After far too many hours of research, and learning far more about Linux than I ever cared to, I have narrowed the problem to basic peculiarities of RHEL and OpenSSL and an incorrect assumption made by Ruby (extconf.rb) during installation. The following sites gave me some good clues as to what to look at but I found nothing that put it all together like what I needed.
- http://www.openssl.org/support/faq.html#BUILD8
- http://wiki.openssl.org/index.php/Compilation_and_Installation#Fedora_and_Red_Hat
- http://sachachua.com/blog/2011/04/setting-up-ruby-on-rails-on-a-redhat-enterprise-linux-rackspace-cloud-server/
- https://web.archive.org/web/20130430124941/https://rvm.io/packages/openssl/
...and not much thanks to a whole bunch of red herrings involving Ruby patches and EC2M. Also, RVM needs to correct their optimism that they have accounted for this with autolibs and should reinstate their previous openssl page.
Basic solution rules
Rule 1
The install of OpenSSL (1.0.1e) created and maintained by yum in /usr/bin
cannot be used to compile Ruby's OpenSSL extension correctly -- at least, not on my machine at this time with the latest versions of Ruby (1.9.3-p484, 2.0.0, 2.1.0). RHEL 6.3. I can only surmise that this is due to peculiarities in RedHat's compilation of OpenSSL as hinted at in the OpenSSL FAQ.
Rule 2
I found two old versions (0.9.8) of OpenSSL in /usr/local
(in bin
+ openssl
, and ssl/bin
) and updating/replacing these got me a bit closer to a solution. For whatever reason, every manual install of OpenSSL 1.0.1f in /usr/local
(regardless of bin,openssl,ssl directory arrangement) insisted on putting the libraries in /usr/local/lib64
instead of /usr/local/lib
(unless I hacked the Makefile
, of course). Ruby's expconf.rb
script, however, assumes the OpenSSL libraries will always be in a lib
directory. Chasing down this single annoyance (and clash with OpenSSL) was the hardest part of all this. Therefore, to make using an install of OpenSSL in /usr/local
work, you must do two things: (1) install Ruby with the --with-openssl-dir
switch, and (2) recompile Ruby's OpenSSL extension while also modifying the Makefile
to point to lib64
instead of lib
. Thus, run something like the following string of commands as root:
ruby-install ruby 1.9.3-p545 -- --with-openssl-dir=/usr/local
cd /usr/local/src/ruby-1.9.3-p545/ext/openssl
ruby extconf.rb
Edit openssl's Makefile to replace something like this:
libpath = . $(libdir) /usr/local/lib
LIBPATH = -L. -L$(libdir) -Wl,-R$(libdir) -L/usr/local/lib -Wl,-R/usr/local/lib
with something like this:
libpath = . $(libdir) /usr/local/lib64
LIBPATH = -L. -L$(libdir) -Wl,-R$(libdir) -L/usr/local/lib64 -Wl,-R/usr/local/lib64
Save, and back to the command line:
make
make install
The new Ruby install should now work with OpenSSL properly. As a quick check, I restart my sudo session and then (assuming using chruby):
chruby 1.9
ruby -ropenssl -e "puts OpenSSL::VERSION"
Rule 3
Installing OpenSSL anywhere besides /usr
puts the libraries in the expected lib
instead of lib64
. (Don't ask me why... dunno.) This may be the more maintainable solution as it lets you avoid hacking up the Makefile
. This is also the solution RVM uses when running rvm pkg install openssl
. Thus, to install both OpenSSL and Ruby (in /opt
), you may run commands something like these (I run as sudo bash):
Install OpenSSL:
cd /opt/local
wget http://www.openssl.org/source/openssl-1.0.1f.tar.gz
tar -xzf openssl-1.0.1f.tar.gz
cd openssl-1.0.1f
./config --prefix=/opt/local shared no-asm zlib > openssl_config.log
make > openssl_make.log
make install > openssl_install.log
(The shared
switch is required for Ruby to install without error, the no-asm
switch helps get rid of a Make warning but does not appear to be required, and zlib
and other switches are optional.)
Optional, update openssl certs:
cd /opt/local/ssl
wget http://curl.haxx.se/ca/cacert.pem
mv cacert.pem cert.pem
cd /opt
Back to Ruby:
ruby-install ruby 1.9.3-p545 -- --with-openssl-dir=/opt/local
The new Ruby install should now work with OpenSSL properly. As a quick check, I restart my sudo session and then (assuming using chruby):
chruby 1.9
ruby -ropenssl -e "puts OpenSSL::VERSION"