Building win64 openssl static library with no-ssl3 option fails on 1.0.1j

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Building win64 openssl static library with no-ssl3 option fails on 1.0.1j

Arthur Ramsey
Hello,

I want to disable SSLv3 for a tomcat / tcnative deployment on Windows.  Tomcat lacks the ability to disable SSLv3 while retaining TLSv1.1 and TLSv1.2, so I'm attempting to disable SSLv3 at build time with no-ssl3.  This was successful on Linux, but not on Windows.  I was able to build on Windows with the following procedure.
  1. Install Strawbery perl
  2. Open Visual Studio x64 Cross Tools Command prompt
    %comspec% /k "C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\vcvarsall.bat" x86_amd64
  3. Change to the directory containing openssl sources
    cd C:\openssl-1.0.1j
  4. Configure the openssl build
    perl Configure VC-WIN64A no-ssl2
  5. Prepare the target environment
    ms\do_win64a
  6. Clean up previous compliation
    nmake -f ms\nt.mak clean
  7. Build
    nmake -f ms\nt.mak
  8. Test the build
    nmake -f ms\nt.mak test

Once I add the no-ssl3 option, compilation of the 64-bit static library fails with the following.

Building OpenSSL
        lib /nologo /out:out32\ssleay32.lib @C:\Users\arthurr\AppData\Local\Temp\nm96B5.tmp
        link /nologo /subsystem:console /opt:ref /debug /out:out32\constant_time_test.exe @C:\Users\arthurr\AppData\Local\Temp\nm96D5.tmp
LINK : fatal error LNK1181: cannot open input file 'out32\ssleay32.lib'
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\x86_amd64\link.EXE"' : return code '0x49d'
Stop.

I see there was a fix for no-ssl3 in 1.0.1j, but it may still be an issue with Windows builds?  The error isn't descriptive, but perhaps a openssl-dev could try reproducing the issue.  I feel pretty confident this a issue with the build scripts for Windows.  I initially tried the openssl-users list, but didn't get any responses.
-- 
Arthur Ramsey
Systems Administrator
Mediture
[hidden email]
952.400.0323

This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: Building win64 openssl static library with no-ssl3 option fails on 1.0.1j

Tim Hudson
On 18/10/2014 3:07 AM, Arthur Ramsey wrote:

> Hello,
>
> I want to disable SSLv3 for a tomcat / tcnative deployment on
> Windows.  Tomcat lacks the ability to disable SSLv3 while retaining
> TLSv1.1 and TLSv1.2, so I'm attempting to disable SSLv3 at build time
> with no-ssl3.  This was successful on Linux, but not on Windows.  I
> was able to build on Windows with the following procedure.
>
> 1.
>     Install Strawbery perl
> 2.
>     Open Visual Studio x64 Cross Tools Command prompt
>     %comspec% /k "C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\vcvarsall.bat" x86_amd64
> 3.
>     Change to the directory containing openssl sources
>     cd C:\openssl-1.0.1j
> 4.
>     Configure the openssl build
>     perl Configure VC-WIN64A no-ssl2
> 5.
>     Prepare the target environment
>     ms\do_win64a
> 6.
>     Clean up previous compliation
>     nmake -f ms\nt.mak clean
> 7.
>     Build
>     nmake -f ms\nt.mak
> 8.
>     Test the build
>     nmake -f ms\nt.mak test
>
> Once I add the no-ssl3 option, compilation of the 64-bit static
> library fails with the following.
>
> Building OpenSSL
>         lib /nologo /out:out32\ssleay32.lib @C:\Users\arthurr\AppData\Local\Temp\nm96B5.tmp
>         link /nologo /subsystem:console /opt:ref /debug /out:out32\constant_time_test.exe @C:\Users\arthurr\AppData\Local\Temp\nm96D5.tmp
> LINK : fatal error LNK1181: cannot open input file 'out32\ssleay32.lib'
> NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\x86_amd64\link.EXE"' : return code '0x49d'
> Stop.
>
> I see there was a fix for no-ssl3 in 1.0.1j, but it may still be an
> issue with Windows builds?  The error isn't descriptive, but perhaps a
> openssl-dev could try reproducing the issue.  I feel pretty confident
> this a issue with the build scripts for Windows.  I initially tried
> the openssl-users list, but didn't get any responses.

