I was trying to install node.js and found OpenSSL support missing during ./configure.
How can I fix it? Is it a mandatory step? Would the --without-ssl option fix the problem?
# ./configure
Checking for gcc : ok
Checking for library dl : not found
Checking for openssl : not found
Checking for function SSL_library_init : not found
Checking for header openssl/crypto.h : not found
/home/ec2-user/node-v0.6.6/wscript:374: error: Could not autodetect OpenSSL
support.
Make sure OpenSSL development packages are installed. Use configure --without-ssl
to disable this message.
asked Dec 27, 2011 at 9:51
1
Yes, it’s a mandatory step. You cannot remove OpenSSL from a program uses it, the same way you couldn’t remove random engine parts from a car.
The OpenSSL library is usually already installed, but you have to install the header files. Depending on your Linux distribution, you’ll need these packages:
- Red Hat, Fedora, CentOS —
openssl-devel - Debian, Ubuntu —
libssl-dev - Arch —
openssl
Technically one could replace OpenSSL with, say, NSS, but that’s not the point here.
answered Dec 27, 2011 at 10:41
user1686user1686
401k59 gold badges845 silver badges915 bronze badges
4
debian:
apt-get install libssl-dev
apt-get install linux-headers-$(uname -r)
Kevin Panko
7,22622 gold badges43 silver badges52 bronze badges
answered Oct 7, 2014 at 18:18
Albert EAlbert E
1211 silver badge2 bronze badges
5
No, it isn’t.
You can still compile nodejs with ./configure --without-ssl
Kevin Panko
7,22622 gold badges43 silver badges52 bronze badges
answered Jun 15, 2012 at 6:23
grigorisgrigoris
511 silver badge1 bronze badge
This is showing up on Google for a problem that may come up with some installations — possibly links-g. I had the problem on Archlinux with links-utf8 and links-g-directfb.
Likely presentation:
checking OPENSSL_CFLAGS...
checking OPENSSL_LIBS... -lssl -lcrypto
checking for OpenSSL... no
configure: error: OpenSSL not found
Try this:
sed -i "/ac_cpp=/s/$CPPFLAGS/$CPPFLAGS -O2/" configure
Using this command before your ./configure step should fix it.
Kevin Panko
7,22622 gold badges43 silver badges52 bronze badges
answered Jul 1, 2013 at 22:48
1
You must install openssl-devel in your OS with:
yum install openssl-devel.x86_64
./configure --with-tls
make install
Leathe
7644 silver badges11 bronze badges
answered Nov 10, 2015 at 10:10
If you don’t succeed with libssl-dev only, over Debian distro, you could include both SSL Library versions same time
apt-get install libssl-dev libssl1.0
answered Feb 11, 2019 at 14:31
I was getting this error whenever I try the npm command in powershell:
**~ $ node -v
v17.1.0
~ $ npm -v
OpenSSL configuration error:
74240000:error:80000003:system library:BIO_new_file:No such process:c:wsdepsopensslopensslcryptobiobss_file.c:67:calling fopen(C:Program FilesPostgreSQLpsqlODBCetcopenssl.cnf, rb)
74240000:error:10000080:BIO routines:BIO_new_file:no such file:c:wsdepsopensslopensslcryptobiobss_file.c:75:
74240000:error:07000072:configuration file routines:def_load:no such file:c:wsdepsopensslopensslcryptoconfconf_def.c:179:
OpenSSL configuration error:
A8250000:error:80000003:system library:BIO_new_file:No such process:c:wsdepsopensslopensslcryptobiobss_file.c:67:calling fopen(C:Program FilesPostgreSQLpsqlODBCetcopenssl.cnf, rb)
A8250000:error:10000080:BIO routines:BIO_new_file:no such file:c:wsdepsopensslopensslcryptobiobss_file.c:75:
A8250000:error:07000072:configuration file routines:def_load:no such file:c:wsdepsopensslopensslcryptoconfconf_def.c:179:**
Another thing I noticed is that the node must have updated incorrectly because even though it gives me a version, I cannot uninstall it and cannot find the install files in my program files. I am at a total loss and about to just reset my computer to default. I want to repair it but everything online tells me to use npm, which in itself is not possible.
I have tried using the «set OpenSSL» command to empty or to a dummy file but it does not seem to do anything.
Ethan
8428 gold badges18 silver badges31 bronze badges
asked Nov 29, 2021 at 18:00
3
Go to the Windows control panel and click on Uninstall a program, select Node.js and click on the uninstall tab to uninstall the node and npm successfully. Restart your system.
Then go to https://nodejs.org/en/ to download 16.13.0 LTS version and install it
Ethan
8428 gold badges18 silver badges31 bronze badges
answered Dec 1, 2021 at 5:21
ToheebToheeb
912 silver badges5 bronze badges
2
Please check environment path using PowerShell
check environment path:
cmd /c echo %PATH%' or 'cmd /c echo %OPENSSL_CONF%
You will get C:Program FilesPostgreSQLpsqlODBCetcopenssl.cnf path so reset the environment path for openssl using below comment on PowerShell
set OPENSSL_CONF=''
after that, the problem will be fixed.
this issue already issued on Nodejs GitHub.
https://github.com/nodejs/node/issues/40547
Tyler2P
2,28118 gold badges23 silver badges29 bronze badges
answered Jun 1, 2022 at 14:55
the only thing that you’re to do is to create a new archive called openssl.cnf
in this route:
C:Program FilesPostgreSQLpsqlODBCetcopenssl.cnf
Save the work and run in cmd: npm --version
Tyler2P
2,28118 gold badges23 silver badges29 bronze badges
answered Jun 15, 2022 at 19:16
Had this issue in a conda environment. Fixed by installing node with next command: conda install -c conda-forge nodejs=16.3.2
answered Feb 3, 2022 at 10:19
Try to uninstall the node from your project directory.
npm uninstall node
Most probably you have 2 different versions of Node installed on your system.
