Apache, mod_ssl and "No recognized SSL/TLS toolkit detected" - apache

I have open ssl installed downloaded from github. Apache 2.X has a problem compiling, any suggestions.
Output of Apache build script:
checking whether to enable mod_ssl... checking dependencies
checking for SSL/TLS toolkit base... none
checking for OpenSSL version... checking openssl/opensslv.h usability... no
checking openssl/opensslv.h presence... no
checking for openssl/opensslv.h... no
checking openssl/ssl.h usability... no
checking openssl/ssl.h presence... no
checking for openssl/ssl.h... no
no OpenSSL headers found
checking for SSL-C version... checking sslc.h usability... no
checking sslc.h presence... no
checking for sslc.h... no
no SSL-C headers found
configure: error: ...<br>No recognized SSL/TLS toolkit detected

You have install the openssl libssl-dev packages:
apt-get install openssl libssl-dev

I have open ssl installed downloaded from github. Apache 2.X has a problem compiling, any suggestions.
$ ./configure --help | grep -i ssl
--enable-ssl SSL/TLS support (mod_ssl)
--enable-ssl-staticlib-deps
link mod_ssl with dependencies of OpenSSL's static
Must be specified in addition to --enable-ssl.
--with-sslport=SSLPORT Port on which to securelisten (default is 443)
--with-ssl=PATH OpenSSL installation directory
So, it looks like you need:
./configure --enable-ssl --enable-ssl-staticlib-deps --with-ssl=<path to your OpenSSL>
I would probably --enable-ssl-staticlib-deps. It will keep you out of hot water with loading the wrong libssl and libcrypto shared objects (namely, the ones in /usr/lib). You can omit it, but you need to know how to modify LD_LIBRARY_PATH.

Yes. Done that. It is complaining that I don't have right SSL/TLS Kit where I have latest compiled and installed in /usr/local/ssl. Packages were downloaded from openssl.org. Openssl in bin is working fine issuing certificate and so on .. not sure what apache build script is looking for yet ..

Try installing the openssl package using following.
$sudo /usr/bin/yum install openssl*
This will install additional pkgs shown below.
openssl-devel
openssl-perl
openssl-static
This resolved the issue for me. Good Luck

Related

Installing janus-gateway error on CentOS7

I want to install janus-gateway on CentOS7.
I read the following document and tried installation.
https://github.com/meetecho/janus-gateway/blob/master/README.md
git clone https://github.com/meetecho/janus-gateway.git
cd janus-gateway
sh autogen.sh
./configure --prefix=/opt/janus
However, configuring janus-gateway will cause an error. The error is as follows.
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
checking for pkg-config... /bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for JANUS... no
configure: error: Package requirements (
glib-2.0 >= 2.34
libconfig
nice
jansson >= 2.5
libssl >= 1.0.1
libcrypto
) were not met:
No package 'nice' found
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively, you may set the environment variables JANUS_CFLAGS
and JANUS_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.
I installed libnice(libnice-0.1.3-4.el7.x86_64) in the following way.
yum install libnice
How can I solve it?
Thank you.
try this and rebuild
echo "export PKG_CONFIG_PATH=/usr/lib/pkgconfig" >> ~/.bashrc
source ~/.bashrc
Disclaimer: I am using Ubuntu 18.04 when testing this.
If you are using Ubuntu system and trying to install Janus and running this code
./configure --prefix=/opt/janus
And then getting this error: No package 'nice' found
Make sure you have been installation of the nice from aptitude.
sudo install aptitude
aptitude install libmicrohttpd-dev libjansson-dev \
libssl-dev libsrtp-dev libsofia-sip-ua-dev libglib2.0-dev \
libopus-dev libogg-dev libcurl4-openssl-dev liblua5.3-dev \
libconfig-dev pkg-config gengetopt libtool automake
For some reason installation of nice using the answer from Frank, Ahmet or Zallfire doesn't work in Ubuntu. It has to be installed using aptitude.
You should download libnice source code to install.
https://gitlab.freedesktop.org/libnice/libnice
You need the development libnice.
yum install libnice-devel

Unable install gems from 'https ://rubygems.org/' after MacOS Mojave update SSL/TLS (?)

