cherokee at googlecode
Feb 1, 2011, 6:38 AM
Post #1 of 9
(735 views)
Permalink
|
|
Issue 1126 in cherokee: CentOS (and possibly RHEL) unable to use ssl - openSSL issue
|
|
Status: New
Owner: ----
New issue 1126 by firste...@gmail.com: CentOS (and possibly RHEL) unable to
use ssl - openSSL issue
http://code.google.com/p/cherokee/issues/detail?id=1126
What steps will reproduce the problem?
1. Install a CentOS server. Update to the latest versions of all programs
using yum.
- you will need to have at least a standard compilation environment
including gcc, make, and openssl.
2. Download, configure, and install Cherokee.
- using the curl -O http://www.cherokee-project.com/install && python
install method will suffice. You can also try the standard compile options
on the FAQ page.
- see note 1 for what happens if you compile everything staticly
3. run cherokee-admin and configure the server. Use a ssl certificate in
the config.
4. Start the server from the admin page.
What is the expected output? What do you see instead?
Expected: Server starts and supports HTTPS (ssl) connections.
What is seen instead:
Something just happened while opening a plug-in file
The operating system
reported '/opt/cherokee/lib/cherokee/libplugin_libssl.so: undefined symbol:
SSL_set_SSL_CTX' while trying to
load '/opt/cherokee/lib/cherokee/libplugin_libssl.so'.
What version of the product are you using? On what operating system?
Latest (i.e. at this time 1.0.19) on Centos (5.5)
Please provide any additional information below.
Centos appears to currently ship with OpenSSL 0.9.8e-fips-rhel 01 Jul
2008. As most everything in the system is linked against this library,
it's not a trivial thing to simply replace it. Yes, it probably will work
to compile a newer version of openSSL (which to be honest is probably the
sensible thing to do) HOWEVER that introduces some difficulties from the
standpoint of maintenance and administration.
It appears that the SSL_set_SSL_CTX routines were added in OpenSSL 1.0 .
I am unsure if this affects Redhat Enterprise Linux or not; it does NOT
affect Fedora (per pigmej in the irc channel.)
- If the server is compiled statically, the compilation will fail when it
tries to link libplugin_openssl.so against the openssl library, as it
cannot find the SSL_set_SSL_CTX reference.)
* IF the SSL_set_SSL_CTX lines are commented out, the server compiles
statically, but it does not run properly with SSL. (This is logical.)
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev
|