If my solution does not work for you. Try the other suggestions with uninstalling Node from the system.
answered Mar 23, 2022 at 12:35
Bilal AhmadBilal Ahmad
6968 silver badges13 bronze badges
My solution was to use another node version in this case 15.8.0, you can try with others most recently versions. When I did this npm was installed correctly:
Ethan
8428 gold badges18 silver badges31 bronze badges
answered Apr 22, 2022 at 2:26
Im trying to recompile PHP, but ./configure fails at :
configure: error: Cannot find OpenSSL's <evp.h>
I have LibSSL 1.0.0, LibSSL 0.9.8, LibSSL-Dev, OpenSSL installed.
--with-openssl=/usr/include/openssl
when I try with
--with-openssl
tells me:
configure: error: Cannot find OpenSSL’s libraries
Where the **** are the problem ?
P.S. Php is 5.2.5, OS is Ubuntu
030
5,80112 gold badges64 silver badges108 bronze badges
asked Aug 8, 2012 at 10:54
The same issue occurred on Ubuntu 12.04.1 LTS and it was solved by issuing:
sudo apt-get install libcurl4-openssl-dev pkg-config
030
5,80112 gold badges64 silver badges108 bronze badges
answered Oct 11, 2012 at 15:15
antilaantila
6015 silver badges3 bronze badges
2
To build php-5.3 on Debian wheezy you need the following to fix this error.
apt-get install libssl-dev libsslcommon2-dev
Then you need to configure with the following included
./configure --with-libdir=/lib/x86_64-linux-gnu ...
answered Oct 6, 2013 at 17:28
JinnKoJinnKo
4113 silver badges7 bronze badges
3
Assuming that you already have the OpenSSL libraries and header files (on rpm systems the latter are in the xxxx-devel package)…
The issue seems to arise from how configure resolves dependencies which are distributed around the filesystem. To compile the code, the comiler needs to know where the headers are. To link the code, the linker needs to know where the libraries are.
[colin@host]$ configure .... --with-openssl-dir=/usr/include/openssl ....
...
checking OpenSSL dir for FTP... /usr/include/openssl
checking for pkg-config... /usr/bin/pkg-config
configure: error: Cannot find OpenSSL's <evp.h>
[colin@host]$ find /usr/include -name evp.h
/usr/include/openssl/evp.h
The include directory has the include file, but pkg-config fails because the library is not in /usr/include/openssl, its in /usr/lib
Running configure again with /usr as the directory:
configure .... --with-openssl-dir=/usr ....
...
checking OpenSSL dir for FTP... /usr
checking for pkg-config... /usr/bin/pkg-config
checking for OpenSSL version... >= 0.9.6
checking for CRYPTO_free in -lcrypto... yes
...
The path passed as an argument is searched to find the relevant resources.
answered Sep 29, 2015 at 13:02
symcbeansymcbean
20k1 gold badge29 silver badges52 bronze badges
4
To compile php-5.4.45 on debian 8.1 (Jessie) i had to:
apt-get install libssl-dev
After that I could compile it just using --with-openssl
answered Oct 12, 2015 at 10:47
stevensteven
2102 silver badges7 bronze badges
Another reason ./configure might fail is because you don’t have pkg-config installed, like in my case with PHP7 and Debian Jessie:
sudo apt-get install pkg-config
answered Nov 4, 2015 at 9:49
1
I fixed the issue by installing extra libraries
sudo apt-get install -y autoconf g++ make openssl libssl-dev libcurl4-openssl-dev
sudo apt-get install -y libcurl4-openssl-dev pkg-config
sudo apt-get install -y libsasl2-dev
answered Jun 19, 2017 at 18:09
ToirToir
911 silver badge4 bronze badges
On centos7 Install openssl-devel
yum install openssl-devel
answered Jan 28, 2018 at 17:50
You need to help configure figuring out where to look for the evp.h file, because by default it will scan for directories and add hardcoded suffixes to them to find it. I’ve kept the details in my wiki page for those who want to understand the solution. Here’s what worked for me :
root@audio-mon[10.10.10.82] ~/DOWNLOADS/php-5.5.23/ext/mysqlnd # PHP_OPENSSL_DIR="/usr /usr/lib/x86_64-linux-gnu"
root@audio-mon[10.10.10.82] ~/DOWNLOADS/php-5.5.23/ext/mysqlnd # ./configure --with-libdir=""
[...]
checking for DSA_get_default_method in -lssl... yes
checking for X509_free in -lcrypto... yes
checking for pkg-config... /usr/bin/pkg-config
checking for OpenSSL version... >= 0.9.6 # <------------------------------------- YES !
[...]
config.status: creating config.h
config.status: config.h is unchanged
root@audio-mon[10.10.10.82] ~/DOWNLOADS/php-5.5.23/ext/mysqlnd #
YMMV (paths are different). If that didn’t work for you check the wiki page, it will help you figure out what paths to put.
answered Jan 7, 2016 at 15:43
ychaoucheychaouche
2624 silver badges15 bronze badges
I had the same problem on Fedora 19 despite having OpenSSL installed.