I am currently unable to install gems from 'https://rubygems.org/'
I recently updated to Mojave and updated and upgraded brew in order to get mysql running again.
Now I discovered that I am unable to install gems from rubygems.
When trying to install gem
[REPRO]$ gem install rdoc-data -v 3.12
ERROR: Could not find a valid gem 'rdoc-data' (= 3.12), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert protocol version (https://api.rubygems.org/specs.4.8.gz)
I tried already this, but it did not work.
Trying to update RVM
[REPRO]$ rvm get stable
Downloading https://get.rvm.io
Downloading https://raw.githubusercontent.com/rvm/rvm/master/binscripts/rvm-installer.asc
Verifying /Users/MYACCOUNT/.rvm/archives/rvm-installer.asc
gpg: Signatur vom Sat Mar 31 23:47:44 2018 CEST
...
GPG verified '/Users/MYACCOUNT/.rvm/archives/rvm-1.29.4.tgz'
Upgrading the RVM installation in /Users/MYACCOUNT/.rvm/
RVM PATH line found in /Users/MYACCOUNT/.mkshrc /Users/MYACCOUNT/.profile /Users/MYACCOUNT/.zshrc.
RVM PATH line not found for Bash, rerun this command with '--auto-dotfiles' flag to fix it.
RVM sourcing line found in /Users/MYACCOUNT/.profile /Users/MYACCOUNT/.bash_profile /Users/MYACCOUNT/.zlogin.
Upgrade of RVM in /Users/MYACCOUNT/.rvm/ is complete.
* RVM 1.30 simplifies behavior of 'rvm wrapper' subcommand
RVM reloaded!
Trying to update CERTs
[REPRO]$ rvm osx-ssl-certs update all
Selected SSL certs for: ruby-2.3.4
cURL certificate bundle /usr/share/curl/curl-ca-bundle.crt not found
Updating certificates bundle /usr/local/etc/openssl/cert.pem: Already up to date.
Updating certificates bundle /etc/openssl/cert.pem: Updating certificates bundle '/etc/openssl/cert.pem'
MYACCOUNT password required for 'command tee /etc/openssl/cert.pem':
Updated.
Updating certificates bundle /System/Library/OpenSSL/cert.pem: Updating certificates bundle '/System/Library/OpenSSL/cert.pem'
tee: /System/Library/OpenSSL/cert.pem: Operation not permitted
Failed.
Updating certificates bundle /System/Library/OpenSSL/cert.pem: Updating certificates bundle '/System/Library/OpenSSL/cert.pem'
tee: /System/Library/OpenSSL/cert.pem: Operation not permitted
Failed.
Updating certificates bundle /usr/local/etc/openssl#1.1/cert.pem: Already up to date.
Trying to update RVM
[REPRO]$ rvm rubygems latest
Installed rubygems 2.6.8 is newer than 2.0.17 provided with installed ruby, skipping installation, use --force to force installation.
Trying to install gem
[REPRO]$ gem install rdoc-data -v 3.12
ERROR: Could not find a valid gem 'rdoc-data' (= 3.12), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert protocol version (https://api.rubygems.org/specs.4.8.gz)
I have two openssl installed through brew:
[REPRO]$ brew info openssl
openssl: stable 1.0.2p (bottled) [keg-only]
SSL/TLS cryptography library
https://openssl.org/
/usr/local/Cellar/openssl/1.0.2o_1 (1,791 files, 12.3MB)
Poured from bottle on 2018-04-17 at 00:25:36
/usr/local/Cellar/openssl/1.0.2o_2 (1,792 files, 12.3MB)
Poured from bottle on 2018-06-22 at 06:37:09
/usr/local/Cellar/openssl/1.0.2p (1,793 files, 12MB)
Poured from bottle on 2018-09-25 at 07:30:55
From: https://github.com/Homebrew/homebrew-core/blob/master/Formula/openssl.rb
==> Dependencies
Build: makedepend ✘
==> Options
--without-test
Skip build-time tests (not recommended)
==> Caveats
A CA file has been bootstrapped using certificates from the SystemRoots
keychain. To add additional certificates (e.g. the certificates added in
the System keychain), place .pem files in
/usr/local/etc/openssl/certs
and run
/usr/local/opt/openssl/bin/c_rehash
