logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Apache pointing to old openssl version after recompilation
Author
Rasheed_itsme



Joined: 02 Jul 2014
Posts: 12
Location: India

PostPosted: Mon 07 Sep '15 5:41    Post subject: Apache pointing to old openssl version after recompilation Reply with quote

Hi,

I need a help in apache compilation.

Recently we upgraded the openssl version in our solaris server.

Old version OpenSSL 0.9.7d is there in the path /usr/sfw/bin/
We installed new version OpenSSL 0.9.8i in the path /usr/local/ssl/

ls -lrt /usr/local/ssl
total 34
-rw-r--r-- 1 bin bin 9374 Oct 1 2008 openssl.cnf
drwxr-xr-x 2 bin bin 512 Jul 2 18:46 bin
drwxr-xr-x 2 bin bin 512 Jul 2 18:46 certs
drwxr-xr-x 3 bin bin 512 Jul 2 18:46 include
drwxr-xr-x 4 bin bin 512 Jul 2 18:46 lib
drwxr-xr-x 6 bin bin 512 Jul 2 18:46 man
drwxr-xr-x 2 bin bin 512 Jul 2 18:46 misc
drwxr-xr-x 2 bin bin 512 Jul 2 18:46 private

After we installed the openssl version, we taken backup of the current apache folder /pp/apache and removed that folder and installed the apache once again using the below command. but after the installation with the new openssl path as argument still apache referring the old openssl version. Could anyone please help me on this ?


Code:


./configure \
CC="/usr/local/bin/gcc" CFLAGS=-fstack-protector \
--prefix=/pp/apache \
--enable-ssl=shared \
--enable-so \
--with-ssl=/usr/local/ssl \
--enable-rewrite=shared \
--enable-speling=shared \
--disable-userdir \
--disable-status \
--with-mpm=worker \
--enable-mods-shared="autoindex asis actions include" \
--enable-proxy=shared \
--enable-proxy_ajp=shared \
--enable-log-forensic=shared \
--enable-filter \
--disable-cgi \
--enable-cgid \
--enable-deflate=shared \
--enable-cache=shared \
--enable-mem-cache=shared




mod ssl pointing to old version :

Code:


ldd /pp/apache/modules/mod_ssl.so
libssl.so.0.9.7 => /usr/sfw/lib/libssl.so.0.9.7
libcrypto.so.0.9.7 => /usr/sfw/lib/libcrypto.so.0.9.7
libsocket.so.1 => /lib/libsocket.so.1
libnsl.so.1 => /lib/libnsl.so.1
libdl.so.1 => /lib/libdl.so.1
libc.so.1 => /lib/libc.so.1
libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1
libmp.so.2 => /lib/libmp.so.2
libmd.so.1 => /lib/libmd.so.1
libscf.so.1 => /lib/libscf.so.1
libdoor.so.1 => /lib/libdoor.so.1
libuutil.so.1 => /lib/libuutil.so.1
libgen.so.1 => /lib/libgen.so.1
libssl_extra.so.0.9.7 => /usr/sfw/lib/libssl_extra.so.0.9.7
libcrypto_extra.so.0.9.7 => /usr/sfw/lib/libcrypto_extra.so.0.9.7
libm.so.2 => /lib/libm.so.2
/platform/SUNW,SPARC-Enterprise-T5220/lib/libc_psr.so.1
/platform/SUNW,SPARC-Enterprise-T5220/lib/libmd_psr.so.1

Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU

PostPosted: Mon 07 Sep '15 11:02    Post subject: Reply with quote

Mario had the same kind question the dev list, there 1.02 was not showing up. See http://apache-http-server.18135.x6.nabble.com/Re-httpd-and-OpenSSL-1-0-2-td5021572.html#none
Back to top
Rasheed_itsme



Joined: 02 Jul 2014
Posts: 12
Location: India

PostPosted: Tue 08 Sep '15 7:06    Post subject: Reply with quote

Thank you for the reply, In Mario case it was not able to install/configure/start properly.

In my case, compile was successful, even Apache came up but the Apache is pointing to the old openssl version in Solaris.

I checked the ssl module of Apache using ldd command and found its taking the old openssl version library. not sure how to make it refer the new openssl version libraries.
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 692

PostPosted: Tue 08 Sep '15 9:48    Post subject: Reply with quote

Mario (James Blond) was also dealing that the old OpenSSL shows up.

I think he solved it, you can try his build scripts: https://github.com/JBlond/debian_build_apache24?files=1

I am not experienced with *nix, hopefully Mario can jump in.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Tue 08 Sep '15 10:40    Post subject: Reply with quote

the key soluation was to install a complete OpenSSL into a non standard folder and configure the apache build to use that path PLUS export the LDFLAGS.
I'd be happy if you fork my github repo, create a branch for solaris, change it so that it compiles apache on solaris and create a pull request so that other can benefit, too.
Back to top


Reply to topic   Topic: Apache pointing to old openssl version after recompilation View previous topic :: View next topic
Post new topic   Forum Index -> Apache