Thanks for the detailed bug report!
Applying this temporary patch to util/mk1mf.pl will resolve this issue.

Tim.

diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index f0c2df0..4d2bbb2 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -671,11 +671,11 @@ foreach (values %lib_nam)
        $lib_obj=$lib_obj{$_};
        local($slib)=$shlib;

-       if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
-               {
-               $rules.="\$(O_SSL):\n\n";
-               next;
-               }
+#      if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
+#              {
+#              $rules.="\$(O_SSL):\n\n";
+#              next;
+#              }

        $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
        $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:"
\$(LIB_CFLAGS)";



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Building win64 openssl static library with no-ssl3 option fails on 1.0.1j

Arthur Ramsey
Tim,

That patch worked.  I also created a ticket, #3573, which I believe can
be closed.

Thanks,
Arthur

On 10/19/2014 7:56 PM, Tim Hudson wrote:

> On 18/10/2014 3:07 AM, Arthur Ramsey wrote:
>> Hello,
>>
>> I want to disable SSLv3 for a tomcat / tcnative deployment on
>> Windows.  Tomcat lacks the ability to disable SSLv3 while retaining
>> TLSv1.1 and TLSv1.2, so I'm attempting to disable SSLv3 at build time
>> with no-ssl3.  This was successful on Linux, but not on Windows.  I
>> was able to build on Windows with the following procedure.
>>
>> 1.
>>      Install Strawbery perl
>> 2.
>>      Open Visual Studio x64 Cross Tools Command prompt
>>      %comspec% /k "C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\vcvarsall.bat" x86_amd64
>> 3.
>>      Change to the directory containing openssl sources
>>      cd C:\openssl-1.0.1j
>> 4.
>>      Configure the openssl build
>>      perl Configure VC-WIN64A no-ssl2
>> 5.
>>      Prepare the target environment
>>      ms\do_win64a
>> 6.
>>      Clean up previous compliation
>>      nmake -f ms\nt.mak clean
>> 7.
>>      Build
>>      nmake -f ms\nt.mak
>> 8.
>>      Test the build
>>      nmake -f ms\nt.mak test
>>
>> Once I add the no-ssl3 option, compilation of the 64-bit static
>> library fails with the following.
>>
>> Building OpenSSL
>>          lib /nologo /out:out32\ssleay32.lib @C:\Users\arthurr\AppData\Local\Temp\nm96B5.tmp
>>          link /nologo /subsystem:console /opt:ref /debug /out:out32\constant_time_test.exe @C:\Users\arthurr\AppData\Local\Temp\nm96D5.tmp
>> LINK : fatal error LNK1181: cannot open input file 'out32\ssleay32.lib'
>> NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\x86_amd64\link.EXE"' : return code '0x49d'
>> Stop.
>>
>> I see there was a fix for no-ssl3 in 1.0.1j, but it may still be an
>> issue with Windows builds?  The error isn't descriptive, but perhaps a
>> openssl-dev could try reproducing the issue.  I feel pretty confident
>> this a issue with the build scripts for Windows.  I initially tried
>> the openssl-users list, but didn't get any responses.
> Thanks for the detailed bug report!
> Applying this temporary patch to util/mk1mf.pl will resolve this issue.
>
> Tim.
>
> diff --git a/util/mk1mf.pl b/util/mk1mf.pl
> index f0c2df0..4d2bbb2 100755
> --- a/util/mk1mf.pl
> +++ b/util/mk1mf.pl
> @@ -671,11 +671,11 @@ foreach (values %lib_nam)
>          $lib_obj=$lib_obj{$_};
>          local($slib)=$shlib;
>
> -       if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
> -               {
> -               $rules.="\$(O_SSL):\n\n";
> -               next;
> -               }
> +#      if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
> +#              {
> +#              $rules.="\$(O_SSL):\n\n";
> +#              next;
> +#              }
>
>          $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
>          $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:"
> \$(LIB_CFLAGS)";
>
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [hidden email]
> Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]