编译过时的PHP会产生带有OpenSSL函数的核心转储. OpenSSL版本不匹配? [英] compiling outdated PHP yields core dump with OpenSSL functions. OpenSSL version mismatch?
问题描述
我使用以下./config选项编译了OpenSSL 0.9.8x:
I compiled OpenSSL 0.9.8x with these ./config options:
./config --prefix=/usr/local/openssl-0.9.8 --openssldir=/usr/local/openssl-0.9.8
我正在使用这些./configure选项(以及其他选项)来编译我的PHP版本:
I'm compiling my PHP version with these ./configure options (among others):
--with-openssl=/usr/local/openssl-0.9.8
--with-openssl-dir=/usr/local/openssl-0.9.8
问题在于,当我使用openssl_public_encrypt
运行PHP脚本时,出现了分段错误.
The problem is that when I run a PHP script with openssl_public_encrypt
I'm getting a segmentation fault.
这是gdb所说的:
Program terminated with signal 11, Segmentation fault.
#0 0x00007fd3381c5a48 in RSA_public_encrypt () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
在/usr/local/openssl-0.9.8/lib/中有libcrypto.so.0.9.8,为什么不使用它?
In /usr/local/openssl-0.9.8/lib/ there's libcrypto.so.0.9.8 so why isn't it using that?
这是我的OpenSSL Makefile:
Here's my OpenSSL Makefile:
这是我的PHP Makefile:
Here's my PHP Makefile:
这是一个复制问题的Dockefile:
Here's a Dockefile that reproduces the issue:
有什么想法吗?谢谢!
推荐答案
使用LD_LIBRARY_PATH
通常可以解决问题,但在这种情况下不适合您.
Use LD_LIBRARY_PATH
will fix the problem in general, but not for yours in this case.
我已根据您的Dockerfile进行了改写,以修复segfault.
I have rewritten the Dockerfile based on yours in order to fix the segfault.
-
在PHP的配置阶段删除
--disable-rpath
和--libdir
参数.
我们使用rpath
在运行时定位共享对象,以在/usr/local/openssl-0.9.8x上自定义构建openssl.
We use rpath
to locate shared objects at runtime for custom build openssl on /usr/local/openssl-0.9.8x.
请参见 https://linux.die.net/man/1中的选项-rpath=dir
/ld
See option -rpath=dir
from https://linux.die.net/man/1/ld
将目录添加到运行时库搜索路径.在将ELF可执行文件与共享库链接时使用.所有-rpath参数都被串联并传递到运行时链接程序,该链接程序使用它们在运行时定位共享对象.在查找链接中明确包含的共享对象所需的共享对象时,也使用-rpath选项
Add a directory to the runtime library search path. This is used when linking an ELF executable with shared objects. All -rpath arguments are concatenated and passed to the runtime linker, which uses them to locate shared objects at runtime. The -rpath option is also used when locating shared objects which are needed by shared objects explicitly included in the link
在OpenSSL的配置脚本中添加shared
选项
构建共享库(libcrypto.so.0.9.8和libssl.so.0.9.8)
To build share libraries (libcrypto.so.0.9.8 and libssl.so.0.9.8)
仅在/usr/kerberos/lib中链接kerberos库
Link kerberos libraries only in /usr/kerberos/lib
不是将所有库从/usr/lib/x86_64-linux-gnu链接到/usr/kerberos/lib,而是运行时搜索路径的顺序为/usr/kerberos/lib:/usr/local/openssl-0.9.8/lib
Instead of linking all libraries from /usr/lib/x86_64-linux-gnu to /usr/kerberos/lib, The ordering of runtime search path is /usr/kerberos/lib:/usr/local/openssl-0.9.8/lib
这是更改
# https://pastebin.com/ziZzvTh8
--- ziZzvTh8.txt 2019-10-08 10:31:33.229217226 +0800
+++ Dockerfile 2019-10-08 12:07:03.271948150 +0800