I had to install openssl-devel.i686 which I found by doing a generic search for all packages related to ssl:
sudo yum search ssl
sudo yum install openssl-devel.i686
Then I ran configure again with success:
sudo ./configure --with-apxs2=/usr/bin/apxs --with-mysql --enable-mbstring --with-mysqli --with-openssl=/usr/
answered Jul 6, 2016 at 11:54
Just my feedback: After solving this ssl problem from thsi post, I’ve completely give up on compiling php 5.3 because it’s failed down futher on zend dom extensions in the middle, I’ve found some patches, and decided just to drop this fuss. There’s ubuntu 12.04 which still has 5.3.10 php on board. Be careful php-fpm back then been clearing environment variables. So don’t be surprised when you can’t pass global variables from docker for example.
answered Mar 31, 2017 at 18:51
holmsholms
1,4747 gold badges20 silver badges37 bronze badges
I have a Centos 5.7 operating system box and I have installed OpenSSL 1.0.1h successfully. but when I am upgrading OpenSSH I am getting the below error message while running ./configure. Kindly help me on this and let me know if you have any questions.
checking whether snprintf correctly terminates long strings... yes
checking whether snprintf can declare const char *fmt... yes
checking whether system supports SO_PEERCRED getsockopt... yes
checking for (overly) strict mkstemp... yes
checking if openpty correctly handles controlling tty... yes
checking whether getpgrp requires zero arguments... yes
checking OpenSSL header version... 1000108f (OpenSSL 1.0.1h 5 Jun 2014)
checking OpenSSL library version... 90802f (OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008)
checking whether OpenSSL's headers match the library... no
configure: error: Your OpenSSL headers do not match your
library. Check config.log for details.
If you are sure your installation is consistent, you can disable the check
by running "./configure --without-openssl-header-check".
Also see contrib/findssl.sh for help identifying header/library mismatches.
Flup
7,8672 gold badges32 silver badges50 bronze badges
asked Jun 13, 2014 at 11:40
1
… i have installed OpenSSL 1.0.1h …
Yes, but only the header version. Your library is still 0.9.8e-fips-rhel5 and not 1.0.1h like your header. You need to install the matching library for your header.
Looks Like you installed OpenSSL 1.0.1h manually while 0.9.8e-fips-rhel5 seems to be a rhel version. The rhel-version probably was installed via package-management. Maybe you just need to uninstall the 0.9.8e via yum remove openssl-libs. Afterwards check if your OpenSSL 1.0.1h libraries are detected (i assume you installed header + lib). If not, install OpenSSL 1.0.1h-libs (again).
answered Jun 13, 2014 at 13:27
xx4hxx4h
2,34215 silver badges16 bronze badges
Перейти к содержанию
На чтение 1 мин Опубликовано 26.10.2017
При сборке чего либо, при запуске скрипта configure:
# ./configure
может появится ошибка вида:
checking for OpenSSL installation . . . not found configure error openssl not found
Можно попробовать для начала выполнить сборку, исключив SSL, чтобы отключить это сообщение:
# ./configure --without-ssl
Если это не помогло и ошибка еще появляется, необходимо установить библиотеку разработки:
- Red Hat, Fedora, CentOS –
openssl-devel - Debian, Ubuntu –
libssl-dev - Arch –
openssl
На примере Astra linux 1.3 :
# apt-get install libssl-dev
Пожалуйста, не спамьте и никого не оскорбляйте.
Это поле для комментариев, а не спамбокс.
Рекламные ссылки не индексируются!
Содержание
- Anubisss / README.md
- Debian
- Openssl
- OpenVPN
- Final
- Debian
- Openssl
- OpenVPN
- Final
- Openvpn configure error openssl check failed
Anubisss / README.md
How to compile statically linked OpenVPN client for ARMv5
You need to install ARMv5 gcc cross compiler: apt-get install gcc-arm-linux-gnueabi
You have to define a directory (via —prefix) where all of your binaries will be installed (copied). In the guide I use the following: /home/user/vpn_compile
- Download the source: wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz
- Extract it and change the working directory: tar -xvf openssl-1.0.2j.tar.gz && cd openssl-1.0.2j
- Configure it: ./Configure gcc -static -no-shared —prefix=/home/user/vpn_compile —cross-compile-prefix=arm-linux-gnueabi-
- Compile: make
- Install: make install
- Download the source: wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.09.tar.gz
- Extract it and change the working directory: tar -xvf lzo-2.09.tar.gz && cd lzo-2.09
- Configure it: ./configure —prefix=/home/user/vpn_compile —enable-static —target=arm-linux-gnueabi —host=arm-linux-gnueabi —disable-debug
- Compile: make
- Install: make install
- Download the source: wget https://swupdate.openvpn.org/community/releases/openvpn-2.3.12.tar.gz
- Extract it and change the working directory: tar -xvf openvpn-2.3.12.tar.gz && cd openvpn-2.3.12
- Configure it: ./configure —target=arm-linux-gnueabi —host=arm-linux-gnueabi —prefix=/home/user/vpn_compile —disable-server —enable-static —disable-shared —disable-debug —disable-plugins OPENSSL_SSL_LIBS=»-L/home/user/vpn_compile/lib -lssl» OPENSSL_SSL_CFLAGS=»-I/home/user/vpn_compile/include» OPENSSL_CRYPTO_LIBS=»-L/home/user/vpn_compile/lib -lcrypto» OPENSSL_CRYPTO_CFLAGS=»-I/home/user/vpn_compile/include» LZO_CFLAGS=»-I/home/user/vpn_compile/include» LZO_LIBS=»-L/home/user/vpn_compile/lib -llzo2″
- Compile: make LIBS=»-all-static»
- Install: make install
Your OpenVPN client is here: /home/user/vpn_compile/sbin/openvpn
Make sure this is what you need:
Step OpenVPN, end of step 3: missing slash:
Otherwise thanks a lot for all of this. I’d still need to figure out how to build for linux 2.6 though, my target device has a very old kernel.
