# openssh installation error "configure: error: Your OpenSSL"



## kumarbka (Apr 15, 2014)

Hi,

I have a FreeBSD 9.1-RC3, amd64  box.

I have installed OpenSSL 1.0.1g successfully. but when I am upgrading OpenSSH I am getting the below error message while running `./configure`. Kindly help me on this and let me know if you have any questions.


```
checking OpenSSL header version... 1000107f (OpenSSL 1.0.1g 7 Apr 2014)
checking OpenSSL library version... 1000103f (OpenSSL 1.0.1c 10 May 2012)
checking whether OpenSSL's headers match the library... no
configure: error: Your OpenSSL headers do not match your
library. Check config.log for details.
If you are sure your installation is consistent, you can disable the check
by running "./configure --without-openssl-header-check".
Also see contrib/findssl.sh for help identifying header/library mismatches.
```


Thanks in advance.


----------



## SirDice (Apr 16, 2014)

*Re: openssh installation error "configure: error: Your OpenS*



			
				kumarbka said:
			
		

> I have a FreeBSD 9.1-RC3, amd64  box.


Please upgrade it to the full 9.1-RELEASE. It was released in December 2012 so there's absolutely no reason why you'd still have a release candidate.



> I have installed OpenSSL 1.0.1g successfully. but when I am upgrading OpenSSH I am getting the below error message while running `./configure`. Kindly help me on this and let me know if you have any questions.


Use the port, security/openssl. And by updating the base OS the base OpenSSH will also be up to date.


----------



## kumarbka (Apr 16, 2014)

*Re: openssh installation error "configure: error: Your OpenS*

Thanks for your reply @SirDice.

I am not able to upgrade/change the OS from RC to full release at presently since business restriction. 

Kindly let me know, is there any possibilities to install openssh instead of using /usr/ports and to avoid the error (your OpenSSL headers do not match your library).

Thanks again.


----------



## SirDice (Apr 16, 2014)

*Re: openssh installation error "configure: error: Your OpenS*



			
				kumarbka said:
			
		

> I am not able to upgrade/change the OS from RC to full release at presently since business restriction.


Business requirements usually state that you need to use a _supported_ version. The release candidates are not supported. There have been a number of security fixes since the 9.1-RELEASE. You're not getting any of those either. And that's really bad for business.



> Kindly let me know, is there any possibilities to install openssh instead of using /usr/ports and two avoid the error (Your OpenSSL headers do not match your library).


The only way to update sshd(8) is to update the base OS. Keep in mind that FreeBSD uses a modified version of OpenSSH.


----------



## kumarbka (Apr 24, 2014)

*Re: openssh installation error "configure: error: Your OpenS*

Thanks @SirDice.

I have installed the freebsd " FreeBSD 8.0-RELEASE" and OpenSSL version openssl-1.0.1g successfully.


```
freebsd# openssl version
OpenSSL 1.0.1g 7 Apr 2014
freebsd# ssh -V
OpenSSH_5.2p1 FreeBSD-20090522, OpenSSL 0.9.8k 25 Mar 2009
freebsd#
```

Still the SSH *v*ersion uses the old SSL "OpenSSL 0.9.8k" as copied from the output above. hence I have tried to upgrade the OpenSSH (openssh-6.6p1). I am getting the below error message while running `./configure`:


```
checking whether getpgrp requires zero arguments... yes
checking OpenSSL header version... 1000107f (OpenSSL 1.0.1g 7 Apr 2014)
checking OpenSSL library version... 9080bf (OpenSSL 0.9.8k 25 Mar 2009)
checking whether OpenSSL's headers match the library... no
configure: error: Your OpenSSL headers do not match your
library. Check config.log for details.
If you are sure your installation is consistent, you can disable the check
by running "./configure --without-openssl-header-check".
Also see contrib/findssl.sh for help identifying header/library mismatches.
```
Kindly let me know how to fix this.

Thanks again.


----------



## ShelLuser (Apr 24, 2014)

*Re: openssh installation error "configure: error: Your OpenS*



			
				kumarbka said:
			
		

> I have installed the freebsd " FreeBSD 8.0-RELEASE" and OpenSSL version openssl-1.0.1g successfully.


This got me puzzled; why would you downgrade from 9.1 to 8.0, also considering that version 8.0 is pretty much obsolete right now?

That will only worsen your problems since you'll run across many software packages which might not even be able to build cleanly. You're bound to come across these problems when using the ports collection.

Which is basically my suggestion: why not use the ports collection in the first place? It uses the original software package as released by the programmer / author, it provides you with all the patch files up front so you can see exactly which changes are being applied to make the software work with FreeBSD but most of all you can be assured that the software will work in your FreeBSD environment.

Check this link for an overview of which FreeBSD versions are supported (and their EOL dates).

So quite frankly I think your best solution here is to upgrade to 9.1/RELEASE and then rely on the ports to provide you with security/openssl, basically what @SirDice already advised. If you still want to use a later version of OpenSSH then you might want to look into security/openssh-portable for that.


----------

