Dave,
On Fri, 23 Jun 2006, Dave Hinz wrote:
This is probably a very basic problem, but I've checked the FAQ and googled through the mailing list's archives and I'm not seeing what appears to be a match for this problem. I'm completely new to stunnel. It built and runs just fine on one of my linux dev boxes, but on Solaris, I can't get it to run.
Attempting to run /usr/local/sbin/stunnel, I get the following:
---begin output--- jabba% ./stunnel ld.so.1: ./stunnel: fatal: libssl.so.0.9.7: open failed: No such file or directory Killed ---end output---
The various debug switches to stunnel give the same output - it's dying before anything can be started, apparently.
libssl.so.0.9.7 is located on that box at /usr/local/ssl/lib/libssl.so.0.9.7and other ssl functions of the system appear to work normally. I suspect that stunnel just doesn't know how to find it, but I'm at a loss as to how to tell it where to look. Can someone suggest my next steps please?
I'm aware of (at least) three ways to go about fixing this;_
1) Mess around with crle(1) to modify the loading environment system-wide. I've never (yet) been down this road myself, so can only suggest you read the man page.
2) Set LD_LIBRARY_PATH at run-time so that stunnel can find the library. At the moment, 'ldd stunnel' will probably say something like ... libssl.so.0.9.7 => (file not found) ... whereas 'LD_LIBRARY_PATH=/usr/local/ssl/lib ldd stunnel' will hopefully say ... libssl.so.0.9.7 => /usr/local/ssl/lib/libssl.so.0.9.7 ...
3) Set LD_RUN_PATH at _compile_ time, so that the location is built into the stunnel binary. I did this at configure time - my notes from a while back say :-
./configure --prefix=/usr/local/stunnel-4.13 --disable-libwrap \ --with-ssl=/usr/local/openssl-0.9.7 \ LDFLAGS='-R /usr/local/openssl-0.9.7/lib'
(LDFLAGS='-R ... is equivalent to setting LD_RUN_PATH, though I can't now remember exactly how/why!) If you run 'dump' on the resulting binary, you will see something like
$ dump -Lv stunnel
stunnel:
**** DYNAMIC SECTION INFORMATION **** .dynamic: [INDEX] Tag Value [...] [5] NEEDED libssl.so.0.9.7 [...] [10] RUNPATH /usr/local/openssl-0.9.7/lib [11] RPATH /usr/local/openssl-0.9.7/lib [...]
My understanding is that (2) is frowned upon by purists, (3) is fine if you want to fix up a single application, and (1) is better if you will be wanting to incorporate openssl into a number of applications. YMMV etc.
HTH, Richard