You need to build OpenLDAP against the OpenSSL in use (this is also true of curl for mod_md.) Every bit including APR-util are all going to need to agree on the flavor of OpenSSL in use.



On Fri, May 3, 2019, 14:12 ken edward <kedward777@gmail.com> wrote:
Hello,

I successfully built a FIPS openssl based mod_ssl for Apache 2.4.39.
Everything works great via SSL when I boot Apache, EXCEPT when I then
turn on mod_ldap/mod_authnz_ldap, THEN I get the below openssl library
version mismatch. The SSL will still work, but it display the below
warning.

I tried to rebuild apr-util with openssl  +ldap and integrate with the
apache build but same issues... any ideas???


LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule ldap_module modules/mod_ldap.so

[Fri May 03 14:59:56.611785 2019] [ssl:warn] [pid 5119] AH01882: Init:
this version of mod_ssl was compiled against a newer library (OpenSSL
1.0.2r  26 Feb 2019, version currently loaded is OpenSSL 1.0.0-fips 29
Mar 2010) - may result in undefined or
 erroneous behavior
[Fri May 03 14:59:56.661788 2019] [ssl:notice] [pid 5119] AH01884:
Operating in SSL FIPS mode
[Fri May 03 14:59:56.690429 2019] [ssl:warn] [pid 5120] AH01882: Init:
this version of mod_ssl was compiled against a newer library (OpenSSL
1.0.2r  26 Feb 2019, version currently loaded is OpenSSL 1.0.0-fips 29
Mar 2010) - may result in undefined or
 erroneous behavior
[Fri May 03 14:59:56.739818 2019] [ssl:notice] [pid 5120] AH01884:
Operating in SSL FIPS mode
[Fri May 03 14:59:56.744802 2019] [mpm_prefork:notice] [pid 5120]
AH00163: Apache/2.4.39 (Unix) OpenSSL/1.0.0-fips configured --
resuming normal operations


BUILT APR-UTIL:
./configure -prefix=/u01/tomcat/scm2/apr-util-1.6.1
--with-apr=/u01/tomcat/scm2/apr-1.6.5 --with-ldap --with-crypto
--with-openssl=/u01/tomcat/scm2/openssl-1.0.2r
LDFLAGS=-L/u01/tomcat/scm2/openssl-fips-2.0.16/lib
-L/u01/tomcat/scm2/openssl-1.0.2
r/lib

BUILT httpd apache 2.4.39
./configure --prefix=/u01/tomcat/scm2/apache2.4.39kerb2
--with-ssl=/u01/tomcat/scm2/openssl-1.0.2r --with-mpm=prefork
--with-ldap --with-apr=/u01/tomcat/scm2/apr-1.6.5
--with-apr-util=/u01/tomcat/scm2/apr-util-1.6.1 --enable-ssl
--enable-dav --en
able-dav-fs --enable-dav-lock --enable-authnz-ldap --enable-ldap
-enable-headers CPPFLAGS=-DHAVE_FIPS
LDFLAGS=-L/u01/tomcat/scm2/openssl-fips-2.0.16/lib
-L/u01/tomcat/scm2/openssl-1.0.2r/lib

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org