# Trouble emerging openssh because of openssl headers - Solved

## Featherfoot

I am attempting to rebuild my system after a severe corruption. 

My latest trouble involves attempting to emerge openssh. It is aborting on the date check in the openssl headers. 

```

hecking whether OpenSSL's headers match the library... no

configure: error: Your OpenSSL headers do not match your

library. Check config.log for details.

If you are sure your installation is consistent, you can disable the check

by running "./configure --without-openssl-header-check".

Also see contrib/findssl.sh for help identifying header/library mismatches.

!!! Please attach the following file when seeking support:

!!! /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/config.log

 * 

 * ERROR: net-misc/openssh-5.2_p1-r1 failed.

 * Call stack:

 *               ebuild.sh, line   49:  Called src_compile

 *             environment, line 3228:  Called econf '--with-ldflags=-Wl,-O1' '--disable-strip' '--sysconfdir=/etc/ssh' '--libexecdir=/usr/lib64/misc' '--datadir=/usr/share/openssh' '--with-privsep-path=/var/empty' '--with-privsep-user=sshd' '--with-md5-passwords' '--with-ssl-engine' '--without-kerberos5' '--without-libedit' '--without-selinux' '--without-skey' '--without-opensc' '--with-tcp-wrappers' '--with-pam'

 *               ebuild.sh, line  534:  Called die

 * The specific snippet of code:

 *            die "econf failed"

 *  The die message:

 *   econf failed

 * 

 * If you need support, post the topmost build error, and the call stack if relevant.

 * A complete build log is located at '/var/tmp/portage/net-misc/openssh-5.2_p1-r1/temp/build.log'.

 * The ebuild environment file is located at '/var/tmp/portage/net-misc/openssh-5.2_p1-r1/temp/environment'.

 * 

>>> Failed to emerge net-misc/openssh-5.2_p1-r1, Log file:

>>>  '/var/tmp/portage/net-misc/openssh-5.2_p1-r1/temp/build.log'

 * Messages for package net-misc/openssh-5.2_p1-r1:

 * 

 * ERROR: net-misc/openssh-5.2_p1-r1 failed.

 * Call stack:

 *               ebuild.sh, line   49:  Called src_compile

 *             environment, line 3228:  Called econf '--with-ldflags=-Wl,-O1' '--disable-strip' '--sysconfdir=/etc/ssh' '--libexecdir=/usr/lib64/misc' '--datadir=/usr/share/openssh' '--with-privsep-path=/var/empty' '--with-privsep-user=sshd' '--with-md5-passwords' '--with-ssl-engine' '--without-kerberos5' '--without-libedit' '--without-selinux' '--without-skey' '--without-opensc' '--with-tcp-wrappers' '--with-pam'

 *               ebuild.sh, line  534:  Called die

 * The specific snippet of code:

 *            die "econf failed"

 *  The die message:

 *   econf failed

 * 

 * If you need support, post the topmost build error, and the call stack if relevant.

 * A complete build log is located at '/var/tmp/portage/net-misc/openssh-5.2_p1-r1/temp/build.log'.

 * The ebuild environment file is located at '/var/tmp/portage/net-misc/openssh-5.2_p1-r1/temp/environment'.

 * 

 * GNU info directory index is up-to-date.

```

The forums discussed using eix to locate multiple installations, but I did not find any. I concede that these headers must be somewhere,  because of my system corruption, but I don't know how or where to get rid of them. 

Can anybody provide any insight on how to clear this problem, even manually?

Thank you.Last edited by Featherfoot on Fri Jul 31, 2009 2:18 am; edited 1 time in total

----------

## tony-curtis

this will be fast

```
locate ssl.h
```

this will take a while, but does check everywhere...

```
find / -name ssl.h
```

----------

## Featherfoot

Thank you.

I eventually did a search on all files with ssl in them after unmerging openssl. I deleted everything that looked to be a candidate. I only saw one copy of ssl.h.

Then I emerged openssl and openssh again with the same problem.

I eventually got the ebuild, added the option in the comments, "--without-openssl-header-check". I then rebuilt the digest. This worked and I am making progress again. 

It still bothers me that nobody else has this problem because I was pretty sure that I deleted all the openssl  header files. We will see.

----------

## tony-curtis

do

```
ssh -V
```

and

```
ldd /usr/bin/ssh
```

show Secure Shell linked against the expected version of OpenSSL?

----------

## Featherfoot

bopper openssh # ssh -v

OpenSSH_5.2p1, OpenSSL 0.9.8g 19 Oct 2007

usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]

           [-D [bind_address:]port] [-e escape_char] [-F configfile]

           [-i identity_file] [-L [bind_address:]port:host:hostport]

           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]

           [-R [bind_address:]port:host:hostport] [-S ctl_path]

           [-w local_tun[:remote_tun]] [user@]hostname [command]

bopper openssh # ldd /usr/bin/ssh

	linux-vdso.so.1 =>  (0x00007fff2dd17000)

	libssl.so.0.9.8 => /lib/libssl.so.0.9.8 (0x00007fcbffaff000)

	libcrypto.so.0.9.8 => /lib/libcrypto.so.0.9.8 (0x00007fcbff776000)

	libdl.so.2 => /lib/libdl.so.2 (0x00007fcbff572000)

	libutil.so.1 => /lib/libutil.so.1 (0x00007fcbff36f000)

	libz.so.1 => /lib/libz.so.1 (0x00007fcbff157000)

	libnsl.so.1 => /lib/libnsl.so.1 (0x00007fcbfef3d000)

	libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007fcbfed05000)

	libresolv.so.2 => /lib/libresolv.so.2 (0x00007fcbfeaed000)

	libc.so.6 => /lib/libc.so.6 (0x00007fcbfe77b000)

	/lib64/ld-linux-x86-64.so.2 (0x00007fcbffd4e000)

bopper openssh #

----------

## tony-curtis

> OpenSSH_5.2p1, OpenSSL 0.9.8g 19 Oct 2007 

looks like rather an old version of SSL.  I have

```
$ ssh -V

OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
```

and libssl.so is in /usr/lib, not /lib:

```
ldd /usr/bin/ssh | grep libssl

libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007f1c59683000)
```

That might be your issue here: a rogue SSL installed with prefix /

Also, do you have LD_LIBRARY_PATH set to anything?

----------

## tony-curtis

 *Quote:*   

> It is aborting on the date check in the openssl headers.

 

```
Checking whether OpenSSL's headers match the library... no

configure: error: Your OpenSSL headers do not match your

library. Check config.log for details. 
```

I knew something you wrote made my left eyebrow raise in a Spock-like manner.

No, it's telling you that it found an ssl.h but the version number encoded in that header doesn't match up with the libssl.so library it also found.

I think it found /usr/include/openssl/ssl.h from what you emerged, but then barfed at the "other" OpenSSL whose library is in /lib because they don't match.  Get rid of the /lib ssl/crypto .so* files (or even safer: get the 0.9.8g source code, ./configure --prefix=/ and then make uninstall) and re-emerge openssl.  Take a look in / to see if there are more bits of 0.9.8g lying around...

Then try again with openssh.Last edited by tony-curtis on Fri Jul 31, 2009 3:29 am; edited 4 times in total

----------

## Featherfoot

Version 0.98k of openssl seems to be the released version according to what I downloaded yesterday and today...

LD_LIBRARY_PATH is not set.

----------