openssl is keg-only, which means it was not symlinked into /usr/local,
because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries.
If you need to have openssl first in your PATH run:
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile
For compilers to find openssl you may need to set:
export LDFLAGS="-L/usr/local/opt/openssl/lib"
export CPPFLAGS="-I/usr/local/opt/openssl/include"
For pkg-config to find openssl you may need to set:
export PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig"
==> Analytics
install: 556,733 (30d), 1,491,119 (90d), 4,803,757 (365d)
install_on_request: 75,928 (30d), 212,774 (90d), 546,010 (365d)
build_error: 14,735 (30d)
and
[REPRO]$ brew info openssl#1.1
openssl#1.1: stable 1.1.1 (bottled) [keg-only]
Cryptography and SSL/TLS Toolkit
https://openssl.org/
/usr/local/Cellar/openssl#1.1/1.1.0h (6,587 files, 15.6MB)
Poured from bottle on 2018-04-17 at 00:24:57
/usr/local/Cellar/openssl#1.1/1.1.1 (7,821 files, 17.9MB)
Poured from bottle on 2018-09-25 at 07:31:15
From: https://github.com/Homebrew/homebrew-core/blob/master/Formula/openssl#1.1.rb
==> Options
--without-test
Skip build-time tests (not recommended)
==> Caveats
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
/usr/local/etc/openssl#1.1/certs
and run
/usr/local/opt/openssl#1.1/bin/c_rehash
openssl#1.1 is keg-only, which means it was not symlinked into /usr/local,
because this is an alternate version of another formula.
If you need to have openssl#1.1 first in your PATH run:
echo 'export PATH="/usr/local/opt/openssl#1.1/bin:$PATH"' >> ~/.bash_profile
For compilers to find openssl#1.1 you may need to set:
export LDFLAGS="-L/usr/local/opt/openssl#1.1/lib"
export CPPFLAGS="-I/usr/local/opt/openssl#1.1/include"
For pkg-config to find openssl#1.1 you may need to set:
export PKG_CONFIG_PATH="/usr/local/opt/openssl#1.1/lib/pkgconfig"
==> Analytics
install: 0 (30d), 0 (90d), 0 (365d)
install_on_request: 0 (30d), 0 (90d), 0 (365d)
build_error: 13 (30d)
I have 'PATH="/usr/local/opt/openssl/bin:$PATH"' in my ~/.bash_profile
Everything used to work before the system update, but now my dev system is broken. Can anyone help? I can set http;//rubygems.org in gem file and therefore install gems through bundle install, but this is no solution.
Update:
I found out some more details: on a second machine everything is working as it is supposed to. On both systems RVM relies on openssl, which in both cases is brew/openssl or brew/openssl#1.1. On the first machine I get:
$ rvm osx-ssl-certs status all
Selected SSL certs for: ruby-2.3.4
cURL certificate bundle /usr/share/curl/curl-ca-bundle.crt not found
Certificates bundle /usr/local/etc/openssl/cert.pem is up to date.
Certificates bundle /etc/openssl/cert.pem is up to date.
Certificates bundle /System/Library/OpenSSL/cert.pem is old.
Certificates bundle /usr/local/etc/openssl#1.1/cert.pem is up to date.
on the second I get:
$ rvm osx-ssl-certs status all
Selected SSL certs for: ruby-1.8.7-head
cURL certificate bundle /usr/share/curl/curl-ca-bundle.crt not found
Certificates bundle /usr/local/etc/openssl/cert.pem is up to date.
Why does does the first machine check also in /System/Library/? How can I configure it to not do so?
I was able to install gems. I had to recompile all rubies:
$ ram uninstall ruby-1.8.7-p374
$ rvm install ruby-1.8.7-p374 --with-gcc=clang
$ rvm use ruby-1.8.7-p374#openssl-test01 --create
$ gem install rdoc-data -v 3.12
After this I was able to install although the link to /System/openssl is still shown in rvm osx-ssl-certs status all.

