[stunnel-users] Stunnel 5.17 build on AIX - libssp missing
Rob Lockhart
rlockhar at gmail.com
Thu May 7 23:54:54 CEST 2015
I have AIX 6.1 (64-bit) with GCC 4.2.0. It has an older version of OpenSSL
(0.9.8) installed from IBM but I'm trying to compile Stunnel 5.17 with
OpenSSL 1.0.2a-fips as non-root. I proceed as follows:
cd ~; [ -d openssl ] && rm -rf openssl; mkdir openssl
cd ~/OpenSSL; [ -d openssl-fips-2.0.9 ] && rm -rf openssl-fips-2.0.9
gzip -dc openssl-fips-2.0.9.tar.gz | tar xvf -
cd openssl-fips-2.0.9; chmod 755 Configure
./Configure aix64-gcc --openssldir=$HOME/openssl
make
make install
NOTE: the above is just the FIPS canister (library), not the executable.
cd ~/OpenSSL; [ -d openssl-1.0.2a ] && rm -rf openssl-1.0.2a
gzip -dc openssl-1.0.2a.tar.gz | tar xvf -
cd openssl-1.0.2a; chmod 755 Configure
./Configure aix64-gcc fips shared --openssldir=$HOME/openssl
--with-fipsdir=$HOME/openssl
make depend
make
make test
make install
cd ~/openssl/bin; ./openssl version; ./openssl speed
NOTE: Look for "ALL OCSP TESTS SUCCESSFUL" after "make test" to verify the
test build was successful, and it was.
NOTE: "./openssl version" should show "OpenSSL 1.0.2a-fips 19 Mar 2015"
NOTE: "./openssl speed" should take a while as it's measuring the speed for
all algorithms
Final test of OpenSSL 1.0.2a-fips:
./openssl sha1 -hmac etaonrishdlcupfm ~/OpenSSL/openssl-fips-2.0.9.tar.gz
- should return: 54552e9a3ed8d1561341e8945fcdec55af961322
Now, I try to compile Stunnel:
rm -rf $HOME/stunnel-bin; mkdir $HOME/stunnel-bin
cd ~/Stunnel; [ -f stunnel-5.17 ] && rm -rf stunnel-5.17
gzip -dc stunnel-5.17.tar.gz | tar xvf - ; cd stunnel-5.17
./configure --enable-fips --prefix=$HOME/stunnel-bin
--with-ssl=$HOME/openssl
make
I get a failure at make for a library not found:
/bin/sh ../libtool --tag=CC --mode=link gcc -g -O2
-D_THREAD_SAFE -Wall -Wextra -Wformat=2 -Wconversion -Wno-long-long
-Wno-deprecated-declarations -fstack-protector -fPIE -D_FORTIFY_SOURCE=2
-L/home/lockharr/openssl/lib64 -L/home/lockharr/openssl/lib -lssl -lcrypto
-o stunnel stunnel-tls.o stunnel-str.o stunnel-file.o stunnel-client.o
stunnel-log.o stunnel-options.o stunnel-protocol.o stunnel-network.o
stunnel-resolver.o stunnel-ssl.o stunnel-ctx.o stunnel-verify.o
stunnel-sthreads.o stunnel-fd.o stunnel-stunnel.o stunnel-pty.o
stunnel-libwrap.o stunnel-ui_unix.o -lpthreads
libtool: link: gcc -g -O2 -D_THREAD_SAFE -Wall -Wextra -Wformat=2
-Wconversion -Wno-long-long -Wno-deprecated-declarations -fstack-protector
-fPIE -D_FORTIFY_SOURCE=2 -o stunnel stunnel-tls.o stunnel-str.o
stunnel-file.o stunnel-client.o stunnel-log.o stunnel-options.o
stunnel-protocol.o stunnel-network.o stunnel-resolver.o stunnel-ssl.o
stunnel-ctx.o stunnel-verify.o stunnel-sthreads.o stunnel-fd.o
stunnel-stunnel.o stunnel-pty.o stunnel-libwrap.o stunnel-ui_unix.o
-L/home/lockharr/openssl/lib64 -L/home/lockharr/openssl/lib -lssl -lcrypto
-lpthreads
collect2: library libssp_nonshared not found
The interesting part is that doing a "grep -R libssp" of the source tree
only shows one reference to libssp:
$ grep -R libssp *
stunnel-5.17/tools/stunnel.nsi: # MINGW builds requires libssp-0.dll
instead of msvcr90.dll
Googling showed some really old links that had libssp skipped for GCC on
AIX:
http://gcc.gnu.org/ml/gcc-patches/2005-09/msg01231.html
and another that added it back in:
http://marc.info/?l=gcc-patches&m=130168534803966
Can anyone who has compiled this for AIX give me a clue about what's going
on? This looks like a reference to a non-existent library but I would think
that if GCC needed that, it wouldn't allow the RPM for GCC to be installed.
Thanks,
-Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150507/18f46697/attachment.html>
More information about the stunnel-users
mailing list