undefined symbol: SSLv2_client_method

Question

I am trying to update openssl-1.0.1e to 1.0.1s. It\'s source compile. After I done the following step,

1. cd openssl-1.0.1s

2. ./config --shared

Answer 1

... undefined symbol: SSLv2_client_method

It appears SSLv2_client_method and friends were accidentally removed from the 1.0.1 and 1.0.2 branches of the library. See Issue #4398: BUG / 1.0.2g breaks CURL extension dated March 8, 2016 on the OpenSSL developer mailing list.

Dose anyone know any solutions?

It was fixed with Commit 133138569f37d149, Retain SSLv2 methods as functions that return NULL. You should be able to patch ssl/s2_meth.c manually with:

-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
+SSL_METHOD *SSLv2_method(void) { return NULL; }
+SSL_METHOD *SSLv2_client_method(void) { return NULL; }
+SSL_METHOD *SSLv2_server_method(void) { return NULL; }

---

Related, this is not quite correct:

I also tried ./config --prefix=/usr enable-shared -no-ssl2

Its no-ssl2, not -no-ssl2. Also see Compilation and Installation | Configure Options on the OpenSSL wiki.

Also, --prefix=/usr can be dangerous because it usually breaks system utilities that use the system's version of the library. Sometimes the distro applies patches that are not present in OpenSSL's sources (Ubuntu comes to mind).

Usually what you want is --openssldir=/usr/local/.... It looks like you built Apache yourself, so you should be able to use it. You can fetch the latest OpenSSL, include an RPATH in the CFLAGS, build OpenSSL, install it into /usr/local, and then build Apache against that version of OpenSSL. Information on adding an RPATH in the CFLAGS can be found at Compilation and Installation on the OpenSSL wiki.