if experiencing any error related to «unable to find openssl lib» (e.g. configure: error: openssl check failed), you may want to try replacing
OPENSSL_SSL_LIBS=»-L/home/user/vpn_compile/lib -lssl» OPENSSL_SSL_CFLAGS=»-I/home/user/vpn_compile/include» OPENSSL_CRYPTO_LIBS=»-L/home/user/vpn_compile/lib -lcrypto» OPENSSL_CRYPTO_CFLAGS=»-I/home/user/vpn_compile/include» LZO_CFLAGS=»-I/home/user/vpn_compile/include» LZO_LIBS=»-L/home/user/vpn_compilelib -llzo2″
OPENSSL_SSL_CFLAGS=»-I/home/user/vpn_compile/include» OPENSSL_CRYPTO_CFLAGS=»-I/home/user/vpn_compile/include» LZO_CFLAGS=»-I/home/user/vpn_compile/include» LIBS=»-L/home/user/vpn_compile/lib -lssl -lcrypto -llzo2″
since the order of «-lssl -lcrypto -llzo2» matters. It works for me.
I just want to point out here to save others time.. some time between OpenVPN 2.3 and OpenVPN 2.4.5 the names of the variables related to OpenSSL changed from OPENSSL_SSL_CFLAGS to OPENSSL_CFLAGS as well as OPENSSL_SSL_LIBS to OPENSSL_LIBS . I was banging my head against a wall until I finally just did a diff of the ./configure —help output of the 2 versions :>
Building for a Ubiquity EdgeRouter, my final configure command for OpenVPN 2.4.5 (latest stable) ended up like this (note I added LZ4 and a few other things just to match the stock Ubiquity shipped OpenVPN:
I am building 2.4.9 (2.3.12 works with the given description, thanks for that!!):
./configure —target=arm-linux-gnueabihf —host=arm-linux-gnueabihf —prefix=/home/user/vpn_compile —disable-server —enable-static —disable-shared —disable-debug —disable-plugins OPENSSL_LIBS=»-L/home/user/vpn_compile/lib -lssl» OPENSSL_CFLAGS=»-I/home/user/vpn_compile/include» OPENSSL_CRYPTO_LIBS=»-L/home/user/vpn_compile/lib -lcrypto» OPENSSL_CRYPTO_CFLAGS=»-I/home/user/vpn_compile/include» LZO_CFLAGS=»-I/home/user/vpn_compile/include» LZO_LIBS=»-L/home/user/vpn_compile/lib -llzo2″ LIBS=»-L/home/user/vpn_compile/lib -lssl -lcrypto -llzo2″
However, resulting in:
Any idea what’s wrong?
openssl 1.1.1f
@hanneshoettinger I have no idea to be honest. I’m not working on/with this anymore.
From the error message it looks like you have to link (-l) some lib (or the proper version?) to able to compile (link) the openSSL.
Long story short: this page/tutorial and your replies saved my life. ^^
@Anubisss: many many thanks for your hard work. It’s simply awesome!
Below, a quick digest (tested twice) to build OpenVPN 2.4.9 (server & client) with lzo and lz4 for ARM using Debian 9.
Debian
apt-get install build-essential gcc-arm-linux-gnueabi ca-certificates
mkdir /home/source /home/openvpn
cd lzo-2.10
./configure —prefix=/home/openvpn —enable-static —target=arm-linux-gnueabi —host=arm-linux-gnueabi
make && make install
cd lz4-1.9.2
make && PREFIX=/home/openvpn make install
Openssl
cd openssl-1.1.1h
./Configure gcc -static -no-shared —prefix=/home/openvpn —cross-compile-prefix=arm-linux-gnueabi-
make && make install
OpenVPN
cd openvpn-2.4.9
./configure —target=arm-linux-gnueabi —host=arm-linux-gnueabi —prefix=/home/openvpn —enable-static —disable-shared —disable-debug —disable-plugins OPENSSL_CFLAGS=»-I/home/openvpn/include» OPENSSL_LIBS=»-L/home/openvpn/lib -lssl -lcrypto» LZO_CFLAGS=»-I/home/openvpn/include» LZO_LIBS=»-L/home/openvpn/lib -llzo2″ LZ4_CFLAGS=»-I/home/openvpn/include» LZ4_LIBS=»-L/home/openvpn/lib -llz4″ IFCONFIG=/sbin/ifconfig ROUTE=/sbin/route NETSTAT=/bin/netstat IPROUTE=/sbin/ip —enable-iproute2
make LIBS=»-all-static» && make install
Final
openvpn (static) binary is here!
@trendymail Great work, thank you!
Long story short: this page/tutorial and your replies saved my life. ^^
@Anubisss: many many thanks for your hard work. It’s simply awesome!
Below, a quick digest (tested twice) to build OpenVPN 2.4.9 (server & client) with lzo and lz4 for ARM using Debian 9.
