On Linode Server, it has already installed openssl, but version is 1.1.0. But I want to try some features like TLSv1_3, so I decide to upgrade it to latest version.
My old openssl version like this:
OpenSSL 1.1.0g 2 Nov 2017 built on: reproducible build, date unspecified platform: debian-amd64 compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR=""/usr/lib/ssl"" -DENGINESDIR=""/usr/lib/x86_64-linux-gnu/engines-1.1"" OPENSSLDIR: "/usr/lib/ssl" ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-1.1"
Due to it is “upgrade”, so I try to retain as original as possible. Through some website I made this ./config command.
./config --prefix=/usr --openssldir=/usr/lib/ssl threads shared zlib-dynamic no-ssl no-tls1 no-tls1_1 -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DENGINESDIR=/usr/lib/x86_64-linux-gnu/engines-1.1
It’s long, but important is last phrase: -DENGINESDIR=/usr/lib/x86_64-linux-gnu/engines-1.1
And problem happended when I used make command. Here are the error message:
<command-line>:0:0: warning: "ENGINESDIR" redefined
<command-line>:0:0: note: this is the location of the previous definition
crypto/cversion.c: In function 'OpenSSL_version':
<command-line>:0:13: error: 'usr' undeclared (first use in this function)
crypto/cversion.c:38:33: note: in expansion of macro 'ENGINESDIR'
return "ENGINESDIR: "" ENGINESDIR """;
^~~~~~~~~~
<command-line>:0:13: note: each undeclared identifier is reported only once for each function it appears in
crypto/cversion.c:38:33: note: in expansion of macro 'ENGINESDIR'
return "ENGINESDIR: "" ENGINESDIR """;
^~~~~~~~~~
<command-line>:0:17: error: 'lib' undeclared (first use in this function); did you mean 'ldiv'?
crypto/cversion.c:38:33: note: in expansion of macro 'ENGINESDIR'
return "ENGINESDIR: "" ENGINESDIR """;
^~~~~~~~~~
<command-line>:0:21: error: 'x86_64' undeclared (first use in this function); did you mean '__x86_64'?
crypto/cversion.c:38:33: note: in expansion of macro 'ENGINESDIR'
return "ENGINESDIR: "" ENGINESDIR """;
^~~~~~~~~~
<command-line>:0:34: error: 'gnu' undeclared (first use in this function)
crypto/cversion.c:38:33: note: in expansion of macro 'ENGINESDIR'
return "ENGINESDIR: "" ENGINESDIR """;
^~~~~~~~~~
<command-line>:0:38: error: 'engines' undeclared (first use in this function); did you mean 'engine_st'?
crypto/cversion.c:38:33: note: in expansion of macro 'ENGINESDIR'
return "ENGINESDIR: "" ENGINESDIR """;
^~~~~~~~~~
crypto/cversion.c:38:44: error: expected ';' before string constant
return "ENGINESDIR: "" ENGINESDIR """;
^~~~
It seems split my directory into different pars…
That’s it, my question is should I set ENGINESDIR manully? If i discard -DENGINESDIR param could ENGINES also point to /usr/lib/x86_64-linux-gnu/engines-1.1? Or there are any better choise? I am not familiar with openssl, I can only write command like that from lots of google.😂
PS1:My new openssl version is 1.1.1-pre9
Advertisement
Answer
The output of openssl version -a mentions in the line that starts with copmpiler:
-DENGINESDIR=""/usr/lib/x86_64-linux-gnu/engines-1.1""
This is the same as you had, but with double double quotes around it, the inner ones escaped.
In order to achieve that inside your config script, you will have to escape the double quotes and backslashes, since those will be expanded as soon as you invoke the script. This should do the trick when invoking config:
-DENGINESDIR="\"/usr/lib/x86_64-linux-gnu/engines-1.1\""
Update
After the OP’s remarks in his own answer, I spent a bit more time looking at this issue by trying different things myself. The approach proposed above does remove the compilation error and allows the build to complete. However, it is not the correct solution.
To dig more into this, I used the following command to set up the Makefile.
$ ./config --prefix=/tmp/openssl -DENGINESDIR="\"/tmp/openssl-engines\""
The resulting output when doing make install after that contained many lines like these:
gcc -I. -Icrypto/include -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG
-DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM
-DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM
-DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM
-DENGINESDIR=""/tmp/openssl-engines"" -DOPENSSLDIR=""/tmp/openssl/ssl""
-DENGINESDIR=""/tmp/openssl/lib/engines-1.1"" -Wall -O3 -pthread -m64
-DL_ENDIAN -Wa,--noexecstack -fPIC -DOPENSSL_USE_NODELETE
-MMD -MF crypto/bn/bn_div.d.tmp -MT crypto/bn/bn_div.o -c
-o crypto/bn/bn_div.o crypto/bn/bn_div.c
<command-line>:0:0: warning: "ENGINESDIR" redefined
<command-line>:0:0: note: this is the location of the previous definiti
Note that -DENGINESDIR appears twice, hence the warning emitted. The last one overrides the first one so this does not result in the desired outcome.
Further investigation shows, like the OP indicated in his answer as well, the Makefile has a “hardcoded” line ENGINESDIR=$(libdir)/engines-1.1 that can not be overridden and is preventing customization of this aspect. It is therefore useless to use the -DENGINES value with Configure.
Without going into too much detail: to make the ENGINESDIR value configurable, the file Configurations/unix-Makefile.tmpl has to be modified to contain the following lines, similar to those for the openssldir setting:
ENGINESDIR={- use File::Spec::Functions;
our $enginesdir =
$config{enginesdir} ?
(file_name_is_absolute($config{enginesdir}) ?
$config{enginesdir}
: catdir($prefix, $config{enginesdir}))
: catdir($prefix, "engines");
$enginesdir -}
and a handful of lines need to be added to the Configure file to introduce the actual --enginesdir parameter.
After doing that, the following sequence of commands did work as expected:
$ ./config --prefix=/tmp/openssl --enginesdir=/tmp/openssl-engines $ make && make install && make install_engines
This is all way beyond what the OP was asking for and I threw a few hours into the black hole called OpenSSL, but it was educational anyway.