Solved Help compiling sendmail with OpenSSL base (1.0.2) vs. ports (1.1.1)

jwdevel

Member

Reaction score: 3
Messages: 23

I have let my installation drift a bit, so it is running an outdated 11.3-RELEASE-p3.
I'm currently doing a source upgrade to 11.4, and from there I'm planning to jump to 12.x.

But currently I'm stuck on the 11.4 compile, because sendmail fails.

The compile error is:
Code:
    main.o: In function `main':
    /usr/src/contrib/sendmail/src/main.c:653: undefined reference to `SSLeay'
    tls.o: In function `init_tls_library':
    /usr/src/contrib/sendmail/src/tls.c:339: undefined reference to `SSL_library_init'
    /usr/src/contrib/sendmail/src/tls.c:340: undefined reference to `SSL_load_error_strings'
    /usr/src/contrib/sendmail/src/tls.c:341: undefined reference to `OPENSSL_add_all_algorithms_noconf'
    tls.o: In function `inittls':
    /usr/src/contrib/sendmail/src/tls.c:912: undefined reference to `SSLv23_server_method'
    /usr/src/contrib/sendmail/src/tls.c:913: undefined reference to `SSLv23_client_method'
    /usr/src/contrib/sendmail/src/tls.c:1148: undefined reference to `SSLeay'
    /usr/src/contrib/sendmail/src/tls.c:1152: undefined reference to `sk_num'
    /usr/src/contrib/sendmail/src/tls.c:1298: undefined reference to `SSL_CTX_set_tmp_rsa_callback'
    tls.o: In function `tlslogerr':
    /usr/src/contrib/sendmail/src/tls.c:1940: undefined reference to `CRYPTO_thread_id'
    cc: error: linker command failed with exit code 1 (use -v to see invocation)
    *** Error code 1

I'm pretty sure I understand *why* this is happening, but I don't know how to fix it.

The linker line is:

Code:
    cc -O2 -pipe -I/usr/src/contrib/sendmail/src -I/usr/src/contrib/sendmail/include -I. -DNEWDB -DNIS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -DTCPWRAPPERS -I/usr/local/include/sasl -DSASL -g -std=gnu99 -fstack-protector-strong -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-enum-conversion -Wno-unused-local-typedef -Wno-address-of-packed-member -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -Qunused-arguments  -L/usr/local/lib -o sendmail.full alias.o arpadate.o bf.o collect.o conf.o control.o convtime.o daemon.o deliver.o domain.o envelope.o err.o headers.o macro.o main.o map.o mci.o milter.o mime.o parseaddr.o queue.o ratectrl.o readcf.o recipient.o savemail.o sasl.o sfsasl.o shmticklib.o sm_resolve.o srvrsmtp.o stab.o stats.o sysexits.o timers.o tls.o trace.o udb.o usersmtp.o util.o version.o  -lsasl2  -lutil -L/usr/obj/usr/src/lib/libsm -L/usr/obj/usr/src/lib/libsm -lsm -L/usr/obj/usr/src/lib/libsmutil -lsmutil  -lssl  -lcrypto  -lwrap

And importantly, you can see the "-L/usr/local/lib" and later "-lssl".

So, I believe this is linking against my openssl 1.1.1 from ports, rather than the 1.0.2 version in base.
The 1.1.1 version doesn't have those symbols, hence the error.

However!

I need to have the /usr/local/lib linker path, because I am also compiling with cyrus-sasl2 (see this entry in the handbook: https://docs.freebsd.org/doc/11.4-R...en_US.ISO8859-1/books/handbook/SMTP-Auth.html)

So, I need that linker option, but I also want it to use the base version of OpenSSL rather than the ports one.

What is the proper way to resolve this?

Currently, I'm considering just rearranging the symlinks of /usr/local/lib/xxx.so to point to the /usr/lib/ paths, but this feels hacky and once those links are put back to normal, I'm not sure if sendmail will actually load the right lib at runtime, either.

What's the right way to have compile sendmail, when OpenSSL 1.1.1 is also installed, and I also need -L/usr/local/lib on the linker line?

I have also tried putting in /etc/make.conf:
Code:
DEFAULT_VERSIONS+= ssl=base

but this seems to have no effect.
 
OP
J

jwdevel

Member

Reaction score: 3
Messages: 23

Ah, I found this bug: PR 244937

The documentation for using SASL with FreeBSD was out of date.
With the correction noted in that bug report, it compiled fine, using the base version of OpenSSL and the ports version of cyrus-sasl2.
 
Top