I am trying to update openssl-1.0.1e to 1.0.1s. It\'s source compile. After I done the following step,
cd openssl-1.0.1s
./config --shared
... undefined symbol: SSLv2_client_method
It appears SSLv2_client_method
and friends were accidentally removed from the 1.0.1 and 1.0.2 branches of the library. See Issue #4398: BUG / 1.0.2g breaks CURL extension dated March 8, 2016 on the OpenSSL developer mailing list.
Dose anyone know any solutions?
It was fixed with Commit 133138569f37d149, Retain SSLv2 methods as functions that return NULL. You should be able to patch ssl/s2_meth.c
manually with:
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
+SSL_METHOD *SSLv2_method(void) { return NULL; }
+SSL_METHOD *SSLv2_client_method(void) { return NULL; }
+SSL_METHOD *SSLv2_server_method(void) { return NULL; }
Related, this is not quite correct:
I also tried
./config --prefix=/usr enable-shared -no-ssl2
Its no-ssl2
, not -no-ssl2
. Also see Compilation and Installation | Configure Options on the OpenSSL wiki.
Also, --prefix=/usr
can be dangerous because it usually breaks system utilities that use the system's version of the library. Sometimes the distro applies patches that are not present in OpenSSL's sources (Ubuntu comes to mind).
Usually what you want is --openssldir=/usr/local/...
. It looks like you built Apache yourself, so you should be able to use it. You can fetch the latest OpenSSL, include an RPATH in the CFLAGS
, build OpenSSL, install it into /usr/local
, and then build Apache against that version of OpenSSL. Information on adding an RPATH in the CFLAGS
can be found at Compilation and Installation on the OpenSSL wiki.