How to upgrade OpenSSL from 1.0.2g to 1.1.0g in Ubuntu and let python recognize the new OpenSSL

I have Ubuntu 16.04. It has OpenSSL 1.0.2g. I need to use OpenSSL 1.1.0g. Note that OpenSSL 1.1.0g is installed in my other machine Ubuntu 18. But I need to run a python program in Ubuntu 16.04 but I need the specific OpenSSL 1.1.0g. I did:
sudo apt-get upgrade
sudo apt-get update
But OpenSSL in my Ubuntu machine did not get updated. How can I update it?
I use python socket, ssl modules to make TLS connection in port 443. Will python automatically recognizes OpenSSL 1.1.0g if I updated the old OpenSSL 1.0.2g to OpenSSL 1.1.0g?
The reason for upgrading OpenSSL is I need to run python program ssl socket but I need the program to use OpenSSL 1.1.0g.
When I tried:
sudo apt-get install openssl
and checks the OpenSSL version via: openssl version -a
I get the old version OpenSSL 1.0.2g
How to get the new version OpenSSL 1.1.0g in my Ubuntu 14.06 machine please?
Why you couldn't get OpenSSL 1.1.0g working on Ubuntu 16.04 by just updating:
Your Ubuntu 18 has OpenSSL 1.1.0g because the version that is available on its repositories. Sometimes, it has more than one version of a package available on the repository system. But, it looks like Ubuntu 16.04 does not have the version you need available at all. That is why you weren't and you won't be able to get OpenSSL 1.1.0g working on Ubuntu 16.04 by just updating. The version available on the repositories is different.
And how to do it:
You either will need to install it manually or find a repository for Ubuntu 16.04 that make OpenSSL 1.1.0g available on the system. I am not sure there is a repository available, so if you want to install it manually do as it follows:
wget https://www.openssl.org/source/old/1.1.0/openssl-1.1.0g.tar.gz
tar xzvf openssl-1.1.0g.tar.gz
cd openssl-1.1.0g
./config
make
sudo make install
openssl version -a
That is it!
Warning.: By installing a new version of OpenSSL that is not available in the system, by default, you introduced a version that is not compatible with the updates made available by the maintenance of the system. You will need to take care of it yourself. Maybe, depending on your scenario, it is worth your while just use Ubuntu 18 that has the version of OpenSSL you need by default. It is the easiest and safest way to go.
Hope everything goes well.
Good luck!
Here is how I installed the latest version of openssl from source code.
# Install make and packages required to compile the source code
apt-get install -y libfindbin-libs-perl build-essential
# Download source code
wget https://github.com/openssl/openssl/archive/refs/tags/OpenSSL_1_1_1k.tar.gz -O openssl.tar.gz
# Extract source code
tar -xf openssl.tar.gz
# Go to the source code folder
cd openssl-OpenSSL_1_1_1k
# Configure to compile it
./config --libdir=/usr/local/lib
# Compile with 4 parelel jobs
make -j 4
# Install compiled code
sudo make install
# Move older executable
sudo mv /usr/bin/openssl /usr/bin/openssl-1.0.2g
# Create soft symbolic link to the newer version of openssl
sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
# Make visible the new libraries installed at /usr/local/lib
sudo ldconfig

Apache configure gives error invalid variable name: `with-ssl'

