Unix & Linux Asked by E-71 on November 26, 2020
I have spent some time searching online but none of what I found seems to help.
I’m running CentOS 6 64bit and would like to compile Apache with mod_ssl and need to link it to my own OpenSSL build (which is newer than the OS provided version).
OpenSSL 1.1.0i is configured with:
./config --prefix=/opt/openssl-1.1.0 --openssldir=/opt/openssl-1.1.0 shared
Apache 2.4 is configured with:
./configure --enable-layout=mycustomlayout
--prefix=/opt/httpd-2.4.34
--exec-prefix=/opt/httpd-2.4.34
--with-mpm=prefork
--enable-so
--enable-ssl
--with-ssl=/opt/openssl-1.1.0
--enable-cgi
--enable-http2
--enable-proxy-http2
--with-included-apr
It appears to compile just fine but mod_ssl isn’t aware of where OpenSSL 1.1.0 is installed:
[root@host .libs]# ldd ./mod_ssl.so | grep -iP 'ssl|crypto'
libssl.so.1.1 => not found
libcrypto.so.1.1 => not found
And so only works when you explicitly tell it where to look:
[root@host .libs]# export LD_LIBRARY_PATH=/opt/openssl-1.1.0/lib:$LD_LIBRARY_PATH
[root@host .libs]# ldd ./mod_ssl.so | grep -iP 'ssl|crypto'
libssl.so.1.1 => /opt/openssl-1.1.0/lib/libssl.so.1.1 (0x00007f069149a000)
libcrypto.so.1.1 => /opt/openssl-1.1.0/lib/libcrypto.so.1.1 (0x00007f069100a000)
Even building mod_ssl statically into httpd binary with --enable-mods-static=ssl doesn’t help.
I tried --enable-ssl, --enable-ssl --enable-ssl-staticlib-deps, and --enable-ssl --enable-ssl-staticlib-deps --enable-mods-static=ssl and still the same result:
libssl.so.1.1 => not found
libcrypto.so.1.1 => not found
Also tried, without luck, setting these variables before ./configure:
export PKG_CONFIG_PATH=/opt/openssl-1.1.0/lib/pkgconfig:$PKG_CONFIG_PATH
LD_LIBRARY_PATH=/opt/openssl-1.1.0/lib:$LD_LIBRARY_PATH
LDFLAGS="-L/opt/openssl-1.1.0/lib"
I know I can just add to /etc/ld.so.conf.d to autoload the new OpenSSL library or adjust Apache’s init script to add to LD_LIBRARY_PATH but I’d much prefer to have it working properly, have the program where to look for libssl.so / libcrypto.so, just like my PHP build:
[root@host php]# export PKG_CONFIG_PATH=/opt/openssl-1.1.0/lib/pkgconfig:$PKG_CONFIG_PATH
LD_LIBRARY_PATH=/opt/openssl-1.1.0/lib:$LD_LIBRARY_PATH
LDFLAGS="-L/opt/openssl-1.1.0/lib"
PHP_PREFIX=/opt/php-7.2.9
EXTENSION_DIR=$PHP_PREFIX/usr/lib64/php/modules
[root@host php]# ./configure […]
--with-imap=shared
--with-imap-ssl
--with-openssl=shared
--with-openssl-dir=/opt/openssl-1.1.0/bin
[root@host php]# make
[root@host php]# unset PKG_CONFIG_PATH LD_LIBRARY_PATH LDFLAGS
[root@host modules]# ldd ./openssl.so | grep -iP 'ssl|crypto'
libssl.so.1.1 => /opt/openssl-1.1.0/lib/libssl.so.1.1 (0x00007fc2220a6000)
libcrypto.so.1.1 => /opt/openssl-1.1.0/lib/libcrypto.so.1.1 (0x00007fc221c17000)
What am I doing wrong? Could this be a bug?
Try adding the following to your LDFLAGS env variable:
-Bstatic -lssl -lcrypto
Also, make sure that you don't have any .so file on your openssl libdir, only the static .a ones. This ideally can be done by passing the no-shared parameter to openssl configure.
I am still unsure why sometimes the linker still prefers the shared version if it's present, even when we explicitly require the static ones, but probably it has to do with the way the ./configure script from httpd is handling library dependency.
While a patch on the configure script would probably be cleaner, just not having .so files seems to be enough for the linker to pick up the static version instead.
Answered by Emerson Gomes on November 26, 2020
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP