Trouble with OpenSSL on RHEL 6.3 and all Ruby installers -


openssl not appear compiling correctly when installing version of ruby on our rhel 6.3 system. have been trying leave user installs of rvm behind , replace them root installs via ruby-install , chruby. openssl works okay in our rvm user installs (with prescribed rvm fix) in built-in system install of ruby 1.8.7 in /usr/bin.

openssl broken in each ruby version have tried ruby-install, ruby-build, , rvm when using latest suggested fix. 1.9.3-p392 (our prod version), 1.9 latest, , 2.1.0 current. have tried every openssl fix/workaround can find, such --with-openssl-dir=/some/dir config pointing various openssl folders, nothing works me.

here relevant messages few of many attempts: 

[root@dbatcit ~]# ruby-install ruby >>> installing ruby 2.1.0 /opt/rubies/ruby-2.1.0 ... >>> installing dependencies ruby 2.1.0 ... loaded plugins: product-id, rhnplugin, security, subscription-manager updating certificate-based repositories. unable read consumer identity setting install process package gcc-4.4.7-4.el6.x86_64 installed , latest version package automake-1.11.1-4.el6.noarch installed , latest version package zlib-devel-1.2.3-29.el6.x86_64 installed , latest version package libyaml-devel-0.1.3-1.el6.x86_64 installed , latest version package openssl-devel-1.0.1e-16.el6_5.4.x86_64 installed , latest version package gdbm-devel-1.8.0-36.el6.x86_64 installed , latest version package readline-devel-6.0-4.el6.x86_64 installed , latest version package ncurses-devel-5.7-3.20090208.el6.x86_64 installed , latest version package libffi-devel-3.0.5-3.2.el6.x86_64 installed , latest version nothing . . make[2]: entering directory `/usr/local/src/ruby-2.1.0/ext/openssl' compiling ossl_pkey.c compiling ossl_ssl.c ossl_ssl.c:121: error: âtlsv1_2_methodâ undeclared here (not in function) ossl_ssl.c:122: error: âtlsv1_2_server_methodâ undeclared here (not in function) ossl_ssl.c:123: error: âtlsv1_2_client_methodâ undeclared here (not in function) ossl_ssl.c:127: error: âtlsv1_1_methodâ undeclared here (not in function) ossl_ssl.c:128: error: âtlsv1_1_server_methodâ undeclared here (not in function) ossl_ssl.c:129: error: âtlsv1_1_client_methodâ undeclared here (not in function) make[2]: *** [ossl_ssl.o] error 1 make[2]: leaving directory `/usr/local/src/ruby-2.1.0/ext/openssl' make[1]: *** [ext/openssl/all] error 2 make[1]: leaving directory `/usr/local/src/ruby-2.1.0' make: *** [build-ext] error 2 !!! compiling ruby 2.1.0 failed!    [root@dbatcit ~]# ruby-install ruby 1.9 >>> installing ruby 1.9.3-p484 /opt/rubies/ruby-1.9.3-p484 ... >>> installing dependencies ruby 1.9.3-p484 ... loaded plugins: product-id, rhnplugin, security, subscription-manager updating certificate-based repositories. unable read consumer identity setting install process package gcc-4.4.7-4.el6.x86_64 installed , latest version package automake-1.11.1-4.el6.noarch installed , latest version package zlib-devel-1.2.3-29.el6.x86_64 installed , latest version package libyaml-devel-0.1.3-1.el6.x86_64 installed , latest version package openssl-devel-1.0.1e-16.el6_5.4.x86_64 installed , latest version package gdbm-devel-1.8.0-36.el6.x86_64 installed , latest version package readline-devel-6.0-4.el6.x86_64 installed , latest version package ncurses-devel-5.7-3.20090208.el6.x86_64 installed , latest version package libffi-devel-3.0.5-3.2.el6.x86_64 installed , latest version nothing . . make[2]: entering