Custom Build Errors
72 views
Skip to first unread message
Mark Sigsbee
Apr 15, 2026, 9:13:07 AMApr 15
to openss...@openssl.org
I'm trying to build 3.6.0 with 3.2.1 for its approved FIPS library on Ubuntu 22.04. I know the default version of OpenSSL is 3.0 and basically leave it alone or the world will come to an end.
I'm building a newer version hoping to resolve issues that I'm getting with 3.0 and confirmed by Ubuntu Pro support.
I d/l'ed both into $ /PKI.
I followed the build instructions provided here: openssl/README-FIPS.md at master · openssl/openssl
My check agrees with the check results in the readme.
When I execute:
$ sudo /PKI/openssl-3.6.0/apps/openssl list -providers -verbose
I get this:
/PKI$ sudo /PKI/openssl-3.6.0/apps/openssl list -providers -verbose
/PKI/openssl-3.6.0/apps/openssl: /lib/x86_64-linux-gnu/libssl.so.3: version `OPENSSL_3.4.0' not found (required by /PKI/openssl-3.6.0/apps/openssl)
/PKI/openssl-3.6.0/apps/openssl: /lib/x86_64-linux-gnu/libssl.so.3: version `OPENSSL_3.2.0' not found (required by /PKI/openssl-3.6.0/apps/openssl)
/PKI/openssl-3.6.0/apps/openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.0.9' not found (required by /PKI/openssl-3.6.0/apps/openssl)
/PKI/openssl-3.6.0/apps/openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.3.0' not found (required by /PKI/openssl-3.6.0/apps/openssl)
/PKI/openssl-3.6.0/apps/openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.5.0' not found (required by /PKI/openssl-3.6.0/apps/openssl)
/PKI/openssl-3.6.0/apps/openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.6.0' not found (required by /PKI/openssl-3.6.0/apps/openssl)
/PKI/openssl-3.6.0/apps/openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.4.0' not found (required by /PKI/openssl-3.6.0/apps/openssl)
/PKI/openssl-3.6.0/apps/openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.2.0' not found (required by /PKI/openssl-3.6.0/apps/openssl)
How do I correct this and get my desired result?
I'm building a newer version hoping to resolve issues that I'm getting with 3.0 and confirmed by Ubuntu Pro support.
I d/l'ed both into $ /PKI.
I followed the build instructions provided here: openssl/README-FIPS.md at master · openssl/openssl
My check agrees with the check results in the readme.
When I execute:
$ sudo /PKI/openssl-3.6.0/apps/openssl list -providers -verbose
I get this:
/PKI$ sudo /PKI/openssl-3.6.0/apps/openssl list -providers -verbose
/PKI/openssl-3.6.0/apps/openssl: /lib/x86_64-linux-gnu/libssl.so.3: version `OPENSSL_3.4.0' not found (required by /PKI/openssl-3.6.0/apps/openssl)
/PKI/openssl-3.6.0/apps/openssl: /lib/x86_64-linux-gnu/libssl.so.3: version `OPENSSL_3.2.0' not found (required by /PKI/openssl-3.6.0/apps/openssl)
/PKI/openssl-3.6.0/apps/openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.0.9' not found (required by /PKI/openssl-3.6.0/apps/openssl)
/PKI/openssl-3.6.0/apps/openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.3.0' not found (required by /PKI/openssl-3.6.0/apps/openssl)
/PKI/openssl-3.6.0/apps/openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.5.0' not found (required by /PKI/openssl-3.6.0/apps/openssl)
/PKI/openssl-3.6.0/apps/openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.6.0' not found (required by /PKI/openssl-3.6.0/apps/openssl)
/PKI/openssl-3.6.0/apps/openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.4.0' not found (required by /PKI/openssl-3.6.0/apps/openssl)
/PKI/openssl-3.6.0/apps/openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.2.0' not found (required by /PKI/openssl-3.6.0/apps/openssl)
How do I correct this and get my desired result?