I need Apache2.4 with ssl.
AWS RHEL server I am using already has Apache2.2 and openssl 0.9 installed. I configured my Apache,apr,apr-util and pcre packages at /opt/products/apache2. everything is fine except the option
--enable-ssl
fails due to a dependency failure (openssl > 0.9.8a). No problem. I downloaded openssl 1.0.2a from open ssl and configured and installed it at /opt/openssl without problem.
Now I need to configure Apache with
--enable-ssl --with-ssl=/opt/openssl
but the configure command returns the error
"invalid variable name 'with-ssl'".
configure -help shows that with-ssl is an option.
Is this a bug or something? I don't find any reference on the internet.
Just wanted to update for anyone looking at this later.
Installing all the pre-requisites before configuring apache solves the problem of apache giving version error. So this command before the apache configuration solved the problem:
yum install gcc libxml2-devel gcc-c++ libicu-devel libxslt-devel bzip2 bzip2-devel libjpeg-devel libpng libpng-devel freetype freetype-devel curl curl-devel t1lib-devel unixODBC-devel openssl-devel openssl
and I did not have to install openssl separately.

Configuration for Java binding for ZeroMQ (0MQ) with no root privileges on Linux

I am a novice with zeroMQ and I am stuck at binding ØMQ with java on a server running CentOS release 5.9.
Unfortunately, I do not have super user/root privileges on the server and am trying to install ØMQ as a normal user with restricted privileges. I have installed ØMQ by following instructions on http://www.zeromq.org/area:download
Make sure that libtool, autoconf, automake are installed.
Check whether uuid-dev package, uuid/e2fsprogs RPM or equivalent on your system is installed.
Unpack the .tar.gz source archive.
Run ./configure, followed by make.
Could not run the following obviously
To install ØMQ system-wide run sudo make install.
On Linux, run sudo ldconfig after installing ØMQ.
Then I attempted to install jzmq.
Cloned [git clone https://github.com/zeromq/jzmq.git]
Ran autogen.sh
Ran configure
At this point I get the following error
checking for ZeroMQ... no
checking zmq.h usability... no
checking zmq.h presence... no
checking for zmq.h... no
configure: error: cannot find zmq.h
As a result of the above error I am not able to run java tests and get error "no jzmq in java.library.path".
Can anybody help/direct me to how to get java binding for zeromq work when you dont have root privileges to install it? Its difficult to get IT department to install a new software on servers.
Appreciate your help.
Note: I do not have write permissions to /usr directory
Thanks
GBP
This can be overcome by adding --with-zeromq=/home/user/zeromq (installation directory of zeromq)
./configure --with-zeromq=/home/user/zeromq
Other steps include
export LD_LIBRARY_PATH=/home/user/zeromq/lib
You can also use JeroMQ (https://github.com/zeromq/jeromq) which is a pure Java implementation of ZeroMQ
I got this working by running autogen.sh on OEL 6 then running configure / compiling / installing on CentOS 5.9. I briefly looked into why autogen.sh was failing and the problem was the tool chain was too old. Since I had a more up-to-date system with a modern tool chain available running autogen.sh on something other than CentOS 5 was the easiest path for me. I'm sure it works fine with other modern Linux variants, I had OEL 6 at my finger tips.
I also did not have access to a standard directory for installation. To get that working I added zmq.jar to my class path, and the run-time linker needed to be able to find the zeromq and jzmq run-time libraries.
I faced the same issue on CentOS 6.5 and found that you need to install "gcc-c++" for this to work.
I used the following to install dependencies:
yum -y install jdk zeromq-devel unzip libtool gcc autoconf automake gcc-c++ python
Note that "jdk" comes from our private repository and it's same what can be downloaded from java.com
The following public repositories are installed on server:
atomic
Actually, I ended up having this same issue, and the following script worked for me, where I installed zeromq into ~ (so that I have ~/lib contains libzmq.a libzmq.la libzmq.so libzmq.so.3 libzmq.so.3.1.0 pkgconfig)
./autogen.sh ./configure --prefix=$HOME \ #because you don't have root privileges
--with-zeromq=$HOME --includedir=$HOME/include/ --libdir=$HOME/lib/
./make
./make -n install
#to check to see if it installs it to the right location
make install