[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] v1.6.0 compile oddness on a redhat 9 box.

  • Subject: Re: [Openvpn-users] v1.6.0 compile oddness on a redhat 9 box.
  • From: "James Yonan" <jim@xxxxxxxxx>
  • Date: Mon, 26 Jul 2004 19:25:07 -0000


See the end of this message for a repost of a technique that has worked for
others as far as getting around RH9's OpenSSL brokenness.


"Khan St. Preest" <ksp@xxxxxxxxxxxx> said:

> I downloaded and searched the latest openvpn-users archive and couldn't
> weed out any information that seemed specific to this problem. I did find
> some references to passing the specific library paths to ./configure but I
> tried several iterations of that and it didn't work. It seems that the
> unique problem in my rh9 config is that kssl.h has an include statement
> for krb5.h which is apparently what causes ./configure to bomb. I briefly
> checked several of my other openvpn systems (all distros other than rh9)
> and none of them include krb5.h in this manner. If I comment out the
> #include <krb5.h> statement then ./configure completes but make fails. I
> finally did a search for a pre-compiled binary rpm for redhat 9 and found
> several. I installed one of them, and it works, but I'm somewhat leary of
> running crypto software compiled by an unofficial source.
> I see that others on the list are running openvpn with redhat 9. I'd
> really appreciate it if some of you could comment back to me about what
> you did to get it to work, particularly those who compiled it themselves.
> Thanks.
> > I would suggest you scan the archives on this.  I definitely recall that
> > there
> > are issues with compiling code on RH9 which use OpenSSL headers, as
> > OpenVPN does.
> >
> > James

mhutch <mhutch@xxxxxxxxxx> said:

> pi <list <at> wehowski.com> writes:
> > 
> > while trying to install on a RH9
> > 
> > (./configure )
> > 
> > or trying to build the RPM
> > I always got
> > 
> > 
> > configure: checking for OpenSSL SSL Library and Header files...
> > checking openssl/ssl.h usability... no
> > checking openssl/ssl.h presence... no
> > checking for openssl/ssl.h... no
> > configure: error: OpenSSL SSL headers not found.
> > 
> > I have ssl installed
> > 
> > [root <at> moulinsart openvpn-1.5.0]# locate ssl.h
> > 
> > /usr/include/openssl/kssl.h
> > /usr/include/openssl/ssl.h
> > 
> > 
> > can someone help ?
> > 
> > Phil
> > 
> I have the same problem.  I have both openssl and openssl-devel installed.
> The strange thing is that I had openvpn 1.5 running on the same machine under 
> RedHat 9 previously, with no problems.  After a reinstall last week I can no 
> longer get it to build.
> Specifiying the openssl build directory to ./configure didn't help either.
> All suggestions that don't involve a sledgehammer appreciated.

It is possible to build OpenSSL locally on your machine, and statically link
OpenVPN with that build, without needing to reinstall OpenSSL globally.  This
method has the advantage of working on systems with a broken build environment
that does not see OpenSSL headers for whatever reason.

Download the OpenSSL tarball from openssl.org, follow the easy build instructions:

  $ ./config
  $ make
  $ make test

Note that you don't need to actually install it with a "make install", so it
will not intrude upon your distro's already-installed OpenSSL libs.

Now build OpenVPN, but use these flags when you run ./configure :

--with-ssl-headers=$d/include --with-ssl-lib=$d

where $d is the top level directory of the OpenSSL build.

This is an easy way to make an OpenVPN that statically links with the latest
OpenSSL version (with new ciphers such as AES), without actually affecting
your distro's installed OpenSSL and all the packages which depend on it.


Openvpn-users mailing list