directory `/usr/local/src/ruby-1.9.3-p484/ext/openssl' compiling ossl_pkey.c compiling ossl_ssl.c compiling ossl_pkcs12.c compiling ossl_bn.c compiling ossl_hmac.c ossl_hmac.c: in function âossl_hmac_copyâ: ossl_hmac.c:90: warning: implicit declaration of function âhmac_ctx_copyâ compiling ossl_asn1.c compiling ossl.c compiling ossl_bio.c compiling ossl_pkey_rsa.c compiling ossl_ocsp.c ossl_ocsp.c: in function âossl_ocspreq_add_certidâ: ossl_ocsp.c:180: warning: function called through non-compatible type ossl_ocsp.c:180: note: if code reached, program abort ossl_ocsp.c: in function âossl_ocspreq_get_certidâ: ossl_ocsp.c:200: warning: function called through non-compatible type ossl_ocsp.c:200: note: if code reached, program abort ossl_ocsp.c: in function âossl_ocspbres_get_statusâ: ossl_ocsp.c:541: warning: function called through non-compatible type ossl_ocsp.c:541: note: if code reached, program abort compiling ossl_pkey_dh.c ossl_pkey_dh.c: in function âossl_dh_initializeâ: ossl_pkey_dh.c:184: warning: function called through non-compatible type ossl_pkey_dh.c:184: note: if code reached, program abort ossl_pkey_dh.c: in function âossl_dh_to_public_keyâ: ossl_pkey_dh.c:372: warning: function called through non-compatible type ossl_pkey_dh.c:372: note: if code reached, program abort compiling ossl_ns_spki.c compiling ossl_x509attr.c compiling ossl_x509name.c ossl_x509name.c: in function âossl_x509name_hash_oldâ: ossl_x509name.c:342: warning: implicit declaration of function âx509_name_hash_oldâ compiling ossl_pkcs7.c compiling ossl_pkey_ec.c ossl_pkey_ec.c: in function âossl_ec_group_initializeâ: ossl_pkey_ec.c:784: warning: function called through non-compatible type ossl_pkey_ec.c:784: note: if code reached, program abort ossl_pkey_ec.c: in function âossl_ec_group_to_stringâ: ossl_pkey_ec.c:1154: warning: function called through non-compatible type ossl_pkey_ec.c:1154: note: if code reached, program abort compiling ossl_ssl_session.c ossl_ssl_session.c: in function âossl_ssl_session_initializeâ: ossl_ssl_session.c:53: warning: function called through non-compatible type ossl_ssl_session.c:53: note: if code reached, program abort ossl_ssl_session.c:57: warning: function called through non-compatible type ossl_ssl_session.c:57: note: if code reached, program abort ossl_ssl_session.c: in function âossl_ssl_session_to_pemâ: ossl_ssl_session.c:251: warning: function called through non-compatible type ossl_ssl_session.c:251: note: if code reached, program abort compiling openssl_missing.c compiling ossl_x509.c compiling ossl_x509cert.c compiling ossl_digest.c compiling ossl_pkcs5.c ossl_pkcs5.c: in function âossl_pkcs5_pbkdf2_hmacâ: ossl_pkcs5.c:39: warning: implicit declaration of function âpkcs5_pbkdf2_hmacâ compiling ossl_rand.c compiling ossl_engine.c compiling ossl_x509crl.c compiling ossl_cipher.c ossl_cipher.c: in function âossl_cipher_copyâ: ossl_cipher.c:143: warning: implicit declaration of function âevp_cipher_ctx_copyâ compiling ossl_x509ext.c compiling ossl_config.c compiling ossl_x509store.c compiling ossl_x509revoked.c compiling ossl_pkey_dsa.c compiling ossl_x509req.c linking shared-object openssl.so installing default openssl libraries make[2]: leaving directory `/usr/local/src/ruby-1.9.3-p484/ext/openssl' . . >>> installed ruby 1.9.3-p484 /opt/rubies/ruby-1.9.3-p484

note ossl warnings above.

restart session. test system ruby 1.8.7 openssl: works. test ruby-install ruby 1.9.3 openssl: fails.

