httpd compiled fine with ssl 1.0.0 without any of the shared ldap modules, but when they were added I could no longer compile httpd. config.nice "./configure" \ "--enable-layout=Apache" \ "--enable-mods-shared=all ldap auth_ldap dav dav-fs dav-lock" \ "--with-z=/usr/local" \ "--with-ldap" \ "--with-ldap-dir=/usr/local" \ "--enable-ssl" \ "--with-ssl=/usr/local/ssl" \ "--enable-suexec" ssl_engine_init.c: In function `ssl_init_ctx_protocol': ssl_engine_init.c:391: warning: assignment discards qualifiers from pointer target type ssl_engine_init.c:397: warning: assignment discards qualifiers from pointer target type ssl_engine_init.c: In function `ssl_init_ctx_verify': ssl_engine_init.c:534: error: `STACK' undeclared (first use in this function) ssl_engine_init.c:534: error: (Each undeclared identifier is reported only once ssl_engine_init.c:534: error: for each function it appears in.) ssl_engine_init.c:534: error: syntax error before ')' token ssl_engine_init.c: In function `ssl_init_FindCAList': ssl_engine_init.c:1109: warning: pointer type mismatch in conditional expression *** Error code 1 make: Fatal error: Command failed for target `ssl_engine_init.slo' Current working directory /usr/local/src/httpd-2.0.63/modules/ssl *** Error code 1 The following command caused the error: if test `pwd` = "/usr/local/src/httpd-2.0.63"; then \ echo "" ; \ fi; \ list=''; for i in $list; do \ target="shared-build"; \ if test "$i" = "."; then \ made_local=yes; \ target="local-shared-build"; \ fi; \ if test "$i" != "srclib"; then \ (cd $i && make $target) || exit 1; \ fi; \ done; \ if test -f 'modules.mk'; then \ if test -n 'mod_ssl.la'; then \ echo "Building shared: mod_ssl.la"; \ if test "$made_local" != "yes"; then \ make "local-shared-build" || exit 1; \ fi; \ fi; \ fi; \ if test `pwd` = "/usr/local/src/httpd-2.0.63"; then \ echo "" ; \ fi make: Fatal error: Command failed for target `shared-build-recursive' Current working directory /usr/local/src/httpd-2.0.63/modules/ssl *** Error code 1 The following command caused the error: if test `pwd` = "/usr/local/src/httpd-2.0.63"; then \ echo "" ; \ fi; \ list='aaa experimental filters loggers metadata ssl http dav/main generators dav/fs mappers'; for i in $list; do \ target="shared-build"; \ if test "$i" = "."; then \ made_local=yes; \ target="local-shared-build"; \ fi; \ if test "$i" != "srclib"; then \ (cd $i && make $target) || exit 1; \ fi; \ done; \ if test -f 'modules.mk'; then \ if test -n ''; then \ echo "Building shared: "; \ if test "$made_local" != "yes"; then \ make "local-shared-build" || exit 1; \ fi; \ fi; \ fi; \ if test `pwd` = "/usr/local/src/httpd-2.0.63"; then \ echo "" ; \ fi make: Fatal error: Command failed for target `shared-build-recursive' Current working directory /usr/local/src/httpd-2.0.63/modules *** Error code 1 The following command caused the error: if test `pwd` = "/usr/local/src/httpd-2.0.63"; then \ echo "" ; \ fi; \ list='srclib os server modules support'; for i in $list; do \ target="shared-build"; \ if test "$i" = "."; then \ made_local=yes; \ target="local-shared-build"; \ fi; \ if test "$i" != "srclib"; then \ (cd $i && make $target) || exit 1; \ fi; \ done; \ if test -f 'modules.mk'; then \ if test -n ''; then \ echo "Building shared: "; \ if test "$made_local" != "yes"; then \ make "local-shared-build" || exit 1; \ fi; \ fi; \ fi; \ if test `pwd` = "/usr/local/src/httpd-2.0.63"; then \ echo "" ; \ fi make: Fatal error: Command failed for target `shared-build-recursive' Current working directory /usr/local/src/httpd-2.0.63 *** Error code 1 The following command caused the error: otarget=`echo all-recursive|sed s/-recursive//`; \ list=' srclib os server modules support'; \ for i in $list; do \ if test -d "$i"; then \ target="$otarget"; \ echo "Making $target in $i"; \ if test "$i" = "."; then \ made_local=yes; \ target="local-$target"; \ fi; \ (cd $i && make $target) || exit 1; \ fi; \ done; \ if test "$otarget" = "all" && test -z 'httpd shared-build suexec'; then \ made_local=yes; \ fi; \ if test "$made_local" != "yes"; then \ make "local-$otarget" || exit 1; \ fi make: Fatal error: Command failed for target `all-recursive'
Only thing I've found related to it. http://mail-index.netbsd.org/pkgsrc-users/2009/08/25/msg010531.html On Tue, Aug 25, 2009 at 07:48:30AM +0200, Thomas Klausner wrote: > Hi! > > On current/amd64, apache, mutt-devel and kdelibs3 fail with similar > errors: The "pointer target type" errors are because the OpenSSL guys finally applied some const poisoning. Unfortunately, they took so long to do so that most applications' default GCC settings now make this an effective API change. The STACK errors are just annoying. It's one of those pseudo-openssl- internal parts of the API (like OPENSSL_malloc()/OPENSSL_free()) that is documented in the manual pages for other parts of the API and can't be avoided if you want to do certain things that are allegedly supported; yet since it's not directly documented itself I guess they feel free to change it and break people's application code. These problems are making me think that, despite the pain, it might be best to back OpenSSL down to 1.0.0-beta3 in our tree. That would also make life easier for people who want to use the FIPS canister in the future, I think. Thor
Apparently I was wrong, will not compile at all with openssl 1.0.0 with the same error. LDFLAGS="-L/usr/local/lib -L/usr/local/ssl/lib -R/usr/local/lib -R/usr/local/ssl/lib" \ ./configure \ --enable-layout=Apache \ --enable-mods-shared="all" \ --enable-ssl \ --with-ssl=/usr/local/ssl \ --enable-suexec
Created attachment 30628 [details] Patch to enable compilation against OpenSSL 1.0 Patch to enable compilation of httpd 2.0 with OpenSSL 1.0. Note that httpd 2.2 and higher compile cleanly against OpenSSL 1.0 out of the box. Before using the patch consider upgrading to a still supported version of httpd (e.g. 2.4 or 2.2).
patch available here for 2.0, works in 2.2 -- closing report.