Solved www/apache24, undefined reference to `SSLv2_client_method'

[trumee]

I am trying to compile apache24 but getting the following error:

ab.o: In function `main':
ab.c:(.text+0x87a): undefined reference to `SSLv2_client_method'
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** Error code 1

Stop.
make[3]: stopped in /wrkdirs/usr/ports/www/apache24/work/httpd-2.4.29/support
*** Error code 1

Stop.
make[2]: stopped in /wrkdirs/usr/ports/www/apache24/work/httpd-2.4.29/support
*** Error code 1

Stop.
make[1]: stopped in /wrkdirs/usr/ports/www/apache24/work/httpd-2.4.29
*** Error code 1

Stop.
make: stopped in /usr/ports/www/apache24
=>> Cleaning up wrkdir
make: Working in: /usr/ports/www/apache24
===>  Cleaning for apache24-2.4.29
build of www/apache24 | apache24-2.4.29 ended at Sat Feb 24 08:43:07 CST 2018
build time: 00:01:09
!!! build failure encountered !!!

My poudriere file is:

# less /usr/local/etc/poudriere.d/make.conf 
# No X11, HAL or NLS. These are set globally for every port.
OPTIONS_UNSET= X11
OPTIONS_UNSET+= HAL
OPTIONS_UNSET+= NLS


# Use the port version OpenSSL where possible
#WITH_OPENSSL_PORT=yes
DEFAULT_VERSIONS+=ssl=base


# ftp/curl. Avoid linking to base system OpenSSL libraries.
ftp_curl_SET= GSSAPI_NONE
ftp_curl_UNSET= GSSAPI_BASE

#Use pgsql 9.4
DEFAULT_VERSIONS+= pgsql=9.4

Any way to fix this?

 

[DutchDaemon]

Take a look at the options with which OpenSSL is compiled. It may disable SSLv2 (and even SSLv3) by default nowadays. Which is a good thing, you really need to have a very valid reason to still offer anything below TLSv1+ now. If you really need unsafe SSL versions, you may have to switch to the port version and manually enable them.

 

[trumee]

Here are my settings for OpenSSL,

# poudriere options -c security/openssl

# poudriere options -c security/openssl-devel

What do I need to change?

 

[DutchDaemon]

Are you using the port, though? You posted this:

# Use the port version OpenSSL where possible
#WITH_OPENSSL_PORT=yes
DEFAULT_VERSIONS+=ssl=base

Unless you have a jail-specific make.conf that overrules this, you're probably using the base OpenSSL. Whether that has removed SSLv2/3 I don't know, but I wouldn't be surprised.

 

[trumee]

I enabled openssl in make.conf as follows

# No X11, HAL or NLS. These are set globally for every port.
OPTIONS_UNSET= X11
OPTIONS_UNSET+= HAL
OPTIONS_UNSET+= NLS


# Use the port version OpenSSL where possible
WITH_OPENSSL_PORT=yes
#DEFAULT_VERSIONS+=ssl=base


# ftp/curl. Avoid linking to base system OpenSSL libraries.
ftp_curl_SET= GSSAPI_NONE
ftp_curl_UNSET= GSSAPI_BASE

#Use pgsql 9.4
DEFAULT_VERSIONS+= pgsql=9.4

Unfortunately, apache still failed to build

=======================<phase: check-sanity   >============================
/!\ ERRORS /!\

WITH_OPENSSL_PORT is unsupported, please use DEFAULT_VERSIONS+=ssl=base

in

your

make.conf

*** Error code 1

Stop.
make: stopped in /usr/ports/www/apache24
=>> Cleaning up wrkdir
===>  Cleaning for apache24-2.4.29
build of www/apache24 | apache24-2.4.29 ended at Sat Feb 24 17:16:22 CST 2018
build time: 00:00:05
!!! build failure encountered !!!

 

[tobik@]

If you want to use the port version of OpenSSL (security/openssl) use

DEFAULT_VERSIONS+=ssl=openssl

or for security/openssl-devel

DEFAULT_VERSIONS+=ssl=openssl-devel

The error message you get is weird. I'm not sure why it tells you to use ssl=base.

 

[SirDice]

It's throwing an error because WITH_OPENSSL_PORT is now an unsupported option. And I think it just reports what the setting currently is. Use DEFAULT_VERSIONS as shown above to change OpenSSL.