Lighttpd: network.c:483: error: ‘EC_KEY’ undeclared (first use in this function) Error and Solution

I‘m trying to install the latest version of Lighttpd v1.4.29 web server under RHEL 6.1 AMD64 and getting the following error:

network.c: In function ‘network_init’:
network.c:483: error: ‘EC_KEY’ undeclared (first use in this function)
network.c:483: error: (Each undeclared identifier is reported only once
network.c:483: error: for each function it appears in.)
network.c:483: error: ‘ecdh’ undeclared (first use in this function)
network.c:484: warning: unused variable ‘nid’
make[3]: *** [network.o] Error 1
make[3]: Leaving directory `/opt/new/lighttpd-1.4.29/src’
make[2]: *** [all] Error 2
make[2]: Leaving directory `/opt/new/lighttpd-1.4.29/src’
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/opt/new/lighttpd-1.4.29′
make: *** [all] Error 2

How do I fix this problem under CentOS 5.x, or RHEL, or Red Hat Enterprise Linux 6.x, or Fedora Linux?

Elliptic Curve Cryptography (ECC) is a new public-key cryptosystem for mobile/wireless environments. Lighttpd supports ECC but RHEL 6.x or CenOS 5.x comes with the older version of OpenSSL. To solve this problem:

  1. Use newer version of OpenSSL, which support Elliptic Curve Cryptography. (it means you need to recompile OpenSSL on RHEL)
  2. Compile lighttpd without OpenSSL (this will only work if you run all sites without https support)
  3. Compile lighttpd with OPENSSL_NO_ECDH patch. It adda a missing check for OPENSSL_NO_ECDH in network.c which gets removed from openssl in Fedora/RHEL/CentOS Linux due to patent issue. This patch will be included in lighttpd v1.4.30.

The commands to apply patch are as follows. Download the patch in /tmp:
$ cd /tmp
$ wget http://redmine.lighttpd.net/attachments/1294/lighttpd_1.4.29_ssl_no_ecdh.patch

cd to the lighttpd v1.4.29 source code directory:
$ cd /opt/lighttpd-1.4.29
Apply the patch, enter:
$ patch -p1 < /tmp/lighttpd_1.4.29_ssl_no_ecdh.patch
Now, you can compile lighttpd as follows:
$ ./configure --with-openssl --option1 --option2
$ make
$ sudo make install

Replace --option1, --option2 with required options. Here is an working example:
$ ./configure --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --with-openssl --with-fam
$ make
$ sudo make install

Posted by: SXI ADMIN

The author is the creator of SXI LLC and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.