linux-vdso.so.1 (0x00007ffcec2aa000)
    libcrypto.so.1.0.0 => /usr/local/ssl/lib/libcrypto.so.1.0.0    (0x00007fa347db5000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00007fa347bb0000)
    libc.so.6 => /lib64/libc.so.6 (0x00007fa3477e4000)
    /lib64/ld-linux-x86-64.so.2 (0x00005567459c7000)

I was really happy when discovered this :=)

Duala answered 6/2, 2016 at 9:23 Comment(0)
G
0

try this

./configure --with-openssl-lib-dir=/usr/local/openssl/lib/ --with-openssl-include-dir=/usr/local/openssl/include/
Gayle answered 27/2, 2017 at 8:22 Comment(2)
Please forgive my ignorance... Is this a guess or an answer?Emblematize
Welcome to SO. Please not that code only answers do not fulfill SO standards. Have a look here: stackoverflow.com/help/how-to-answerSulphuryl
T
0

This fixed it for me...

sudo apt-get install libssl-dev
Twinberry answered 17/12, 2018 at 16:31 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.