Opened 16 years ago

Closed 16 years ago

Last modified 15 years ago

#13182 closed defect (fixed)

Apache2 failure to start due to mod_ssl loading problem under Mac OS X 10.5 Leopard

Reported by: zach@… Owned by: ryandesign (Ryan Carsten Schmidt)
Priority: Normal Milestone:
Component: ports Version: 1.5.0
Keywords: apache2, ssl, mod_ssl, Leopard Cc: imajes@…, mww@…, andrew@…, mitsu@…, sean@…, jeffadams78@…, tabithamc@…, dp+macports@…, compconsultant@…, wsiegrist@…, weimaraner@…
Port:

Description

After installing a fresh version of MacPorts on Leopard, and installing Apache2, I was unable to get Apache2 to start because of a problem in ssl_module (modules/mod_ssl.so).

Several other people seem to be experiencing the same prob.

to wit: http://www.nabble.com/Apache2-mod_ssl-fails-tf4717982.html

Here's what happens when I try to start Apache2:

Shenandoah:apache2 zcopley$ apache2ctl start
httpd: Syntax error on line 96 of /opt/local/apache2/conf/httpd.conf: Cannot load /opt/local/apache2/modules/mod_ssl.so into server: Symbol not found: _ssl_cmd_SSLCACertificateFile\n  Referenced from: /opt/local/apache2/modules/mod_ssl.so\n  Expected in: flat namespace\n

A temp work-around is simply to comment the LoadModule line out in httpd.conf.

Change History (22)

comment:1 Changed 16 years ago by nox@…

Cc: imajes@… mww@… added
Milestone: Port Bugs
Owner: changed from macports-dev@… to imajes@…
Summary: Apache2 failure to start due to mod_ssl loading problem under OS X 10.5Apache2 failure to start due to mod_ssl loading problem under Mac OS X 10.5 Leopard

I'm adding both apache2 and openssl maintainers to Cc list.

comment:2 Changed 16 years ago by mww@…

Whats is your version of openssl? And did you perhaps upgrade openssl to 0.9.8g AFTER building apache2? (just guessing as there is I have no leopard here yet)

comment:3 Changed 16 years ago by andrew@…

I have the same issue.

My version of openssl is 0.9.8g_0

This happened on a clean Leopard install, so openssl was definitely not upgraded.

comment:4 Changed 16 years ago by mitsu@…

Having the same problem here. In my case, I took a Tiger install, removed nearly all ports, then reinstalled everything from scratch, including openssl, then apache2 (after openssl). The above error occurs when I try to launch apache2.

comment:5 Changed 16 years ago by sean@…

FWIW, I thought apache was built against the leopard-bundled openssl library (which would be missing symbols) and it's not:

sarcasmic:/opt/local/apache2/modules$ otool -L mod_ssl.so 
mod_ssl.so:
	/opt/local/lib/libssl.0.9.8.dylib (compatibility version 0.9.8, current version 0.9.8)
	/opt/local/lib/libcrypto.0.9.8.dylib (compatibility version 0.9.8, current version 0.9.8)
	/usr/lib/libgcc_s.1.dylib (compatibility version 1.0.0, current version 1.0.0)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 111.0.0)

comment:6 Changed 16 years ago by jeffadams78@…

Dunno if this is helpful, but one of the folks who responsed on Nabble got it working:


It works when I remove -export-symbols-regex ssl_module from the libtool --silent --mode=link step of building mod_ssl.so

I did it by finding the commandline that created mod_ssl.la and rerunning that line in the modules/ssl directory but without -export-symbols-regex ssl_module

I spent enough time figuring out what the problem was that I can't afford to spend any more on making the solution clean. Anyone know how to patch the source so that it puts in a better regex that includes the ssl_cmd symbols as well?

comment:7 Changed 16 years ago by jeffadams78@…

Responsed? Man I'm asleep today. That should be "responded."

comment:8 Changed 16 years ago by jeffadams78@…

Another workaround: I tried copying my old mod_ssl.so file from my old port install (I "port upgrade apache2"ed on 10.3.9 about a week ago, before upgrading to 10.5). It worked!

So if you need mod_ssl and can't just comment it out, find an old copy of mod_ssl.so somewhere and see if it works for you.

comment:9 Changed 16 years ago by tabithamc@…

This bug report was initially filed under MacPorts version 1.5.0 but I am adding amendments for:

MacPorts 1.6.0 (fresh copy) running on Mac OS X Server 10.5.1 (Leopard Server) and installation of Apache 2.2.6 (the, as of the time I submitted this information, current version attached to the "apache2" MacPort).