Debian
apt-get install build-essential gcc-arm-linux-gnueabi ca-certificates
mkdir /home/source /home/openvpn
cd lzo-2.10
./configure —prefix=/home/openvpn —enable-static —target=arm-linux-gnueabi —host=arm-linux-gnueabi
make && make install
cd lz4-1.9.2
make && PREFIX=/home/openvpn make install
Openssl
cd openssl-1.1.1h
./Configure gcc -static -no-shared —prefix=/home/openvpn —cross-compile-prefix=arm-linux-gnueabi-
make && make install
OpenVPN
cd openvpn-2.4.9
./configure —target=arm-linux-gnueabi —host=arm-linux-gnueabi —prefix=/home/openvpn —enable-static —disable-shared —disable-debug —disable-plugins OPENSSL_CFLAGS=»-I/home/openvpn/include» OPENSSL_LIBS=»-L/home/openvpn/lib -lssl -lcrypto» LZO_CFLAGS=»-I/home/openvpn/include» LZO_LIBS=»-L/home/openvpn/lib -llzo2″ LZ4_CFLAGS=»-I/home/openvpn/include» LZ4_LIBS=»-L/home/openvpn/lib -llz4″ IFCONFIG=/sbin/ifconfig ROUTE=/sbin/route NETSTAT=/bin/netstat IPROUTE=/sbin/ip —enable-iproute2
make LIBS=»-all-static» && make install
Final
openvpn (static) binary is here!
I am getting configure: error: openssl check failed .
I fixed it, for future reference. Do Check config.log, there would be different errors. See how you can fix them
If I follow those instructions to build statically for x86_64 (remove the right -target args), I end up with a non-static build:
I have all the .a libs at the right place though.
I did a cleanup, it works, sorry for the noise:
I have follow the steps but I have a dynamic library dependency for lz4:
otool -L openvpn
openvpn:
/usr/lib/libresolv.9.dylib (compatibility version 1.0.0, current version 1.0.0)
/usr/local/lib/liblz4.1.dylib (compatibility version 1.0.0, current version 1.9.2)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1311.100.3)
I am working in macOS.
I have checked the libraries and I have the static lz4 library:
ls -l liblz4*
-rwxr-xr-x 1 pepeteg staff 156987 25 abr 23:37 liblz4.1.9.2.dylib
lrwxr-xr-x 1 pepeteg staff 18 25 abr 23:37 liblz4.1.dylib -> liblz4.1.9.2.dylib
-rw-r—r— 1 pepeteg staff 151800 25 abr 23:37 liblz4.a
lrwxr-xr-x 1 pepeteg staff 18 25 abr 23:37 liblz4.dylib -> liblz4.1.9.2.dylib
Please, could you tell me how you solved it?.
Источник
Openvpn configure error openssl check failed
Привет всем! Прошу помочь.
Начал устанавливать OpenVPN на Cent OS 5, сначала ошибка выскочила, что отсутствует lzo, установил данный пакет, затем начал заново устанавливать openvpn:./configure, появилась ошибка Configure:Error:OpenSSL Crypto Headers not found. Залез на сайт openssl, установил, затем опять попробовал — ошибка та же. Не можете подсказать, в чем проблема?Чего не хватает?
Ответить | Правка | Cообщить модератору
- Не получается установить openvpn на CentOS, rusadmin, 15:01 , 11-Апр-11, (1)
- Не получается установить openvpn на CentOS, Aleks305, 21:11 , 11-Апр-11, (5)
- Не получается установить openvpn на CentOS, Aleks305, 21:49 , 11-Апр-11, (6)
- Не получается установить openvpn на CentOS, rusadmin, 06:42 , 12-Апр-11, (9)
- Не получается установить openvpn на CentOS, Aleks305, 22:10 , 12-Апр-11, (11)
- Не получается установить openvpn на CentOS, rusadmin, 06:42 , 12-Апр-11, (9)
- Не получается установить openvpn на CentOS, xeon, 18:16 , 11-Апр-11, (2)
- Не получается установить openvpn на CentOS, rusadmin, 18:47 , 11-Апр-11, (3)
- Не получается установить openvpn на CentOS, Aleks305, 21:10 , 11-Апр-11, (4)
- Не получается установить openvpn на CentOS, Aleks305, 23:06 , 11-Апр-11, (7)
- Не получается установить openvpn на CentOS, rusadmin, 06:41 , 12-Апр-11, (8)
- Не получается установить openvpn на CentOS, Aleks305, 22:03 , 12-Апр-11, (10)
- Не получается установить openvpn на CentOS, rusadmin, 06:52 , 13-Апр-11, (12)
- Не получается установить openvpn на CentOS, Aleks305, 09:35 , 13-Апр-11, (13)
- Не получается установить openvpn на CentOS, Aleks305, 12:50 , 14-Апр-11, (14)
- Не получается установить openvpn на CentOS, rusadmin, 14:14 , 14-Апр-11, (15)
- Не получается установить openvpn на CentOS, PavelR, 16:17 , 14-Апр-11, (16)
- Не получается установить openvpn на CentOS, Aleks305, 17:42 , 14-Апр-11, ( 17 )
- Не получается установить openvpn на CentOS, PavelR, 20:56 , 16-Апр-11, ( 18 )
- Не получается установить openvpn на CentOS, Aleks305, 00:31 , 18-Апр-11, ( 19 )
- Не получается установить openvpn на CentOS, PavelR, 07:15 , 18-Апр-11, ( 20 )
- Не получается установить openvpn на CentOS, PavelR, 20:56 , 16-Апр-11, ( 18 )
- Не получается установить openvpn на CentOS, Aleks305, 17:42 , 14-Апр-11, ( 17 )
- Не получается установить openvpn на CentOS, Aleks305, 12:50 , 14-Апр-11, (14)
- Не получается установить openvpn на CentOS, Aleks305, 09:35 , 13-Апр-11, (13)
- Не получается установить openvpn на CentOS, rusadmin, 06:52 , 13-Апр-11, (12)
- Не получается установить openvpn на CentOS, Aleks305, 22:03 , 12-Апр-11, (10)
- Не получается установить openvpn на CentOS, rusadmin, 06:41 , 12-Апр-11, (8)
- Не получается установить openvpn на CentOS, rusadmin, 18:47 , 11-Апр-11, (3)
| Сообщения по теме | [Сортировка по времени | RSS] |
> Привет всем! Прошу помочь.
