[stunnel-users] Stunnel 5.17 build on AIX - libssp missing

Rob Lockhart rlockhar at gmail.com
Thu May 7 23:54:54 CEST 2015


I have AIX 6.1 (64-bit) with GCC 4.2.0. It has an older version of OpenSSL
(0.9.8) installed from IBM but I'm trying to compile Stunnel 5.17 with
OpenSSL 1.0.2a-fips as non-root. I proceed as follows:

cd ~; [ -d openssl ] && rm -rf openssl; mkdir openssl
cd ~/OpenSSL; [ -d openssl-fips-2.0.9 ] && rm -rf openssl-fips-2.0.9
gzip -dc openssl-fips-2.0.9.tar.gz | tar xvf -
cd openssl-fips-2.0.9; chmod 755 Configure
./Configure aix64-gcc --openssldir=$HOME/openssl
make
make install

NOTE: the above is just the FIPS canister (library), not the executable.

cd ~/OpenSSL; [ -d openssl-1.0.2a ] && rm -rf openssl-1.0.2a
gzip -dc openssl-1.0.2a.tar.gz | tar xvf -
cd openssl-1.0.2a; chmod 755 Configure
./Configure aix64-gcc fips shared --openssldir=$HOME/openssl
--with-fipsdir=$HOME/openssl
make depend
make
make test
make install
cd ~/openssl/bin; ./openssl version; ./openssl speed

NOTE: Look for "ALL OCSP TESTS SUCCESSFUL" after "make test" to verify the
test build was successful, and it was.
NOTE: "./openssl version" should show "OpenSSL 1.0.2a-fips 19 Mar 2015"
NOTE: "./openssl speed" should take a while as it's measuring the speed for
all algorithms

Final test of OpenSSL 1.0.2a-fips:
./openssl sha1 -hmac etaonrishdlcupfm ~/OpenSSL/openssl-fips-2.0.9.tar.gz
  - should return:  54552e9a3ed8d1561341e8945fcdec55af961322

Now, I try to compile Stunnel:

rm -rf $HOME/stunnel-bin; mkdir $HOME/stunnel-bin
cd ~/Stunnel; [ -f stunnel-5.17 ] && rm -rf stunnel-5.17
gzip -dc stunnel-5.17.tar.gz | tar xvf - ; cd stunnel-5.17
./configure --enable-fips --prefix=$HOME/stunnel-bin
--with-ssl=$HOME/openssl
make

I get a failure at make for a library not found:

        /bin/sh ../libtool  --tag=CC    --mode=link gcc  -g -O2
-D_THREAD_SAFE  -Wall -Wextra -Wformat=2 -Wconversion -Wno-long-long
-Wno-deprecated-declarations -fstack-protector -fPIE -D_FORTIFY_SOURCE=2
 -L/home/lockharr/openssl/lib64 -L/home/lockharr/openssl/lib -lssl -lcrypto
 -o stunnel  stunnel-tls.o stunnel-str.o  stunnel-file.o stunnel-client.o
 stunnel-log.o stunnel-options.o  stunnel-protocol.o stunnel-network.o
 stunnel-resolver.o stunnel-ssl.o  stunnel-ctx.o stunnel-verify.o
 stunnel-sthreads.o stunnel-fd.o  stunnel-stunnel.o  stunnel-pty.o
stunnel-libwrap.o  stunnel-ui_unix.o  -lpthreads
libtool: link: gcc -g -O2 -D_THREAD_SAFE -Wall -Wextra -Wformat=2
-Wconversion -Wno-long-long -Wno-deprecated-declarations -fstack-protector
-fPIE -D_FORTIFY_SOURCE=2 -o stunnel stunnel-tls.o stunnel-str.o
stunnel-file.o stunnel-client.o stunnel-log.o stunnel-options.o
stunnel-protocol.o stunnel-network.o stunnel-resolver.o stunnel-ssl.o
stunnel-ctx.o stunnel-verify.o stunnel-sthreads.o stunnel-fd.o
stunnel-stunnel.o stunnel-pty.o stunnel-libwrap.o stunnel-ui_unix.o
 -L/home/lockharr/openssl/lib64 -L/home/lockharr/openssl/lib -lssl -lcrypto
-lpthreads
collect2: library libssp_nonshared not found

The interesting part is that doing a "grep -R libssp" of the source tree
only shows one reference to libssp:

$ grep -R libssp *
stunnel-5.17/tools/stunnel.nsi:  # MINGW builds requires libssp-0.dll
instead of msvcr90.dll

Googling showed some really old links that had libssp skipped for GCC on
AIX:
http://gcc.gnu.org/ml/gcc-patches/2005-09/msg01231.html
and another that added it back in:
http://marc.info/?l=gcc-patches&m=130168534803966

Can anyone who has compiled this for AIX give me a clue about what's going
on? This looks like a reference to a non-existent library but I would think
that if GCC needed that, it wouldn't allow the RPM for GCC to be installed.

Thanks,
  -Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150507/18f46697/attachment.html>


More information about the stunnel-users mailing list