[Date Prev][Date Next] [Chronological] [Thread] [Top]

configure problems



Hello,

I am trying to make the latest openssl using the option --with-tls,
and I don't think it is completely working.  The configure script doesn't
complain, well, here is the output that I am concerned about:

checking for openssl/ssl.h... yes
checking for ssl.h... no
checking for SSLeay_add_ssl_algorithms in -lssl... no
checking for SSL_library_init in -lssl... yes

Mainly the third line, where it can't find those darned ssleay
algorithms...are these necessary in order to get tls to work properly?  I
would really like to see a 'yes' there regardless, so how do I get one?

I am compiling openldap 2.0.11 on a rh7.1 box with openssl-9.6.3.
Openssl is installed in /usr/share/ssl, and I have included the following
compiler flags:

export LDFLAGS='-L/usr/local/src/ldaptools/lib -L/usr/share/ssl/lib -L/usr/lib'
export CPPFLAGS='-I/usr/local/src/ldaptools/include -I/usr/share/ssl/include -I/usr/include'


I am also using the netscape directory sdk 5.0, which is located in
/usr/local/src/ldaptools.

Is there something I am missing here?

I should also note that after I get it compiled, and when I try to use
ldapsearch with localhost:636 in debug on both sides, the server gives
some errors from tls saying that it is getting an invalid hello/handshake:

here is the error:

TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
  0000:  30 0c 02 01 01 60 07 02  01 03 04                  0....`.....
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
s23_srvr.c:565

I am thinking that getting tls to work with openldap should be this
difficult (I've spent over three weeks trying, among other things),
especially since other people have gotten it work, with seemingly little
to no major problems.

What am I doing wrong?
Andy