Per Guido Soranzio, mod_ssl.so most definitely can be built as part of the Apache2 installation process against OpenSSL 0.9.8 (tested on my machine with the MacPort "openssl" which installs OpenSSL version 0.9.8g -- not the openssl97 port). The sequence for installing per Guido's suggestions which he has tested on his Leopard-based machine and I have tested independently on my machine running Leopard Server are:

(1) The apache2 port should first be uninstalled

(2) Extract the apache2 source:

# port extract apache2
--->  Fetching apache2
--->  Verifying checksum(s) for apache2
--->  Extracting apache2

(3) Search (recursive grep) where in the source the option "-export-symbols-regex" is defined to confirm the problem that this ticket on Leopard exists:

bash-3.2# grep -r "-export-symbols-regex" /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_www_apache2/
[SNIP]
/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_www_apache2/work/httpd-2.2.6/configure:    test "x$silent" != "xyes" && echo "  setting MOD_SSL_LDADD to \"-export-symbols-regex ssl_module\""
/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_www_apache2/work/httpd-2.2.6/configure:    MOD_SSL_LDADD="-export-symbols-regex ssl_module"
/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_www_apache2/work/httpd-2.2.6/configure:    apr_addto_bugger="-export-symbols-regex ssl_module"
[SNIP]

(4) Manually patch the apache2 Portfile with regard to the configure script in the section specific to Leopard (Darwin 9) by changing:

platform darwin 9 {
        depends_build-append port:gawk
}

to:

platform darwin 9 {
        depends_build-append port:gawk
        post-extract {
                reinplace "s|-export-symbols-regex ssl_module||g" ${worksrcpath}/configure
        }
}

(5) Clean the apache2 port:

# port clean apache2

(6) Build and install the apache2 port:

$ sudo port -v install apache2

Tail of the expected output looks like this —>

--->  Archive apache2-2.2.6_0.powerpc.tgz packaged
--->  Archive for apache2 2.2.6_0 packaged
--->  Installing apache2 2.2.6_0
--->  Activating apache2 2.2.6_0
--->  Cleaning apache2
--->  Removing workpath for apache2

(7) Read object information from mod_ssl with the otool tool, confirming that mod_ssl was built against the MacPort installation of OpneSSL (such as OpenSSL version 0.9.8g):

$ cd /opt/local/apache2/modules
$ otool -L mod_ssl.so

Expect output quite similar to if not the same as —>

mod_ssl.so:
	/opt/local/lib/libssl.0.9.8.dylib (compatibility version 0.9.8, current version 0.9.8)
	/opt/local/lib/libcrypto.0.9.8.dylib (compatibility version 0.9.8, current version 0.9.8)
	/opt/local/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.3)
	/usr/lib/libgcc_s.1.dylib (compatibility version 1.0.0, current version 1.0.0)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 111.0.0)

(8) Run apache2 and expect the once mod_ssl.so error regarding symbols to vanish:

$ /opt/local/apache2/bin/apachectl start

Thank you to Guido especially for his testing this on his Leopard client system which gave me the opportunity to further test on Leopard Server 10.5.1

comment:10 Changed 16 years ago by dp macports@…

I had the same problem, and changing the Portfile as described fixed it. The only necessary step of those posted by tabithamc@… is number 4.

comment:11 Changed 16 years ago by compconsultant@…

I would like to confirm that ONLY doing step 4 also works for me.

comment:12 Changed 16 years ago by wsiegrist@…

comment:13 Changed 16 years ago by weimaraner@…

to build mod_ssl on leopard just be sure to use libtool 1.5.26 and you are good to go.

  • edit /opt/local/var/macports/sources/rsync.macports.org/release/ports/devel/libtool/Portfile

change version to 1.5.26 instead of 25 , change to proper checksums

checksums       md5 aa9c5107f3ec9ef4200eb6556f3b3c29 \
                sha1 4c1738351736562a951a345e24f233d00953ec0a \
                rmd160 4d1d7dd0308b98e8f590723ae5daddb8da49ac11
  • save the file
  • install the new libtool
    $ sudo port install libtool
    
  • copy the new libtool over the apr's
    $ sudo mv /usr/share/apr-1/build-1/libtool /usr/share/apr-1/build-1/libtool.original
    $ sudo ln -s /opt/local/bin/glibtool /usr/share/apr-1/build-1/libtool
    
  • reinstall apache2
    $ sudo port uninstall apache2
    $ sudo port install apache2
    
  • reactivate mod_ssl on your httpd.conf ( i guess you know how to do that )
  • test yar' new apache+mod_ssl
    $ sudo /opt/local/apache2/bin/apachectl start
    

comment:14 Changed 16 years ago by ryandesign (Ryan Carsten Schmidt)