> Начал устанавливать OpenVPN на Cent OS 5, сначала ошибка выскочила, что отсутствует
> lzo, установил данный пакет, затем начал заново устанавливать openvpn:./configure, появилась
> ошибка Configure:Error:OpenSSL Crypto Headers not found. Залез на сайт openssl, установил,
> затем опять попробовал — ошибка та же. Не можете подсказать, в
> чем проблема?Чего не хватает?
укажите где лежат инклуды и библиотеки от OpenSSL
Все ключи видны по ./configure —help|less
| 1. «Не получается установить openvpn на CentOS» | + / – |  |
| Сообщение от rusadmin (ok) on 11-Апр-11, 15:01 | ||
| Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору |
 |
||
| 5. «Не получается установить openvpn на CentOS» | + / – |  |
| Сообщение от Aleks305 (ok) on 11-Апр-11, 21:11 | ||
|
||
| Ответить | Правка | ^ к родителю #1 | Наверх | Cообщить модератору |
|
||
| 6. «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от Aleks305 (ok) on 11-Апр-11, 21:49 | ||
ввел команду, как Вы указали, нашел такую строку Соответственно, мне нужно ввести две команды: |
||
| Ответить | Правка | ^ к родителю #1 | Наверх | Cообщить модератору |
|
||
| 9. «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от rusadmin (ok) on 12-Апр-11, 06:42 | ||
да, только предварительно сделать make clean |
||
| Ответить | Правка | ^ к родителю #6 | Наверх | Cообщить модератору |
|
||
| 11. «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от Aleks305 (ok) on 12-Апр-11, 22:10 | ||
make clean не прошла |
||
| Ответить | Правка | ^ к родителю #9 | Наверх | Cообщить модератору |
| 2. «Не получается установить openvpn на CentOS» | + / – |  |
| Сообщение от xeon (??) on 11-Апр-11, 18:16 | ||
Не страдайте ху#%ей, юзайте yum — yum install openvpn. |
||
| Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору |
|
||
| 3. «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от rusadmin (ok) on 11-Апр-11, 18:47 | ||
Ну что же вы так резко то? Может человек хочет линукс с азов изучить, без манагеров пакетов =) |
||
| Ответить | Правка | ^ к родителю #2 | Наверх | Cообщить модератору |
|
||
| 4. «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от Aleks305 (ok) on 11-Апр-11, 21:10 | ||
второе высказывание кратко и по делу)))поржал даже. Все правильно, я мало знаю Linux, специализируюсь на cisco, hp и т.д. буду пробовать через yum |
||
| Ответить | Правка | ^ к родителю #3 | Наверх | Cообщить модератору |
|
||
| 7. «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от Aleks305 (ok) on 11-Апр-11, 23:06 | ||
Такой вывод я получил, при попытке из tar получить rpm |
||
| Ответить | Правка | ^ к родителю #3 | Наверх | Cообщить модератору |
|
||
| 8. «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от rusadmin (ok) on 12-Апр-11, 06:41 | ||
А смысл получать из исходников rpm? Установите его либо с репозитория (yum install), либо из самого исходника. Сами RPM-ки можете поискать например на http://rpmfind.net/, если в репозитории нет |
||
| Ответить | Правка | ^ к родителю #7 | Наверх | Cообщить модератору |
|
||
| 10. «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от Aleks305 (ok) on 12-Апр-11, 22:03 | ||
скачал с указанного сайта openvpn-2.1.4-2.el5.rf.i386.rpm, попробовал установить, как указано на сайте openvpn Попробовал [root@localhost openvpn]# yum install openvpn-2.1.4-2.el5.rf.i386.rpm Я уже совсем запутался, что делать. почему не устанавливается? |
||
| Ответить | Правка | ^ к родителю #8 | Наверх | Cообщить модератору |
|
||
| 12. «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от rusadmin (ok) on 13-Апр-11, 06:52 | ||
yum install openvpn должен был сам по идее все зависимости подтянуть. |
||
| Ответить | Правка | ^ к родителю #10 | Наверх | Cообщить модератору |
|
||
| 13. «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от Aleks305 (ok) on 13-Апр-11, 09:35 | ||
так уже установлены. чего же он просит? и сам он ничего не подтягивает почему-то |
||
| Ответить | Правка | ^ к родителю #12 | Наверх | Cообщить модератору |
|
||
| 14. «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от Aleks305 (ok) on 14-Апр-11, 12:50 | ||
Конфиг сервера для openvpn: Запустил сервер, tun поднялся, ip-адрес у него 192.168.90.1/24, также у него появился p-t-p адрес 192.168.90.2/32 — не знаю, что это такое. не ну point-to-point я понимаю, но для чего он. На клиенте следующий конфиг: Установил на клиента openvpngui начинаю подключать, в логах подключения клиента выскакивает ошибка Я так понимаю, просто нужно каким-то образом пробросить порт на 1194 на прослушивание на eth0 интерфейс. Но как это сделать? Прошу помочь. |
||
| Ответить | Правка | ^ к родителю #13 | Наверх | Cообщить модератору |
|
||
| 15. «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от rusadmin (ok) on 14-Апр-11, 14:14 | ||
на сервере прослушайте интерфейс входящий, приходят ли вообще пакеты |
||
| Ответить | Правка | ^ к родителю #14 | Наверх | Cообщить модератору |
|
||
| 16. «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от PavelR (??) on 14-Апр-11, 16:17 | ||
