[SERVER-9031] Support for libssl 0.9.8k without FIPS_mode_set Created: 20/Mar/13 Updated: 11/Jul/16 Resolved: 29/Aug/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.4.0, 2.5.0 |
| Fix Version/s: | 2.5.3 |
| Type: | Question | Priority: | Major - P3 |
| Reporter: | Ernie Hershey | Assignee: | Eric Milkie |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Ubuntu 10.04, OSX 10.8.3 |
||
| Issue Links: |
|
||||||||||||||||
| Participants: | |||||||||||||||||
| Description |
|
This is the error trying to compile now in Ubuntu 10.04: g++ -o build/linux2/release/ssl/mongo/util/net/ssl_manager.o -c -Wnon-virtual-dtor -Woverloaded-virtual -fPIC -fno-strict-aliasing -ggdb -pthread -Wno-unknown-pragmas -Winvalid-pch -pipe -fno-builtin-memcmp -O3 -DBOOST_ALL_NO_LIB -D_SCONS -DMONGO_EXPOSE_MACROS -DSUPPORT_UTF8 -D_FILE_OFFSET_BITS=64 -DMONGO_SSL -DMONGO_HAVE_HEADER_UNISTD_H -DMONGO_HAVE_EXECINFO_BACKTRACE -DNETSNMP_NO_INLINE -Ibuild/linux2/release/ssl/third_party/libstemmer_c/include -Isrc/third_party/libstemmer_c/include -Ibuild/linux2/release/ssl/third_party/s2 -Isrc/third_party/s2 -Ibuild/linux2/release/ssl/third_party/boost -Isrc/third_party/boost -Ibuild/linux2/release/ssl/third_party/pcre-8.30 -Isrc/third_party/pcre-8.30 -Ibuild/linux2/release/ssl -Isrc -Ibuild/linux2/release/ssl/mongo -Isrc/mongo -Ibuild/linux2/release/ssl/third_party/s2 -Isrc/third_party/s2 -Ibuild/linux2/release/ssl/third_party/snappy -Isrc/third_party/snappy -Ibuild/linux2/release/ssl/third_party/v8/include -Isrc/third_party/v8/include src/mongo/util/net/ssl_manager.cpp |
| Comments |
| Comment by auto [ 29/Aug/13 ] | |
|
Author: {u'username': u'milkie', u'name': u'Eric Milkie', u'email': u'milkie@10gen.com'}Message: | |
| Comment by Eric Milkie [ 10/Jun/13 ] | |
|
Yes, that is acceptable. | |
| Comment by Randall Hunt [ 10/Jun/13 ] | |
|
so would something like this be acceptable:
| |
| Comment by Eric Milkie [ 10/Jun/13 ] | |
|
Note that --extrapath is not a well-coded parameter and we will be removing it soon (for example, it forces release mode on, even when you use --dd). Using --cpppath is okay but typically you must use it in conjunction with --libpath (to specify both the include and lib directories of your OpenSSL installation). Using one without the other might work depending on how you installed things, but I cannot recommend it. | |
| Comment by Tyler Brock [ 10/Jun/13 ] | |
|
This worked for me where --cpppath did not:
| |
| Comment by Uladzimir Mihura [ 22/May/13 ] | |
|
Works fine with openssl 1.0.1e just add it into includes via --cpppath flag
-vova |