Owner: changed from imajes@… to ryandesign@…

comment:15 Changed 16 years ago by ryandesign (Ryan Carsten Schmidt)

Cc: andrew@… mitsu@… sean@… jeffadams78@… tabithamc@… dp+macports@… compconsultant@… wsiegrist@… weimaraner@… added
Resolution: fixed
Status: newclosed

libtool has been updated to 1.5.26 in r35661 (see #14503) which based on earlier comments in this ticket should resolve this issue. If you find that you're still unable to use mod_ssl.so with apache2 after waiting 12 hours, selfupdating ("sudo port selfupdate"), updating to libtool 1.5.26 ("sudo port upgrade libtool") and rebuilding apache2 ("sudo port -ncuf upgrade apache2"), please reopen this ticket.

comment:16 Changed 16 years ago by peter.portante@…

Resolution: fixed
Status: closedreopened

I installed libtool 1.5.26, and then rebuilt apache2 ...

$ sudo port selfupdate
$ sudo port install libtool
$ sudo port -ncuf upgrade apache2

but the problem of _ssl_cmd_SSLCACertificateFile still missing from mod_ssl.so persisted.

I used the prior work-around, from Step 4 above, editing the apache2 Portfile to remove the -export-symbols-regex and that worked.

$ sudo port installed
The following ports are currently installed:
  apache-ant @1.7.0_0 (active)
  apache2 @2.2.8_0+darwin_9 (active)
  apr @1.2.12_1+darwin_9 (active)
  apr-util @1.2.12_0 (active)
  compface @1.5.2_1 (active)
  db44 @4.4.20_1 (active)
  expat @2.0.1_0 (active)
  freetype @2.3.5_1 (active)
  gawk @3.1.6_0 (active)
  gdbm @1.8.3_1 (active)
  gettext @0.17_3 (active)
  gmake @3.81_0 (active)
  hamcrest-core @1.1_0 (active)
  jpeg @6b_2
  jpeg @6b_2+universal (active)
  junit @4.4_0 (active)
  libiconv @1.12_0
  libiconv @1.12_0+universal (active)
  libpng @1.2.25_0
  libpng @1.2.25_0+universal (active)
  libtool @1.5.26_0 (active)
  ncurses @5.6_0 (active)
  ncursesw @5.6_1 (active)
  neon @0.26.4_0
  neon @0.26.4_1 (active)
  openssl @0.9.8g_0 (active)
  pcre @7.6_0 (active)
  popt @1.13_0 (active)
  readline @5.2.007_0+darwin_9 (active)
  rsync @3.0.0_0 (active)
  sqlite3 @3.5.7_0 (active)
  subversion @1.4.6_0 (active)
  subversion-javahlbindings @1.4.6_0 (active)
  tiff @3.8.2_1+macosx
  tiff @3.8.2_1+macosx+universal (active)
  wget @1.11.1_0 (active)
  wget @1.11_0
  Xaw3d @1.5E_1 (active)
  xemacs @21.4.21_1 (active)
  zlib @1.2.3_1
  zlib @1.2.3_1+universal (active)

comment:17 Changed 16 years ago by ben@…

From the upstream bug it sounds like the apache source contains its own libtool, which is probably still being used. The workaround described in comment 8 of the upstream bug is to symlink the system libtool in place of the internal libtool.

Until apache 2.2.9 is released with an upgraded internal libtool, MacPorts will probably need to use one of the two available workarounds:

  • symlink to an external libtool 1.5.26 or higher, or
  • remove/edit the -export-symbols-regex argument. (The upstream bug also contains a functional edit of the argument, so it wouldn't necessarily need to be removed entirely.)

comment:18 Changed 16 years ago by dave@…

On 10.5.2 with an up-to-date version of Macports, I receive the OP's error even after symlinking to libtool 1.5.26. I have not tried unarchiving the port and hand-compiling (which is what comment 8 of the upstream bug seems to require).

comment:19 in reply to:  9 Changed 16 years ago by dave@…

Again confirming that the steps in comment 9 removes the error.

comment:20 Changed 16 years ago by gui-dos (Guido Soranzio)

Resolution: fixed
Status: reopenedclosed

Workaround committed in r36618.

comment:21 Changed 16 years ago by ryandesign (Ryan Carsten Schmidt)

I incremented the port's revision in r36636 so everyone gets the fix.

comment:22 Changed 15 years ago by (none)

Milestone: Port Bugs

Milestone Port Bugs deleted

Note: See TracTickets for help on using tickets.