如何在Apache 2.2.9中使用mod_ssl将openssl 0.9.8升级到1.0.2 [英] How to upgrade openssl 0.9.8 to 1.0.2 with mod_ssl in Apache 2.2.9
问题描述
要求我在SuseSE11SP3中使用openssl 1.0.2重新编译mo_ssl
.
但是,我是Suse的新手,但是对Linux有所了解.
I am asked to recompile mo_ssl
with openssl 1.0.2 in SuseSE11SP3.
However, I am a newbie to Suse, but know a little bit of linux.
- 操作系统:Suse SE11SP3
- Openssl:0.9.8j<-随原始Suse linux一起提供
- Web服务器:Apache httpd 2.2.9
这是我的限制.我不能使用zypper
或rpm
,因为公司安全策略不允许我这样做.这是荒谬的,这就是它的去向.
我的另一个限制是该系统被我没有权限的其他Web服务器使用.我必须使它尽可能本地化.
Here is limitation I have. I cannot use zypper
or rpm
because company security policy does not allow me to do it. It is absurd, this is how it goes here.
Another limitation I have is this system is used by other web servers which I don't have permission. I have to make it as locally as possible.
我希望它发生的是,当我重新编译apache服务器时,我希望看到mod_ssl
被链接到较新版本的Openssl库.
What I want it to happen is that when I recompile apache server, I like to see mod_ssl
is linked to newer version Openssl library.
因此,我下载了Openssl 1.0.2h源文件:
So, I downloaded Openssl 1.0.2h source file:
./confgiure --prefix=//PREFIX/openssl --opendir=/PREFIX/openssl
make test
make install
成功地,我在本地目录上安装了openssl.
Successfully, I installed openssl on local directory.
,然后我尝试重新编译已经存在的httpd2.2.9. 所以我去了httpd 2.2.9中的源文件
and then I attempted to recompile httpd2.2.9 which already exists. so I went to source file in httpd 2.2.9
make clean
export LIBS=-ldl
export LD_LIBRARY_PATH="/PREFIX/openssl"
export LIBS="-L/PREFIX/openssl"
export CPPFLAGS="-I/PREFIX/include/openssl"
./configure --prefix=/PREFIX/apache22 --enable-so --enable-ssl=ssl -with-ssl=/PREFIX/openssl --enable-module=shared CC=/usr/bin/gcc
make install
有一些错误,但是我有点想出了并进行编译.然而,
mod_ssl
的最终结果仍链接到旧的Openssl 0.9.8,而不是新的版本1.0.2h
There were some errors but I kind of figured out and make it compiled. However,
the final result for mod_ssl
is still linked to old Openssl 0.9.8 instead of newer version 1.0.2h
在这些步骤中我错过了什么?还是我哪里出问题了?
What did I miss in these steps? Or where did I go wrong?
//openssl install
./config -fPIC shared --prefix=/PREFIX/openssl --openssldir=/PREFIX/openssl
make
make test
make install
// install apache2
//recompiling after apache2 is installed with openssl
export LIBS=-ldl
export LD_LIBRARY_PATH="/PREFIX/openssl/lib"
export LDFLAGS="-L/PREFIX/openssl"
export CPPFLAGS="-I/PREFIX/openssl/include/openssl"
export CFLAGS="-Wl,-rpath=/PREFIX/openssl:/usr/lib -I/PREFIX/openssl/include/openssl"
./configure --prefix=/PREFIX/apache22 --enable-so --enable-ssl=shared -with-ssl=/PREFIX/openssl --enable-module=shared CC=/usr/bin/gcc
make
make install
上面的命令在"apache22/modules"下创建mod_ssl.so,但是 当我执行了ddd mod_ssl.so时,结果如下所示
The above command creates mod_ssl.so under "apache22/modules" but when I did ldd mod_ssl.so it came out like the following
linux-vdso.so.1 => (0x00007fffef8f2000)
libssl.so.1.0.0 => not found
libcrypto.so.1.0.0 => not found
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007ffe6a48d000)
libc.so.6 => /lib64/libc.so.6 (0x00007ffe6a116000)
/lib64/ld-linux-x86-64.so.2 (0x00007ffe6a913000)
libssl.so,未链接libcrypto.so ..我不知道该如何将mod_ssl.so链接到不同版本的openssl.
libssl.so, libcrypto.so is not linked .. I don't know whatelse I can do it here to link mod_ssl.so to different version of openssl.
请帮助我.
推荐答案
由于Alvits的帮助, 我可以第一次在stackoverflow中写这个答案.
Due to Alvits's help, I could write this answer in stackoverflow for the first time.
!!赞扬Alvits!
我最初的任务是我需要在本地目录中安装不同版本的openssl,这与系统openssl不同.但是我喜欢制作链接到较新的openssl的mod_ssl.
My original task was that I need to install different version of openssl in local direcotry which is different from system openssl. But I like to make mod_ssl which is linked to newer openssl.
首先,我安装了带有共享选项的openssl,我最初忘记了它,并且未创建mod_ssl.因此请注意不要忘记它.
First, I installed openssl with shared option, which I originally forgot about it and mod_ssl was not created. so be careful not forgetting it.
cd openssl_source_direcotry
./config -fPIC shared --prefix=/PREFIX/openssl --openssldir=/PREFIX/openssl
make
make test
make install
下一步,我添加了一些环境变量. PREFIX是我的本地目录. 安装时,请使用其他名称代替PREFIX.
Next step, I added some environment variables. PREFIX is my local directory. When you install please use different name instead of PREFIX.
export LIBS=-ldl
export LD_LIBRARY_PATH="/PREFIX/openssl/lib"
export LDFLAGS="-L/PREFIX/openssl"
export CPPFLAGS="-I/PREFIX/openssl/include/openssl"
export CFLAGS="-Wl,-rpath=/PREFIX/openssl/lib:/usr/lib -I/PREFIX/openssl/include/openssl"
下一步是重新编译apache服务器.我假设您的服务器上已经安装了apache服务器.
Next step is to recompile apache server. I assumed that apache server is already installed on your server.
./configure --prefix=/PREFIX/apache22 --with-apr=/PREFIX/apache22/bin --with-apr-util=/PREFIX/apache22/bin --enable-so --enable-ssl=shared -with-ssl=/PREFIX/openssl --enable-module=shared CC=/usr/bin/gcc
make install
接下来,转到apache22/modules以确认mod_ssl.so是否正确链接.
Next, go to apache22/modules to confirm whether mod_ssl.so is correctly linked.
ldd mod_ssl.so
linux-vdso.so.1 => (0x00007fff823ff000)
libssl.so.1.0.0 => /PREFIX/openssl/lib/libssl.so.1.0.0 (0x00007fb3b32d4000)
libcrypto.so.1.0.0 => /PREFIX/openssl/lib/libcrypto.so.1.0.0 (0x00007fb3b2e8c000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fb3b2c3e000)
libc.so.6 => /lib64/libc.so.6 (0x00007fb3b28c7000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fb3b26c2000)
/lib64/ld-linux-x86-64.so.2 (0x00007fb3b377d000)
再说一遍,我非常感谢Alvits的帮助.没有他的帮助,我做不到.
One more tiem, I really appreciate Alvits for his help. without his help, I couldn't make this far.
这篇关于如何在Apache 2.2.9中使用mod_ssl将openssl 0.9.8升级到1.0.2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!