Hello,
I’m making some progress with building 2.5.6 on my CentOS 7 machine, but I am stuck getting TLS support
First I installed openssl version 1.1.1 from the epel repository:
sudo yum install openssl11.x86_64 sudo yum install openssl11-devel.x86_64 sudo yum install openssl11-libs.x86_64 sudo yum install openssl11-static.x86_64
Then download and configure openldap:
wget https://www.openldap.org/software/download/OpenLDAP/openldap-release/openlda... tar zxvf openldap-2.5.6.tgz cd openldap-2.5.6/
CPPFLAGS=-I/usr/include/openssl11 export CPPFLAGS
./configure --with-tls=openssl
[snip] checking openssl/ssl.h usability... yes checking openssl/ssl.h presence... yes checking for openssl/ssl.h... yes checking for SSL_export_keying_material_early in -lssl... no configure: error: Could not locate TLS/SSL package
Any idea how I might get past this? I can configure, make depend, and make if I don’t specify the "--with-tls=openssl” option, but my understanding was that TLS was essential for OpenLDAP.
Thanks, Scott
Have you tried --with-tls without the =openssl?
On Thu, Jul 29, 2021 at 7:13 PM Scott Classen sclassen@lbl.gov wrote:
Hello,
I’m making some progress with building 2.5.6 on my CentOS 7 machine, but I am stuck getting TLS support
First I installed openssl version 1.1.1 from the epel repository:
sudo yum install openssl11.x86_64 sudo yum install openssl11-devel.x86_64 sudo yum install openssl11-libs.x86_64 sudo yum install openssl11-static.x86_64
Then download and configure openldap:
wget https://www.openldap.org/software/download/OpenLDAP/openldap-release/openlda... tar zxvf openldap-2.5.6.tgz cd openldap-2.5.6/
CPPFLAGS=-I/usr/include/openssl11 export CPPFLAGS
./configure --with-tls=openssl
[snip] checking openssl/ssl.h usability... yes checking openssl/ssl.h presence... yes checking for openssl/ssl.h... yes checking for SSL_export_keying_material_early in -lssl... no configure: error: Could not locate TLS/SSL package
Any idea how I might get past this? I can configure, make depend, and make if I don’t specify the "--with-tls=openssl” option, but my understanding was that TLS was essential for OpenLDAP.
Thanks, Scott
--On Thursday, July 29, 2021 5:13 PM -0700 Scott Classen sclassen@lbl.gov wrote:
checking for SSL_export_keying_material_early in -lssl... no configure: error: Could not locate TLS/SSL package
Any idea how I might get past this? I can configure, make depend, and make if I don't specify the "--with-tls=openssl" option, but my understanding was that TLS was essential for OpenLDAP.
You seem to have told it where to find the OpenSSL 1.1.1 header files but not the development libraries.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Aha… of course.
Just for the record this is how I was able to build and test OpenLDAP 2.5.6 on CentOS Linux release 7.9.2009 (Core) using openssl version 1.1.1g from the EPEL repo.
sudo yum install openssl11.x86_64 sudo yum install openssl11-devel.x86_64 sudo yum install openssl11-libs.x86_64 sudo yum install openssl11-static.x86_64
wget https://www.openldap.org/software/download/OpenLDAP/openldap-release/openlda... tar zxvf openldap-2.5.6.tgz cd openldap-2.5.6/
LDFLAGS="-L/usr/lib64/openssl11 -Wl,-rpath,/usr/include/openssl11" CPPFLAGS="-I/usr/include/openssl11" export CPPFLAGS export LDFLAGS ./configure --with-argon2 --with-systemd --with-tls=openssl make depend make make test
On Jul 29, 2021, at 6:49 PM, Quanah Gibson-Mount quanah@symas.com wrote:
--On Thursday, July 29, 2021 5:13 PM -0700 Scott Classen sclassen@lbl.gov wrote:
checking for SSL_export_keying_material_early in -lssl... no configure: error: Could not locate TLS/SSL package
Any idea how I might get past this? I can configure, make depend, and make if I don't specify the "--with-tls=openssl" option, but my understanding was that TLS was essential for OpenLDAP.
You seem to have told it where to find the OpenSSL 1.1.1 header files but not the development libraries.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Nick Folino -
Quanah Gibson-Mount -
Scott Classen