[stunnel-users] build static stunnel with openssl

• Previous message (by thread): [stunnel-users] build static stunnel with openssl
• Next message (by thread): [stunnel-users] build static stunnel with openssl
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks, Eric

But I did not put it on /usr/local/opensl or /usr/local/stunnel


Below is my configuration log


[root at Stunnel-Fedora stunnel-5.49]# ./configure  --enable-static
--with-ssl=/root/stunnel/openssl-1.1.0i
configure: **************************************** initialization
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking whether make sets $(MAKE)... (cached) yes
checking whether make supports nested variables... (cached) yes
configure: **************************************** thread model
checking for a sed that does not truncate output... /usr/bin/sed
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking whether gcc is Clang... no
checking whether pthreads work with -pthread... yes
checking for joinable pthread attribute... PTHREAD_CREATE_JOINABLE
checking whether more special flags are required for pthreads... no
checking for PTHREAD_PRIO_INHERIT... yes
configure: PTHREAD thread model detected
configure: **************************************** compiler/linker flags
checking whether C compiler accepts -Wall... yes
checking whether C compiler accepts -Wextra... yes
checking whether C compiler accepts -Wpedantic... yes
checking whether C compiler accepts -Wformat=2... yes
checking whether C compiler accepts -Wconversion... yes
checking whether C compiler accepts -Wno-long-long... yes
checking whether C compiler accepts -Wno-deprecated-declarations... yes
checking whether C compiler accepts -fPIE... yes
checking whether C compiler accepts -fstack-protector... yes
checking whether the linker accepts -fPIE... yes
checking whether the linker accepts -pie... yes
checking whether the linker accepts -Wl,-z,relro... yes
checking whether the linker accepts -Wl,-z,now... yes
checking whether the linker accepts -Wl,-z,noexecstack... yes
checking whether C compiler accepts -D_FORTIFY_SOURCE=2... yes
configure: **************************************** libtool
checking how to print strings... printf
checking for a sed that does not truncate output... (cached) /usr/bin/sed
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking how to convert i686-pc-linux-gnu file names to i686-pc-linux-gnu
format... func_convert_file_noop
checking how to convert i686-pc-linux-gnu file names to toolchain format...
func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /usr/bin/dd
checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1
checking for mt... no
checking if : is a manifest tool... no
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld) supports shared libraries...
yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
configure: **************************************** types
checking for int8_t... yes
checking for int16_t... yes
checking for int32_t... yes
checking for int64_t... yes
checking for uint8_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking for size_t... yes
checking for ssize_t... yes
checking for uid_t in sys/types.h... yes
checking for socklen_t... yes
checking for struct sockaddr_un... yes
checking for struct addrinfo... yes
configure: **************************************** PTY device files
checking for "/dev/ptmx"... yes
checking for "/dev/ptc"... no
configure: **************************************** entropy sources
checking for "/dev/urandom"... yes
configure: **************************************** default group
checking for default group... nobody
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... 64
configure: **************************************** header files
checking for stdint.h... (cached) yes
checking for inttypes.h... (cached) yes
checking malloc.h usability... yes
checking malloc.h presence... yes
checking for malloc.h... yes
checking ucontext.h usability... yes
checking ucontext.h presence... yes
checking for ucontext.h... yes
checking pthread.h usability... yes
checking pthread.h presence... yes
checking for pthread.h... yes
checking poll.h usability... yes
checking poll.h presence... yes
checking for poll.h... yes
checking tcpd.h usability... no
checking tcpd.h presence... no
checking for tcpd.h... no
checking stropts.h usability... no
checking stropts.h presence... no
checking for stropts.h... no
checking grp.h usability... yes
checking grp.h presence... yes
checking for grp.h... yes
checking for unistd.h... (cached) yes
checking util.h usability... no
checking util.h presence... no
checking for util.h... no
checking libutil.h usability... no
checking libutil.h presence... no
checking for libutil.h... no
checking pty.h usability... yes
checking pty.h presence... yes
checking for pty.h... yes
checking limits.h usability... yes
checking limits.h presence... yes
checking for limits.h... yes
checking for sys/types.h... (cached) yes
checking sys/select.h usability... yes
checking sys/select.h presence... yes
checking for sys/select.h... yes
checking sys/poll.h usability... yes
checking sys/poll.h presence... yes
checking for sys/poll.h... yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking sys/un.h usability... yes
checking sys/un.h presence... yes
checking for sys/un.h... yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking sys/filio.h usability... no
checking sys/filio.h presence... no
checking for sys/filio.h... no
checking sys/resource.h usability... yes
checking sys/resource.h presence... yes
checking for sys/resource.h... yes
checking sys/uio.h usability... yes
checking sys/uio.h presence... yes
checking for sys/uio.h... yes
checking sys/syscall.h usability... yes
checking sys/syscall.h presence... yes
checking for sys/syscall.h... yes
checking linux/sched.h usability... yes
checking linux/sched.h presence... yes
checking for linux/sched.h... yes
checking for struct msghdr.msg_control... yes
checking for linux/netfilter_ipv4.h... yes
configure: **************************************** libraries
checking for library containing gethostbyname... none required
checking for library containing yp_get_default_domain... -lnsl
checking for library containing socket... none required
checking for library containing openpty... -lutil
checking for library containing dlopen... -ldl
checking for library containing shl_load... no
configure: **************************************** library functions
checking for snprintf... yes
checking for vsnprintf... yes
checking for openpty... yes
checking for _getpty... no
checking for daemon... yes
checking for waitpid... yes
checking for wait4... yes
checking for setsid... yes
checking for setgroups... yes
checking for chroot... yes
checking for realpath... yes
checking for sysconf... yes
checking for getrlimit... yes
checking for pthread_sigmask... yes
checking for localtime_r... yes
checking for getcontext... yes
checking for __makecontext_v2... no
checking for poll... yes
checking for gethostbyname2... yes
checking for endhostent... yes
checking for getnameinfo... yes
checking for getaddrinfo... yes
checking for broken poll() implementation... no
checking for pipe2... yes
checking for accept4... yes
configure: **************************************** optional features
checking whether to enable IPv6 support... yes (default)
checking whether to enable FIPS support... autodetecting
checking whether to enable systemd socket activation support...
autodetecting
checking for library containing sd_listen_fds... no
configure: systemd library not found
checking whether to enable TCP wrappers support... autodetecting
checking for hosts_access in -lwrap... no
configure: libwrap library not found
configure: **************************************** TLS
checking for compiler sysroot... /
checking for TLS directory... /root/stunnel/openssl-1.1.0i
checking for FIPS_mode_set... yes
configure: FIPS support enabled
configure: **************************************** write the results
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating doc/Makefile
config.status: creating tools/Makefile
config.status: creating tests/Makefile
config.status: creating tests/certs/Makefile
config.status: creating src/config.h
config.status: src/config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands
configure: **************************************** success



