osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLSv1.3 supprt for 2.4.x?


With the recent release of openssl 1.1.1 back on Sept 11 that supports TLS 1.3 final RFC 8446, I believe demand for this backport will steadily increase. Thank you Stephan for proposing this backport branch.

FreeBSD 11.2-RELEASE-p3
Apache/2.4.35-dev (Unix)
OpenSSL/1.1.1

I've compiled and am running this branch and hosting a web site successfully providing TLSv1.3 (rfc8446)
I can negotiate a TLS 1.3 connection from another openssl 1.1.1 client. I am also successful connecting with Firefox Nightly 64.0a1. Support for RFC 8446 was added in version 63 which is expected to ship October 2018.

There is one error that I receive during initial 'make' if the package converters/libiconv is installed on the system:
/usr/local/apache2/tlsv1.3-for-2.4.x/srclib/apr/libtool --silent --mode=link cc  -g -O2      -L/usr/local/lib   -o htpasswd  htpasswd.lo passwd_common.lo      /usr/local/apache2/tlsv1.3-for-2.4.x/srclib/apr/libapr-2.la -lcrypt -lcrypt -lpthread -lexpat -lcrypt
/usr/local/apache2/tlsv1.3-for-2.4.x/srclib/apr/.libs/libapr-2.so: undefined reference to `libiconv'
/usr/local/apache2/tlsv1.3-for-2.4.x/srclib/apr/.libs/libapr-2.so: undefined reference to `libiconv_close'
/usr/local/apache2/tlsv1.3-for-2.4.x/srclib/apr/.libs/libapr-2.so: undefined reference to `libiconv_open'
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** Error code 1

Stop.
make[2]: stopped in /usr/local/apache2/tlsv1.3-for-2.4.x/support
*** Error code 1

Stop.
make[1]: stopped in /usr/local/apache2/tlsv1.3-for-2.4.x/support
*** Error code 1

Temporarily uninstalling libiconv allows 'make' to finish.
However libiconv must be reinstalled prior to 'make install' to avoid another error:
Installing HTML documents
mkdir /usr/local/apache2/htdocs
Shared object "libiconv.so.2" not found, required by "rsync"
*** Error code 1 (ignored)
...
mkdir /usr/local/apache2/manual
Shared object "libiconv.so.2" not found, required by "rsync"
*** Error code 1

Stop.
make[1]: stopped in /usr/local/apache2/tlsv1.3-for-2.4.x
*** Error code 1

rsync is the only pkg that depends on libiconv so i'm not sure why it would interfere in the make process.

After successfully compiling and installing this branch, httpd appears to have the backported features working.
Thank you everyone for all your efforts in bringing this backport proposal forward.

Cheers,

Dennis


Sent from the Apache HTTP Server - Dev mailing list archive at Nabble.com.