OpenSSL header does not match current version when compiling

Question

When trying to compile freeRADIUS server 2.2.3, I've gotten the following error message:

checking for OpenSSL version >= 0.9.7... yes
checking OpenSSL library and header version consistency... library: 90819f header: 90812f... no
configure: error: in `/Users/tyrexionibus/Downloads/freeradius-server-2.2.3':
configure: error: OpenSSL library version does not match header version

Actually, the openSSL version is:

tyrexionibus$ openssl version
OpenSSL 1.0.1f 6 Jan 2014

And the header, located in /usr/include/openssl/opensslv.h contains:

#define OPENSSL_VERSION_NUMBER 0x0090819fL

Editing it doesn't solve the issue.

How do I solve this?

Answer 1

try to remove libssl-dev and install libssl1.0-dev

1. sudo apt remove libssl-dev
2. sudo apt install libssl1.0-dev

That worked for me

Answer 2

The problem is that often the compiler and linker search paths aren't consistent.

By default (unless modified with -isystem or -I) the GCC search path is:

• /usr/local/include
• libdir/gcc/target/version/include
• /usr/target/include
• /usr/include

By default (unless modified with -L) Apple's linker's search path is:

• /usr/lib
• /usr/local/lib

and by default (at least with 2.23.52.20130913 on Ubuntu 13.04) (unless modified with -L) the GNU linker's search path is:

• /usr/local/lib:
• /lib/x86_64-linux-gnu:
• /usr/lib/x86_64-linux-gnu:
• /usr/lib/x86_64-linux-gnu/mesa:
• /lib:
• /usr/lib:

The linker and the compiler may pick up completely different versions of the library's headers and binaries when multiple versions are installed on the system. The compiler may then emit code which is incompatible with the library's ABI, with undefined and usually undesirable behaviour. This is why the check was added.

To ensure consistency you should pass the --with-openssl-includes= and --with-openssl-libraries= flags to the configure script. These directories will then be searched first by the compiler and linker.

./configure --with-openssl-includes=/usr/include --with-openssl-libraries=/usr/lib

will result in the bundled or packaged OpenSSL libraries/headers being used on most systems.

Another option is to set LD_LIBRARY_PATH at configure time, though you'll also need to set this in your init scripts, else the runtime version check (yes, we were thorough) will fail.

Answer 3

In OSX 10.10 (Yosemite), I have to custom install openssl using brew.

$ brew update
$ brew install openssl
$ brew link --force openssl

Verify the version.

$ openssl version
OpenSSL 1.0.2 22 Jan 2015

I can see which library it is linked to.

$ otool -L /usr/local/bin/openssl
/usr/local/bin/openssl:
    /usr/local/Cellar/openssl/1.0.2/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
    /usr/local/Cellar/openssl/1.0.2/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1213.0.0)

In my configure script I can then specify the OpenSSL path.

$ ./configure --with-ssl-dir=/usr/local/Cellar/openssl/1.0.2

Answer 4

You should probably check config.log generated by configure (in the same folder): it seems like you have at least 2 or even 3 versions of OpenSSL: 0.9.8r, 0.9.8y and 1.0.1f.

Explanation:

1) OPENSSL_VERSION_NUMBER = 0x0090819f in /usr/include/openssl/opensslv.h means 0.9.8y is installed into /usr;

2) output of command openssl version suggests that you have 1.0.1f somewhere in your PATH, but 1.0.1f defines OPENSSL_VERSION_NUMBER as 0x1000106fL, not 0x0090819f, so it's a different copy from the 1) above.

tyrexionibus$ openssl version
OpenSSL 1.0.1f 6 Jan 2014

3) 90812f in the output of configure means 0.9.8r.

You may also find an OpenSSL version matrix useful to match version numbers in hex (from opensslv.h) with human-readable version strings.