[root@dbatcit ~]# chruby    ruby-1.9.3-p484 [root@dbatcit ~]# ruby /usr/bin/ruby [root@dbatcit ~]# ruby -v ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux] [root@dbatcit ~]# ruby -ropenssl -e "puts openssl::version" 1.0.0 [root@dbatcit ~]# chruby 1.9 [root@dbatcit ~]# chruby  * ruby-1.9.3-p484 [root@dbatcit ~]# ruby /opt/rubies/ruby-1.9.3-p484/bin/ruby [root@dbatcit ~]# ruby -v ruby 1.9.3p484 (2013-11-22 revision 43786) [x86_64-linux] [root@dbatcit ~]# ruby -ropenssl -e "puts openssl::version" /opt/rubies/ruby-1.9.3-p484/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': /opt/rubies/ruby-1.9.3-p484/lib/ruby/1.9.1/x86_64-linux/openssl.so: undefined symbol: ec_group_new_curve_gf2m - /opt/rubies/ruby-1.9.3-p484/lib/ruby/1.9.1/x86_64-linux/openssl.so (loaderror)         /opt/rubies/ruby-1.9.3-p484/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require'         /opt/rubies/ruby-1.9.3-p484/lib/ruby/1.9.1/openssl.rb:17:in `<top (required)>'         /opt/rubies/ruby-1.9.3-p484/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require'         /opt/rubies/ruby-1.9.3-p484/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require' [root@dbatcit ~]#   [root@dbatcit ~]# -a openssl /usr/bin/openssl /usr/local/bin/openssl [root@dbatcit ~]# openssl version openssl 1.0.1e-fips 11 feb 2013 [root@dbatcit ~]# /usr/local/bin/openssl version openssl 0.9.8d 28 sep 2006

test rvm ruby 1.9.3 openssl in user home: works.

[userbob@dbatcit ~]$ ruby -v ruby 1.9.3p392 (2013-02-22 revision 39386) [x86_64-linux] [userbob@dbatcit ~]$ ruby -ropenssl -e "puts openssl::version" 1.1.0 [userbob@dbatcit ~]$ openssl /usr/local/bin/openssl [userbob@dbatcit ~]$ openssl version openssl 0.9.8d 28 sep 2006 [userbob@dbatcit ~]$ .rvm/usr/bin/openssl version openssl 1.0.1c 10 may 2012

after far many hours of research, , learning far more linux ever cared to, have narrowed problem basic peculiarities of rhel , openssl , incorrect assumption made ruby (extconf.rb) during installation. following sites gave me clues @ found nothing put needed.

...and not whole bunch of red herrings involving ruby patches , ec2m. also, rvm needs correct optimism have accounted autolibs , should reinstate previous openssl page.

basic solution rules

rule 1

the install of openssl (1.0.1e) created , maintained yum in /usr/bin cannot used compile ruby's openssl extension correctly -- @ least, not on machine @ time latest versions of ruby (1.9.3-p484, 2.0.0, 2.1.0). rhel 6.3. can surmise due peculiarities in redhat's compilation of openssl hinted @ in openssl faq.

rule 2

i found 2 old versions (0.9.8) of openssl in /usr/local (in bin + openssl, , ssl/bin) , updating/replacing these got me bit closer solution. whatever reason, every manual install of openssl 1.0.1f in /usr/local (regardless of bin,openssl,ssl directory arrangement) insisted on putting libraries in /usr/local/lib64 instead of /usr/local/lib (unless hacked makefile, of course). ruby's expconf.rb script, however, assumes openssl libraries in lib directory. chasing down single annoyance (and clash openssl) hardest part of this. therefore, make using install of openssl in /usr/local work, must 2 things: (1) install ruby --with-openssl-dir switch, , (2) recompile ruby's openssl extension while modifying makefile point lib64 instead of lib. thus, run following string of commands root:

ruby-install ruby 1.9.3-p545 -- --with-openssl-dir=/usr/local cd /usr/local/src/ruby-1.9.3-p545/ext/openssl ruby extconf.rb

