如何在openssl中启用EVP功能? [英] How do I enable EVP functions in openssl?

问题描述

我正在尝试将我的Web服务器更新为最新版本的openssl，并带有令人讨厌的补丁(1.0.1g).我从openssl.org抓取了压缩包.通常说./configure; make; make install. 必须说config shared使其生成.so文件(默认情况下，它仅生成.a).更新了/usr/lib64中的链接，使其指向新的.so-

I am trying to update my web server to the latest openssl with the heartbleed patch ( 1.0.1g ). I grabbed the tarball from openssl.org. Said the usual ./configure; make; make install. Had to say config shared to get it to make the .so file ( by default it only generates the .a ). Updated the link in /usr/lib64 to point to the new .so -

现在httpd无法运行，并出现以下投诉:

Now httpd fails to run with the following complaint:

/usr/sbin/httpd: symbol lookup error: /usr/lib64/libssl.so.1: undefined symbol: EVP_idea_cbc

nm -g | grep idea说:U EVP_idea_cbc

...因此它知道该符号，但是该符号未定义.

... so it knows about the symbol, but the symbol is undefined.

Openssl文档说，由于一项专利(显然已于2012年到期)，它们默认情况下禁用IDEA.他们将详细介绍如何禁用它，而不是如何启用它.此外，他们说默认情况下它是禁用的.

Openssl documentation says that they disable IDEA by default, because of a patent ( which apparently expired in 2012 ). They go into great detail on how to disable it, but not on how to enable it. Furthermore, they say it's disabled by default.

Apache httpd需要符号，没有该符号就不会启动.

Apache httpd demands the symbol, and will not start without it.

我尝试说"config shared enable-idea"，并且配置脚本很高兴，但是构建后该符号仍未定义.我将构建输出通过管道传输到一个文件中，并正在编译crypto/idea文件.

I have tried saying "config shared enable-idea" and the config script is happy, but the symbol is still undefined after the build. I piped the build output into a file, and the crypto/idea files ARE being compiled.

以EVP_*开头的每个符号都未定义...在libssl.a中也未定义...所以也许我在拨错IDEA树吗?

EVERY symbol starting in EVP_* is undefined... They are also undefined in libssl.a... So maybe I'm barking up the wrong IDEA tree?

所以我的问题变成了-如何启用这些EVP_*符号?

So my question becomes - how do I enable these EVP_* symbols?

推荐答案

我解决了它.问题很简单.这些符号的确在libssl.so(或.a)中未定义.它们实际上是在libcrypto.so中定义的.我没有得到新的libcrypto.so，因为....

I resolved it. The problem was simple. These symbols are indeed undefined in libssl.so (or .a). They are actually defined in libcrypto.so. I wasn't getting the new libcrypto.so because....

...默认情况下，新的openssl tarball将其输出安装在/usr/local/ssl中.这是可配置的，但它确实要在/something/something/ssl中安装所有ssl内容(包括libs).所以您有/something/something/ssl/lib，/something/something/ssl/bin等

...The new openssl tarball installs its outputs by default in /usr/local/ssl. This is configurable, but it really wants to install ALL the ssl stuff (including the libs) in /something/something/ssl. So you have /something/something/ssl/lib, /something/something/ssl/bin etc.

所以当我说make install时，它创建了/usr/local/ssl并包含了所有好的内容.一世 在/usr/lib64 from openssl.so.1.0.0 -> /usr/local/etc/ssl/lib/openssl.so.1.0.0.中做了一个符号链接，但我没有意识到我需要对libcrypto.so做同样的事情，所以仍然有旧的东西.

So when I said make install, it created /usr/local/ssl with all the good stuff in it. I made a symbolic link in /usr/lib64 from openssl.so.1.0.0 -> /usr/local/etc/ssl/lib/openssl.so.1.0.0. But I did not realize that I needed to do the same for libcrypto.so, so that still had the old stuff.

所以我正在使用新的libssl.so和旧的libcrypto.so.糟糕的魔力.

So I was using the new libssl.so, and an old libcrypto.so. Bad mojo.

这篇关于如何在openssl中启用EVP功能?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！