Neil Horman
Apr 15, 2026, 9:31:15 AMApr 15
to Mark Sigsbee, openss...@openssl.org
you don't have the library search path configured correctly on your platform. Try running:
LD_LIBRARY_PATH=/PKI/openssl-3.6.0/lib PKI/openssl-3.6.0/apps/openssl list -providers -verbose
That will allow the application to run. You may also need to set OPENSSL_CONF and OPENSSL_MODULES appropriately to find the needed configuration and provider DSO's
To avoid needing to set these values you need to configure openssl using the --prefix option to set the latter two variables automatically. To avoid the need for LD_LIBRARY_PATH, you either need to configure your environment to add /PKI/openssl-3.6.0/lib[64] to the library search path globally, or install the library to a location already in the search path (though the latter isn't recommended if you are using a system with a default openssl already configured there).
Neil
--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-user...@openssl.org.
To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/CAPqvXLPc7dDaR3S05bmdSAaFJSZ0k5uSmCs0AY_juicFindorQ%40mail.gmail.com.
Mark Sigsbee
Apr 15, 2026, 9:45:10 AMApr 15
to Neil Horman, openss...@openssl.org
Thanks for the response.
/PKI/openssl-3.6.0/lib
Doesn't exist.
/PKI/openssl-3.6.0/lib
Doesn't exist.
Neil Horman
Apr 15, 2026, 9:47:08 AMApr 15
to Mark Sigsbee, openss...@openssl.org
did you run make install to put openssl-3.6 in that directory? Or is that your build directory? If its the latter then the libraries (libcrypto.so.3 and libssl.so.3) will be in the root of that subtree, and LD_LIBRARY_PATH should just be set to /PKI/openssl-3.6.0
Neil
Mark Sigsbee
Apr 15, 2026, 10:34:33 AMApr 15
to Neil Horman, openss...@openssl.org
Honestly, I've been following so may threads trying to resolve this, at this point I'm not sure what I did. I do know that both of the lib*.so.3 files are in the root folder (openssl-3.6.0).
$ sudo echo $LD_LIBRARY_PATH
$ sudo echo $LD_LIBRARY_PATH
/PKI/openssl-3.6.0
I get the same error when re-executing the command.
I get the same error when re-executing the command.
Neil Horman
Apr 15, 2026, 10:54:21 AMApr 15
to Mark Sigsbee, openss...@openssl.org
Mark-
Based on what you've described, is it possible that, when you tried to make use of 3.1.2 provider with the 3.6 library that you, in addition to copying the 3.1.2 fips.so file from your 3.1.2 build, you also copied the 3.1.2 libcrypto.so.3 and libssl.so.3 files to the 3.6 directory? That would also result in the errors that you are seeing. Only the fips.so file should have been copied from the 3.1.2 build.
Neil
Mark Sigsbee
Apr 15, 2026, 1:39:49 PMApr 15
to Neil Horman, openss...@openssl.org
According to this:
openssl/README-FIPS.md at master · openssl/openssl
I executed this in the 3.6.0 directory. And I did it in the 3.6.0. directory based on the previous section:
$ cp ../openssl-3.1.2/providers/fips.so providers/.
$ cp ../openssl-3.1.2/providers/fipsmodule.cnf providers/.
// Note that for OpenSSL 3.1.2 that the `fipsmodule.cnf` file should not
// be copied across multiple machines if it contains an entry for
// `install-status`. (Otherwise the self tests would be skipped).
// Validate the output of the following to make sure we are using the
// OpenSSL 3.1.2 FIPS provider
$ ./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider fips -providers
// Now run the current tests using the OpenSSL 3.1.2 FIPS provider.
$ make tests
I executed this in the 3.6.0 directory. And I did it in the 3.6.0. directory based on the previous section:
$ cp ../openssl-3.1.2/providers/fips.so providers/.
$ cp ../openssl-3.1.2/providers/fipsmodule.cnf providers/.
// Note that for OpenSSL 3.1.2 that the `fipsmodule.cnf` file should not
// be copied across multiple machines if it contains an entry for
// `install-status`. (Otherwise the self tests would be skipped).
// Validate the output of the following to make sure we are using the
// OpenSSL 3.1.2 FIPS provider
$ ./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider fips -providers
// Now run the current tests using the OpenSSL 3.1.2 FIPS provider.
$ make tests
Reply all
Reply to author
Forward
0 new messages