Не, вы всё-таки их покажите, там скорее всего закрыто. а вот так я вижу что он слушает порт: # netstat -an|grep 1194 |
||
| Ответить | Правка | ^ к родителю #14 | Наверх | Cообщить модератору |
|
||
| 17 . «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от Aleks305 (ok) on 14-Апр-11, 17:42 | ||
# netstat -an|grep 1194 Да проблема была именно в iptables, добавил правило , openvpn заработал. ток все равно надо с ним разбираться. ну результат есть, буду дальше решать |
||
| Ответить | Правка | ^ к родителю #16 | Наверх | Cообщить модератору |
|
||
| 18 . «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от PavelR (??) on 16-Апр-11, 20:56 | ||
Лог надо прописать в конфиге, причем есть отдельная опция для append > 2) клиент получил ip 192.168.90.6/30 Используйте tap а не tun. > ну результат есть, буду дальше решать |
||
| Ответить | Правка | ^ к родителю #17 | Наверх | Cообщить модератору |
|
||
| 19 . «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от Aleks305 (ok) on 18-Апр-11, 00:31 | ||
не совсем понял после прочтения доков, случаи когда применяется tap а когда tun. Не подскажете? |
||
| Ответить | Правка | ^ к родителю #18 | Наверх | Cообщить модератору |
|
||
| 20 . «Не получается установить openvpn на CentOS» | + / – | |
| Сообщение от PavelR (??) on 18-Апр-11, 07:15 | ||
tun — ip-инкапсуляция. Соответственно, линк — точка-точка, но виндовс-драйвер может принимать (так думают разработчики openvpn) только «правильные» подсети, минимально /30 как в вашем случае. Источник Adblock |
-
Thread Starter
-
#3
Re: openssh installation error «configure: error: Your OpenS
Thanks for your reply @SirDice.
I am not able to upgrade/change the OS from RC to full release at presently since business restriction.
Kindly let me know, is there any possibilities to install
openssh
instead of using
/usr/ports
and to avoid the error (your OpenSSL headers do not match your library).
Thanks again.
Last edited by a moderator: Oct 16, 2014
-
Thread Starter
-
#5
Re: openssh installation error «configure: error: Your OpenS
Thanks @SirDice.
I have installed the freebsd » FreeBSD 8.0-RELEASE» and OpenSSL version openssl-1.0.1g successfully.
Code:
freebsd# openssl version
OpenSSL 1.0.1g 7 Apr 2014
freebsd# ssh -V
OpenSSH_5.2p1 FreeBSD-20090522, OpenSSL 0.9.8k 25 Mar 2009
freebsd#Still the SSH version uses the old SSL «OpenSSL 0.9.8k» as copied from the output above. hence I have tried to upgrade the OpenSSH (
openssh-6.6p1
). I am getting the below error message while running ./configure:
Code:
checking whether getpgrp requires zero arguments... yes
checking OpenSSL header version... 1000107f (OpenSSL 1.0.1g 7 Apr 2014)
checking OpenSSL library version... 9080bf (OpenSSL 0.9.8k 25 Mar 2009)
checking whether OpenSSL's headers match the library... no
configure: error: Your OpenSSL headers do not match your
library. Check config.log for details.
If you are sure your installation is consistent, you can disable the check
by running "./configure --without-openssl-header-check".
Also see contrib/findssl.sh for help identifying header/library mismatches.Kindly let me know how to fix this.
Thanks again.
Last edited by a moderator: Oct 16, 2014
-
#6
Re: openssh installation error «configure: error: Your OpenS
kumarbka said:
I have installed the freebsd » FreeBSD 8.0-RELEASE» and OpenSSL version openssl-1.0.1g successfully.
This got me puzzled; why would you downgrade from 9.1 to 8.0, also considering that version 8.0 is pretty much obsolete right now?
That will only worsen your problems since you’ll run across many software packages which might not even be able to build cleanly. You’re bound to come across these problems when using the ports collection.
Which is basically my suggestion: why not use the ports collection in the first place? It uses the original software package as released by the programmer / author, it provides you with all the patch files up front so you can see exactly which changes are being applied to make the software work with FreeBSD but most of all you can be assured that the software will work in your FreeBSD environment.
Check this link for an overview of which FreeBSD versions are supported (and their EOL dates).
So quite frankly I think your best solution here is to upgrade to 9.1/RELEASE and then rely on the ports to provide you with
security/openssl
, basically what @SirDice already advised. If you still want to use a later version of OpenSSH then you might want to look into
security/openssh-portable
for that.
Last edited by a moderator: Oct 16, 2014
HSM, TLS
March 8, 2021March 8, 2021
4 Minutes
A Hardware Security Module (HSM) is an external device, such as USB plugin which can securely store keystores, and do other encrpyption work. I used a Nitrokey which uses open source software.
Create the key on the HSM
pkcs11-tool –keypairgen –key-type EC:prime256v1 –login –pin 12345678 –label “my_key3”
Create the certificate request using openssl
To use the opensc pkcs11 driver for an HSM you need to pass parameters to the driver.
