# Apache-2.0.55-r1 can't load mod_ssl.so

## tnt

when I try to start apache I get:

```
titan ssl # /etc/init.d/apache2 restart

 * Apache2 has detected a syntax error in your configuration files:

Syntax error on line 3 of /etc/apache2/modules.d/40_mod_ssl.conf:

Cannot load /usr/lib64/apache2/modules/mod_ssl.so into server: /usr/lib64/apache2/modules/mod_ssl.so: undefined symbol: X509_free
```

and apache is compiled with ssl USE flag:

```
titan ssl # emerge -pv apache

These are the packages that I would merge, in order:

Calculating dependencies ...done!

[ebuild   R   ] net-www/apache-2.0.55-r1  +apache2 -debug -doc -ldap -mpm-leader -mpm-peruser -mpm-prefork -mpm-threadpool -mpm-worker -no-suexec (-selinux) +ssl -static-modules +threads 4,684 kB

Total size of downloads: 4,684 kB

titan ssl #
```

I have mod_ssl.so, too:

```
titan ssl # ls -lha /usr/lib64/apache2/modules/mod_ssl.so

-rwxr-xr-x 1 root root 183K Jan 20 14:47 /usr/lib64/apache2/modules/mod_ssl.so

titan ssl #
```

any ideas?

----------

## Janne Pikkarainen

A message about X509 maybe a clue about some problems with Kerberos or OpenLDAP. Have you tried to re-emerge openssl and/or it's possible dependencies, such as mit-krb5?

----------

## tnt

I'm not using kerberos anywhere and I've re-emerged openssl.

Use flags are:

```
emerge -pv openssl

These are the packages that I would merge, in order:

Calculating dependencies ...done!

[ebuild   R   ] dev-libs/openssl-0.9.7i  -bindist -emacs -test +zlib 0 kB

Total size of downloads: 0 kB

```

----------

## Janne Pikkarainen

Already tried to re-emerge zlib? Apache? Somehow this is now about some dependency what Apache or some of its dependencies needs.

----------

## tnt

tried that:

```
/etc/init.d/apache2 start

 * Re-caching dependency info (mtimes differ)...

 * Re-caching dependency info (mtimes differ)...

 * Re-caching dependency info (mtimes differ)...

 * Re-caching dependency info (mtimes differ)...

 * Apache2 has detected a syntax error in your configuration files:

Syntax error on line 3 of /etc/apache2/modules.d/40_mod_ssl.conf:

Cannot load /usr/lib64/apache2/modules/mod_ssl.so into server: /usr/lib64/apache2/modules/mod_ssl.so: undefined symbol: X509_free

```

same error  :Sad: 

the most interesting thing is that mod_ssl.so is there but it lacks X509_free symbol/algorithm/crypting

and I have no idea how to provide that X509_free to mod_ssl.so 

 :Crying or Very sad: 

----------

## Janne Pikkarainen

Ok. One thing that comes to my mind is that your Apache 2 seems to be configured to use threads with threads USE flag. Is there a real need for threads? Could you use traditional version with mpm-prefork for a while? At least for making sure that this isn't the reason for fubared SSL?

Please remember to recompile PHP or whatever dependencies your Apache might have after removing threads flag.

----------

## tnt

I've found this

http://www.mail-archive.com/modssl-users@modssl.org/msg14344.html

```

Re: undefined symbol: X509_free

Cliff Woolley

Sat, 15 Jun 2002 08:08:18 -0700

On Sat, 15 Jun 2002, Zac Hillier wrote:

> Just recently, eventually got apache 2.0.36 installed with mod_ssl.

> Now when I try to start apache with:

> httpd -D SSL

> I get an error:

>

> Cannot load modules/mod_ssl.so into server : modules/mod_ssl.so:  undefined

> symbol : X509_free

That's a still-outstanding bug in the Apache build process (a linking

problem, specifically).  It's triggered when you build a shared mod_ssl

against a static OpenSSL.  The workaround is to make them match -- I

recommend installing the shared version of OpenSSL (eg, /usr/lib/libssl.so

and /usr/lib/libcrypto.so instead of /usr/lib/libssl.a and

/usr/lib/libcrypto.a... see the mod_ssl install docs for how to accomplish

this), and then recompile mod_ssl.

What's happened in your case right now is that for some reason we're

linking OpenSSL into the httpd binary rather than into the mod_ssl DSO,

and the static linker is therefore throwing away all the symbols we need

because httpd itself doesn't use them.  When we go to dynamically link in

mod_ssl later, OpenSSL's symbols aren't there for us.

--Cliff

----------

## tnt

I already have all of them:

/usr/lib/libssl.so

/usr/lib/libcrypto.so

/usr/lib/libssl.a

/usr/lib/libcrypto.a

 :Sad: 

----------

## tnt

 *Janne Pikkarainen wrote:*   

> Ok. One thing that comes to my mind is that your Apache 2 seems to be configured to use threads with threads USE flag. Is there a real need for threads? Could you use traditional version with mpm-prefork for a while? At least for making sure that this isn't the reason for fubared SSL?
> 
> Please remember to recompile PHP or whatever dependencies your Apache might have after removing threads flag.

 

didn't help:

```
titan ~ # /etc/init.d/apache2 start

 * Re-caching dependency info (mtimes differ)...

 * Re-caching dependency info (mtimes differ)...

 * Re-caching dependency info (mtimes differ)...

 * Re-caching dependency info (mtimes differ)...

 * Apache2 has detected a syntax error in your configuration files:

Syntax error on line 3 of /etc/apache2/modules.d/40_mod_ssl.conf:

Cannot load /usr/lib64/apache2/modules/mod_ssl.so into server: /usr/lib64/apache2/modules/mod_ssl.so: undefined symbol: X509_free

titan ~ # emerge -pv apache

These are the packages that I would merge, in order:

Calculating dependencies ...done!

[ebuild   R   ] net-www/apache-2.0.58  +apache2 -debug -doc -ldap -mpm-leader -mpm-peruser -mpm-prefork* -mpm-threadpool -mpm-worker -no-suexec (-selinux) +ssl -static-modules +threads* 0 kB

Total size of downloads: 0 kB

titan ~ #
```

as you can see, apache is now compiled with 'mpm-prefork' and '-threads' (those use flags have * behind them) but I still have same SSL-related error.

I've tried to install newer (test) version of openssl - 0.9.7j - but I've got the same error.

 :Sad: 

----------

## Janne Pikkarainen

So let's have an another shot into dark: do have you your own ssl keys generated? If so, try to regenerate them or check their permissions?

----------

## tnt

yes, I have... but I think it's more OpenSSL-linking-related:

 *Quote:*   

> It's triggered when you build a shared mod_ssl
> 
> against a static OpenSSL.

 

----------

