Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Openssh, Openssl, Openssl-fips

Status
Not open for further replies.
sbrews

sbrews

Technical User
Jun 11, 2003
413
0
0
US
I have a need to install a openssl-fips-1.2.3, openssl 0.9.8w and openssh 5.9p1. Using rpm packages is not an option as those exact versions are required. The system is RHEL 5.7 2.6.18-274.el5.

I have downloaded the needed packages from openssl.org and openssh.org. The compile and install of openssl-fips and openssl worked without issue and are installed in

/usr/local/ssl/fips-1.0 (fips module)
/usr/local/ssl/fips (fips capable openssl).

Here is the output from a version check:

[root@localhost ssl]# ./fips/bin/openssl version
OpenSSL 0.9.8w-fips 23 Apr 2012

[root@localhost ssl]# ./fips-1.0/bin/openssl version
OpenSSL FIPS Object Module v1.2

So far, so good. Now to compile openssh with the openssl fips. I have tried several different paths via the "--with-ssl-headers" as well as "--with-ssl-dir" options. In all cases, I end up with this:

./configure
...
...
checking if openpty correctly handles controlling tty... yes
checking whether getpgrp requires zero arguments... yes
checking openssl/opensslv.h usability... no
checking openssl/opensslv.h presence... no
checking for openssl/opensslv.h... no
configure: error: *** OpenSSL headers missing - please install first or check config.log ***

The config.log says it cant find "openssl/opensslv.h" This file is present... and in several locations:

/root/openssl-0.9.8w/include/openssl/opensslv.h
/root/openssl-0.9.8w/crypto/opensslv.h
/root/openssl-fips-1.2.3/include/openssl/opensslv.h
/root/openssl-fips-1.2.3/crypto/opensslv.h
/usr/include/opensslv.h
/usr/local/ssl/fips-1.0/include/openssl/opensslv.h
/usr/local/ssl/fips/include/openssl/opensslv.h

What am I missing and/or how can I resolve the above error?
 
Sort by date Sort by votes
Using rpm packages is not an option as those exact versions are required.
Click to expand...
You can often times get the RPM packages for previous versions, but you don't want to do a yum install. The website RPM.PBONE.NET is your friend here. If you look for Red Hat packages, that you probably want RHEL 5, and not Red Hat 5 (which is MUCH older). In your particular case, I believe you are missing not openssl, which would contain the runtime binaries, but the openssl-devel package as a dependency. The problem isn't so much the .h (header) file itself as it is the underlying library, which contains libssl.[a|so] and libcrypto.[a|so]. If you can't find an RPM, you should still be able to build from source, just mind the dependencies.



 
Upvote 0 Downvote
I have the source downloads for openssl, openssl-fips - which have the libssl and libcrypto components. I've tried pointing the compile of openssh at them with "--with-ssl-dir" as well as "--with-ssl-headers". I still get the missing headers message. How else can I point the "./configure" step to those?

I thought having the source downloads would take care of having all the needed pieces. If source download for openssl 0.9.8w from openssl.org doesnt have all the needed parts, where do I find them? Do I really need to install a RHEL openssl package?

Add a little color to your PUTTY terminal: faq52-6627
 
Upvote 0 Downvote
The following is the dependency list for openssl 1.0 on a i686 (current 64 bit Intel processor) platform. You can get the dependency list through YUM, via yum deplist <package>. The dependency information is contained within the RPM itself. You are also building applications that are based upon the openssl libraries. In order to build these libraries, you typically require the -devel packages, in addition to or in lieu of the standard binary. This is why I stated you need the openssl-devel packages. The description of this package is:
Files for development of applications which will use OpenSSL
Click to expand...
Just having the header files somewhere is not enough and I don't think the entirety of your problem is using the wrong configure directive to include them.

Code: 
  dependency: rtld(GNU_HASH)
  dependency: libresolv.so.2
  dependency: libdl.so.2
  dependency: libc.so.6(GLIBC_2.3)
  dependency: libdl.so.2(GLIBC_2.0)
  dependency: ca-certificates >= 2008-5
  dependency: libc.so.6
  dependency: libc.so.6(GLIBC_2.0)
  dependency: libgssapi_krb5.so.2
  dependency: libz.so.1
  dependency: libk5crypto.so.3(k5crypto_3_MIT)
  dependency: mktemp
  dependency: libc.so.6(GLIBC_2.1.3)
  dependency: libc.so.6(GLIBC_2.4)
  dependency: libcom_err.so.2
  dependency: /sbin/ldconfig
  dependency: /bin/sh
  dependency: libkrb5.so.3
  dependency: libc.so.6(GLIBC_2.1)
  dependency: libkrb5.so.3(krb5_3_MIT)
  dependency: libc.so.6(GLIBC_2.7)
  dependency: libc.so.6(GLIBC_2.3.4)
  dependency: libdl.so.2(GLIBC_2.1)
  dependency: libk5crypto.so.3
 
Upvote 0 Downvote
I will go search out the devel package then.

Add a little color to your PUTTY terminal: faq52-6627
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bfordz
  • Locked
  • Question
OpenSSH error: Algorithm negotiation fail
Replies
1
Views
59
bfordz
bfordz
w5000
  • Locked
  • Question
openssh - user config
Replies
3
Views
35
w5000
w5000
bcar72
  • Locked
  • Question
openssl cert questions
Replies
0
Views
21
bcar72
bcar72
strikelit
  • Locked
  • Question
Redhat v4, v5 openssl
Replies
0
Views
22
strikelit
strikelit
SysAdminMike
  • Locked
  • Question
Installing libcrypto.so.4 from openssl 1
Replies
10
Views
71
BadBigBen
BadBigBen

Part and Inventory Search

Sponsor

Back
Top