make test fails on SLES 10.2 ia64 = undefined symbol:SSL_CTX_set_client_cert_cb

Mark Lavi mlavi at sgi.com
Thu May 7 18:07:22 EDT 2009


Thanks for the quick response Joe, that was indeed the issue:

$ ldd test/ssl
  linux-gate.so.1 =>  (0xa000000000000000)
  libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x200000000004c000)
  libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0x20000000000dc000)
  libxml2.so.2 => /usr/lib/libxml2.so.2 (0x2000000000348000)
  libdl.so.2 => /lib/libdl.so.2 (0x20000000005f8000)
  libz.so.1 => /lib/libz.so.1 (0x2000000000610000)
  libm.so.6.1 => /lib/libm.so.6.1 (0x2000000000644000)
  libc.so.6.1 => /lib/libc.so.6.1 (0x2000000000714000)
  /lib/ld-linux-ia64.so.2 (0x2000000000000000)

$ LD_LIBRARY_PATH=/data/bootstrap/lib
$ ldd test/ssl
  linux-gate.so.1 =>  (0xa000000000000000)
  libssl.so.0.9.8 => /data/bootstrap/lib/libssl.so.0.9.8
(0x200000000004c000)
  libcrypto.so.0.9.8 => /data/bootstrap/lib/libcrypto.so.0.9.8
(0x20000000000e4000)
  libxml2.so.2 => /data/bootstrap/lib/libxml2.so.2 (0x2000000000350000)
  libdl.so.2 => /lib/libdl.so.2 (0x2000000000618000)
  libz.so.1 => /data/bootstrap/lib/libz.so.1 (0x2000000000630000)
  libm.so.6.1 => /lib/libm.so.6.1 (0x2000000000668000)
  libc.so.6.1 => /lib/libc.so.6.1 (0x2000000000738000)
  /lib/ld-linux-ia64.so.2 (0x2000000000000000)

Now I encounter only one error in make check, is it critical? Excerpt:

-> running `ssl':
 0. init.................. pass
 1. load_server_certs..... pass
 2. trust_default_ca...... pass
 3. cert_fingerprint...... pass
 4. cert_identities....... pass
 5. cert_validity......... pass
 6. cert_compare.......... pass
 7. dname_compare......... pass
 8. dname_readable........ pass
 9. import_export......... pass
10. read_write............ pass
11. load_client_cert...... pass
12. simple................ pass
13. simple_sslv2.......... server child failed: SSL accept failed: SSL
error: non sslv2 initial packet
FAIL (error from server process)
14. simple_eof............ pass
15. empty_truncated_eof... pass
16. fail_not_ssl.......... pass
17. cache_cert............ pass
18. client_cert_pkcs12.... pass
19. ccert_unencrypted..... pass
20. client_cert_provided.. pass
21. cc_provided_dnames.... pass
22. no_client_cert........ pass
23. client_cert_ca........ pass
24. parse_cert............ pass
25. parse_chain........... pass
26. no_verify............. pass
27. cache_verify.......... pass
28. wildcard_match........ pass
29. caseless_match........ pass
30. subject_altname....... pass
31. two_subject_altname... pass
32. two_subject_altname2.. pass
33. notdns_altname........ pass
34. ipaddr_altname........ pass
35. uri_altname........... pass
36. multi_commonName...... pass
37. commonName_first...... pass
38. fail_wrongCN.......... pass
39. fail_expired.......... pass
40. fail_notvalid......... pass
41. fail_untrusted_ca..... pass
42. fail_self_signed...... pass
43. fail_missing_CN....... pass
44. fail_host_ipaltname... pass
45. fail_bad_ipaltname.... pass
46. fail_bad_urialtname... pass
47. session_cache......... pass
48. fail_tunnel........... pass
49. proxy_tunnel.......... pass
50. auth_proxy_tunnel..... pass
51. auth_tunnel_creds..... pass
52. auth_tunnel_fail...... pass
53. nonssl_trust.......... pass
54. pkcs11................ WARNING: NSS required for PKCS#11 testing
    ...................... SKIPPED
-> 1 test was skipped.
<- summary for `ssl': of 54 tests run: 53 passed, 1 failed. 98.1%
-> 1 warning was issued. 

Relevant debug.log excerpt:

******* Running test 13: simple_sslv2 ********
HTTP session to https://localhost:7777 begins.
Identity match for '': bad
Running pre_send hooks
Sending request headers:
GET /foo HTTP/1.1^M
Host: localhost:7777^M
Keep-Alive: ^M
Connection: TE, Keep-Alive^M
TE: trailers^M
^M
Sending request-line and headers:
Doing DNS lookup on localhost...
Connecting to 127.0.0.1
Doing SSL negotiation.
sess: Closing connection.
sess: Connection closed.
Request ends, status 0 class 0xx, error line:
SSL negotiation failed: Secure connection truncated
Running destroy hooks.
Request ends.
******* Running test 14: simple_eof ********

Thanks again.

-----Original Message-----
From: Joe Orton [mailto:joe at manyfish.co.uk] 
Sent: Thursday, May 07, 2009 1:42 PM
To: Mark Lavi
Cc: neon at lists.manyfish.co.uk
Subject: Re: make test fails on SLES 10.2 ia64 = undefined
symbol:SSL_CTX_set_client_cert_cb

On Thu, May 07, 2009 at 03:26:22PM -0500, Mark Lavi wrote:
...
> ./configure --prefix=/data/bootstrap --with-libs=/data/bootstrap 
> --without-gssapi --with-ssl=openssl --with-libxml2 \  
> LD_LIBRARY_PATH=/data/bootstrap/lib LDFLAGS=-L/data/bootstrap/lib 
> CPPFLAGS=-I/data/bootstrap/include
>  
> Here's the pertinent openSSL portion...
...
>      [exec] checking for openssl pkg-config data... yes
>      [exec] configure: using SSL library configuration from pkg-config

1) configure is probably picking up pkg-config data from a system
OpenSSL

2) passing LD_LIBRARY_PATH on the configure line has no effect AFAIK -
it's certainly not passed through the neon build environment.  Set this
as a normal env var before running configure.

3) Check by running "ldd" against the test/ssl binary to see whether the
built binary is picking up a system OpenSSL or your homebrew version.

Regards, Joe




More information about the neon mailing list