edit openssl's makefile replace this:

  libpath = . $(libdir) /usr/local/lib   libpath =  -l. -l$(libdir) -wl,-r$(libdir) -l/usr/local/lib -wl,-r/usr/local/lib

with this:

  libpath = . $(libdir) /usr/local/lib64   libpath =  -l. -l$(libdir) -wl,-r$(libdir) -l/usr/local/lib64 -wl,-r/usr/local/lib64

save, , command line:

make make install

the new ruby install should work openssl properly. quick check, restart sudo session , (assuming using chruby):

chruby 1.9 ruby -ropenssl -e "puts openssl::version"

rule 3

installing openssl anywhere besides /usr puts libraries in expected lib instead of lib64. (don't ask me why... dunno.) may more maintainable solution lets avoid hacking makefile. solution rvm uses when running rvm pkg install openssl. thus, install both openssl , ruby (in /opt), may run commands these (i run sudo bash):

install openssl:

cd /opt/local wget http://www.openssl.org/source/openssl-1.0.1f.tar.gz tar -xzf openssl-1.0.1f.tar.gz cd openssl-1.0.1f ./config --prefix=/opt/local shared no-asm zlib > openssl_config.log make > openssl_make.log make install > openssl_install.log

(the shared switch required ruby install without error, no-asm switch helps rid of make warning not appear required, , zlib , other switches optional.)

optional, update openssl certs:

cd /opt/local/ssl wget http://curl.haxx.se/ca/cacert.pem mv cacert.pem cert.pem cd /opt

back ruby:

ruby-install ruby 1.9.3-p545 -- --with-openssl-dir=/opt/local

the new ruby install should work openssl properly. quick check, restart sudo session , (assuming using chruby):

chruby 1.9 ruby -ropenssl -e "puts openssl::version"

Comments

Post a Comment

Popular posts from this blog

php - SPIP: From Tag directly to an article -

i work spip , plugin called tagsphere works fine tags in spip. have tag groupe put 1 article tag. when click on tag in tagsphere send me before menu can see articles linked tag. want send me directly article without see tag menu before. here code model of thagsphere: <div id="tagsphere-#env{id_article}"> <ul> <boucle_mot(mots){id_groupe ?}> <li>[<a href="#url_mot">(#titre)</a>]</li> </boucle_mot> </ul> </div> anybody idea? if want skip tag page, have link directly article. <b_article> block prevents display tag if no article linked. <div id="tagsphere-#env{id_article}"> <ul> <boucle_mot(mots){id_groupe ?}> <b_article> <li> <a<boucle_article(articles){...
Read more

jquery - isAjaxRequest always return false -

i got error message 404,'model has not been saved' following code my action controller public function actionextend($id) { $model=$this->loadmodel($id); if(yii::app()->request->isajaxrequest) { $model->todate = date('y-m-d h:i:s a',(strtotime('next month',strtotime(date('y-01-d'))))); if($model->save()) { yii::app()->end(); } else { throw new chttpexception(404,'model has not been saved'); } } } the jquery call $("#buttonextend<?php echo $this->post_row;?>").click(function(e){ $.ajax({ type: "post", url: "<?php echo yii::app()->createurl('post/extend', array('id' => $data['id'])); ?>", }); }); why not ajax call ? thank help i found response, missed } , function ...
Read more

ruby on rails - In a controller spec, how to find a specific tag in the generated view? -

i know integration tests preferred need ran in controller test, i'm testing gem injecting html code in view, xhr can't run in feature spec (if can, please explain me how :) ) so rspec controller tests can assert selector present (with capybara) : response.body.should have_selector('#foobar') has_selector? call all method capybara find selector. what want last child of body , assert id in particular. afaik it's not possible have_selector. what : all('body:first-child').first.id.should == '#foobar' however, capybara dsl, defined (more or less): def all(*args) page.all(*args) end and page empty unless use visit it's integrations specs. how can use capybara all method inside rspec controller test ? i can't test right after googling seems trick def page capybara::node::simple.new(response.body) end source
Read more