A typical openssl command to create a certificate request, using a pre existing private key, is
OPENSSL_CONF=hw.config openssl req -new -x509 -engine pkcs11 -keyform engine -key slot_0-label_my_key3 -sha256 -out hw.pem -subj “/C=CB/O=HW/CN=HW”
The fields for the HSM device are:
- -engine pkcs11 . This tells openssl which exernal device to use. Use the command openssl engine -vvv -tt pkcs11 to display information about the pkcs11 engine
- -keyform engine it needs to be “engine” to use the HSM.
- -key xxxx where xxxx can be in the format
- n:m where n is the slot number (“where the HSM device is plugged into – the first device is usually 0) and m is the id of the certificate, public key, or private key within the device
- slot_n-id_m where where n is the slot number (“where the HSM device is plugged into – usually 0) and m is the id within the device
- id_m m is the id within the device (slot_n defaults to slot_0)
- slot_n-label_name where where n is the slot number (“where the hsm device is plugged into – usually 0) and name is the keyname within the HSM
- label_name where name is the keyname within the HSM (and slot_n defaults to slot_0)
Note the id and labels are strings, so the id value 0100 is different from the value 100.
The command pkcs11-tool -O gave
Using slot 0 with a present token (0x0) Public Key Object; RSA 2048 bits label: Private Key ID: 0200 Usage: encrypt, verify, wrap Public Key Object; RSA 2048 bits label: my_key ID: 0100 Usage: encrypt, verify, wrap Public Key Object; RSA 2048 bits label: my_key2 ID: 0101 Usage: encrypt, verify, wrap Public Key Object; RSA 2048 bits label: my_key3 ID: 0fea4632d386a7f2469eec44daeafa84a1dbd8e2 Usage: encrypt, verify, wrap
So I could use for -key
- 0:0100
- id_0100
- slot_0-id_100
- slot_0-label_my_key
- label_my_key
The code for this is here.
The contents of the openssl config file for HSM devices
I’ve displayed the bits you need for the “engine” or HSM processing.
openssl_conf = openssl_def [openssl_def] engines = engine_section [engine_section] pkcs11 = pkcs11_section [pkcs11_section] engine_id = pkcs11 dynamic_path = /usr/lib/x86_64-linux-gnu/engines-1.1/libpkcs11.so MODULE_PATH = /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so PIN = 648219 # init = 0
The documentation for the config file is https://www.openssl.org/docs/man1.1.1/man5/config.html .
The use of an HSM is driven from an “engine”.
The relevant statements in the config file are
- openssl_conf openssl searches the config file for this entry by default. It describes which other sections should always be processed. If you use openssl req …, openssl will also process the section [req]. My file says use the section called openssl_def.
- [openssl_def] this contains the names of sections to be processed. In this case it says process the engine_section.
- [engine_section] this lists all of the engine sections to be processed. For a pkcs11 engine process I have called the section pkcs11_section.
- [pkcs11_section] this lists the individual entries for the pkcs11 engine.
- The engine_id is optional
- The dynamic path is the code for the HSM. If specified, this must come first. For the default see openssl version -e or openssl version -a.
- You can pass parameters through the HSM. Use the openssl engine -vvv -tt pkcs11 to list them. Note they are in upper case.
- The MODULE_PATH in upper case is passed through to the device.
- The PIN in upper case is passed through to the HSM. Without this, you are prompted for the pin
- Using VERBOSE = EMPTY gives more information from the HSM device.
Problems using the config file.
The following command worked
OPENSSL_CONF=eccert.config openssl req -new -x509 -engine pkcs11 -keyform engine -key id_0101 -sha256 -out hw.pem -subj “/C=CB/O=HW/CN=HW”
The following command failed
openssl req -config eccert.config -new -x509 -engine pkcs11 -keyform engine -key id_0101 -sha256 -out hw.pem -subj “/C=CB/O=HW/CN=HW”
It looks like the config file is being processed twice, so you have to use the OPENSSL_CONF variable rather than the -config option.
The error messages are
- engine “pkcs11” set.
- Using configuration from eccert.config
- Error configuring OpenSSL modules
- engine routines:engine_list_add:conflicting engine id:../crypto/engine/eng_list.c :63. I think this is reporting it has already been processed and exists in the list of engines.
- engine routines:ENGINE_add:internal list error:../crypto/engine/eng_list.c :223:
- engine routines:dynamic_load:conflicting engine id:../crypto/engine/eng_dyn.c :502:
- engine routines:int_engine_configure:engine configuration error:../crypto/engine/eng_cnf.c :141: section=pkcs11_section, name=dynamic_path, value=/usr/lib/x86_64-linux-gnu/engines-1.1/libpkcs11.so These are the parts of my configuration file.
- configuration file routines:module_run:module initialization error:../crypto/conf/conf_mod.c: 174:module=engines, value=engine_section2, retcode=-1
Some other error messages
With no MODULE_PATH in the configuration file
- engine “pkcs11” set.
- No private keys found.
- PKCS11_get_private_key returned NULL
- cannot load Private Key from engine
- pkcs11 engine:ctx_load_privkey:object not found:eng_back.c:876:
- engine routines:ENGINE_load_private_key:failed loading private key:../crypto/engine/eng_pkey.c:78:
- unable to load Private Key
Published by Colin Paice
I retired from IBM where I worked on MQ on z/OS, and did customer stuff.
I retired, and keep my hand in with MQ, by playing with it!
View all posts by Colin Paice
Published
March 8, 2021March 8, 2021