Closed victorvat closed 3 years ago
alexis-gruet-deel
commented
6 years ago If You are using ubuntu > 14.04 then You will face this pb as the libssl shipped is 1.1.x. Libssl has changed (opaque structure). Moreover, if You plan to use ssl, You will certainly rely on modules like Rampart/c. I don't know if this will compile with the newest of libssl (certainly not).
victorvat
commented
6 years ago You mean I should use Rampart/c instead of OpenSSL ? If it is possible, could You send any links to manuals and examples, please.
alexis-gruet-deel
commented
6 years ago no :) I mean that Rampart/c is a dependency / module of Axis2/c and both depends on libssl. Axis2 and Rampart/c works currently on libssl < 1.1.x. To make at least Axis2/c working on the latest of libssl 1.1.x a refactoring is needed on Axis2/c. A workaround consist to compile libssl 1.0.2-g on Your ubuntu version and use this lib when compiling Axis2/c.
victorvat
commented
6 years ago Thank You. I've got it. I need to downgrade ssl .. But I guess the problem will arise again after apt upgrade ..
alexis-gruet-deel
commented
6 years ago You cannot downgrade libssl as modern versions of Ubuntu embed other libs depending of the latest of libssl. Just grab the sources of openssl-1.0.2-g, then compile it as a shared lib for Your arch and then compile Axis2/c with this libssl and associated headers. This should work. pls note, I don't tested but I'm more or less sure it should work that way.
victorvat
commented
6 years ago It is an interesting option. I will try.
victorvat
commented
6 years ago I have sucessfully installed openssl-1.0.2-g into nonstandard place /opt/openssl. But I can't find option to configure axis2c-unofficial for using that path. I've tried with-openssl=/opt/openssl and enable-openssl=/opt/openssl. The axis2c either use standard path /usr/include or not use ssl at all.
PS: official apache/axis2c configure is able to recognize the with-openssl=/opt/openssl option
I compile the AXIS2C on last release of Ubuntu server with the latest version of OpenSSL. Configured with options: --enable-libxml2 --with-openssl --enable-debug --enable-trace
Here is the error output:
... ssl/ssl_utils.c: In function ‘axis2_ssl_utils_initialize_ssl’: ssl/ssl_utils.c:173:35: error: dereferencing pointer to incomplete type ‘X509 {aka struct x509_st}’ if (peer_cert && peer_cert->cert_info) ^~ ssl/ssl_utils.c:181:71: error: dereferencing pointer to incomplete type ‘X509_STORE {aka struct x509_store_st}’ client_object = X509_OBJECT_retrieve_by_subject(cert_store->objs, ^~ ssl/ssl_utils.c:187:41: error: dereferencing pointer to incomplete type ‘X509_OBJECT {aka struct x509_object_st}’ client_cert = (client_object->data).x509;
...