I tested on ubuntu14.04, 16.04   64bit and fedora 32bit,  all of them are
them are not include opennssl.


Eric Eberhard <flash at vicsmba.com> 於 2018年10月6日 週六 上午8:41寫道：

> Make openssl and stunnel static.  That is what I do and I consider it MUCH
> smarter than dynamic.  I got tired of getting support calls because stunnel
> stopped working because the user installed a new openssl.  Static will
> always work.
>
>
>
> Another piece of advice – do NOT put it on /usr/local/opensl or
> /usr/local/stunnel (or whatever the defaults are).  Before building make
> your OWN directories.  Our short name for our product is “met” so we use
> /usr/local/met/obj and /usr/local/met/bin for the object and binary files,
> respectively.  This ensures nobody will install over you.
>
>
>
> This is also a real security issue mostly ignored.  Most people have heard
> of SQL injection (where SQL is modified to do what the developer never
> intended).  However, DLL injection (e.g. dynamic library injection) is a
> real problem.  I could easily install an openssl DLL that does exactly what
> it should do … and sends the same data in clear text (or with my own
> encryption) to my machine.  A thief could simply install one dynamic
> library and then OWN your data.
>
>
>
> E
>
>
>
> *From:* stunnel-users [mailto:stunnel-users-bounces at stunnel.org] *On
> Behalf Of *White Little
> *Sent:* Sunday, September 30, 2018 11:33 PM
> *To:* stunnel-users at stunnel.org
> *Subject:* [stunnel-users] build static stunnel with openssl
>
>
>
> Hi All
>
>
>
> I try to build a static (portable) stunnel that contain opensll.
>
>
>
> I know there are some similar questions long ago, but I still fail on how
> to build it.
>
>
>
> I try to link the stunnel to latest openssl,  so I download
> the openssl-1.0.2p and make it.
>
>
>
> And then I type  *./configure
> --enable-static --with-ssl= openssl-1.0.2p_dir*
>
>
>
> And typing  make,  I found there is a stunnel binary under /src folder,
> but it still not include the openssl.
>
>
>
> Do I miss something that I did not notice?
>
>
>
> Thanks
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20181008/23491ce7/attachment.html>

• Previous message (by thread): [stunnel-users] build static stunnel with openssl
• Next message (by thread): [stunnel-users] build static stunnel with openssl
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]