@@ -8,7 +8,7 @@
&& wget --no-check-certificate http://www.openssl.org/source/openssl-0.9.8x.tar.gz \
&& tar xvfz openssl-0.9.8x.tar.gz \
&& cd openssl-0.9.8x \
- && ./config --prefix=/usr/local/openssl-0.9.8 \
+ && ./config shared --prefix=/usr/local/openssl-0.9.8 \
&& make \
&& make install
@@ -23,7 +23,8 @@
&& ln -s /usr/lib/x86_64-linux-gnu/libexpat.so /usr/lib/ \
&& ln -s /usr/lib/x86_64-linux-gnu/libmysqlclient.so /usr/lib/libmysqlclient.so \
&& mkdir /usr/kerberos \
- && ln -s /usr/lib/x86_64-linux-gnu /usr/kerberos/lib
+ && ln -s /usr/lib/x86_64-linux-gnu/mit-krb5 /usr/kerberos/lib
+
RUN apt-get build-dep -y php5
@@ -43,7 +44,6 @@
--with-zlib \
--with-gd \
--with-pgsql \
- --disable-rpath \
--enable-inline-optimization \
--with-bz2 \
--with-zlib \
@@ -62,7 +62,6 @@
--enable-gd-native-ttf \
--with-openssl=/usr/local/openssl-0.9.8 \
--with-openssl-dir=/usr/local/openssl-0.9.8 \
- --with-libdir=/lib/x86_64-linux-gnu \
--enable-ftp \
--with-imap \
--with-imap-ssl \
@@ -72,4 +71,6 @@
&& make \
&& make install-cli
+ADD test.php /root/test.php
+
CMD ["bash"]
test.php
<?php
$key = <<<EOF
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHzD76i8DA25nC+Qsswi
OM0lW+gViiQD4tEm7suxBc2BGibtdlrsprVIId92hSjQKx4x8+XVWU6k89T5vy8Y
txpXN759OWdGkDi8uvZuYclMjW9Rao+oqSvbXH37R7oSY287I+6uOHclGhniQN3q
RyoXBkbhDk0/FTI/i549q/gGk1UZYv449KLrDOqmtohRcIyAYVnvvWtD1kIzourq
hMtEIrPqwoBqTaUA9kOIXw1jMovao2TN52j48KgOg9KjqtdwUwD9e6n7hJd/subF
6woc8L7zjJFOHH5gacUC7vtiMpBpnSyLQpjFLepYYwftjsRmg4xLdh+Zvgw3xqi4
lwIDAQAB
-----END PUBLIC KEY-----
EOF;
var_dump(openssl_public_encrypt($data, $crypted, $key));
var_dump($crypted);
结果
root@7c5df089bcb0:/# php -v
PHP 4.4.9 (cli) (built: Oct 8 2019 04:09:29)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
root@7c5df089bcb0:/# php -i | grep OpenSSL
CURL Information => libcurl/7.26.0 OpenSSL/0.9.8x zlib/1.2.7 libidn/1.25 libssh2/1.4.2 librtmp/2.3
OpenSSL support => enabled
OpenSSL Version => OpenSSL 0.9.8x 10 May 2012
root@7c5df089bcb0:/# php /root/test.php
bool(true)
string(256) "W`r�b��e��',뱌Zł^�$�֗��S����w�j�د<������� �)<��j��JL(f@�A���5_S�X=g-?0M�(�d�����+��� �nD*gzË��ڞc'�\'͗�'vnmo�G�Bv�
#~�y D!��lb�t^���| )[za��5���y�G{�\�"
root@7c5df089bcb0:/# ldd `which php` | egrep 'libssl|libcrypto'
libssl.so.0.9.8 => /usr/local/openssl-0.9.8/lib/libssl.so.0.9.8 (0x00007efe86da1000)
libcrypto.so.0.9.8 => /usr/local/openssl-0.9.8/lib/libcrypto.so.0.9.8 (0x00007efe86a0b000)
libssl.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007efe8401b000)
libcrypto.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007efe83c21000)
root@7c5df089bcb0:/# objdump -p `which php` | grep RPATH
RPATH /usr/lib/x86_64-linux-gnu:/usr/kerberos/lib:/usr/local/openssl-0.9.8/lib
这篇关于编译过时的PHP会产生带有OpenSSL函数的核心转储. OpenSSL版本不匹配?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!