如何在 Apache 2.2.9 中使用 mod_ssl 将 openssl 0.9.8 升级到 1.0.2 [英] How to upgrade openssl 0.9.8 to 1.0.2 with mod_ssl in Apache 2.2.9

问题描述

我被要求在 SuseSE11SP3 中使用 openssl 1.0.2 重新编译 mo_ssl.不过，我是 Suse 的新手，但对 linux 略知一二.

I am asked to recompile mo_ssl with openssl 1.0.2 in SuseSE11SP3. However, I am a newbie to Suse, but know a little bit of linux.

• 操作系统:Suse SE11SP3
• Openssl : 0.9.8j <-随原始 Suse linux 一起提供
• 网络服务器:Apache httpd 2.2.9

这是我的限制.我不能使用 zypper 或 rpm 因为公司安全政策不允许我这样做.这是荒谬的，这里就是这样.我的另一个限制是这个系统被我没有权限的其他网络服务器使用.我必须尽可能在本地进行.

Here is limitation I have. I cannot use zypper or rpm because company security policy does not allow me to do it. It is absurd, this is how it goes here. Another limitation I have is this system is used by other web servers which I don't have permission. I have to make it as locally as possible.

我希望它发生的是，当我重新编译 apache 服务器时，我喜欢看到 mod_ssl 链接到较新版本的 Openssl 库.

What I want it to happen is that when I recompile apache server, I like to see mod_ssl is linked to newer version Openssl library.

所以，我下载了 Openssl 1.0.2h 源文件:

So, I downloaded Openssl 1.0.2h source file:

./confgiure --prefix=//PREFIX/openssl --opendir=/PREFIX/openssl
make test
make install

成功地，我在本地目录上安装了 openssl.

Successfully, I installed openssl on local directory.

然后我尝试重新编译已经存在的httpd2.2.9.所以我去了httpd 2.2.9中的源文件

and then I attempted to recompile httpd2.2.9 which already exists. so I went to source file in httpd 2.2.9

make clean

export LIBS=-ldl
export LD_LIBRARY_PATH="/PREFIX/openssl"
export LIBS="-L/PREFIX/openssl"
export CPPFLAGS="-I/PREFIX/include/openssl" 

./configure --prefix=/PREFIX/apache22  --enable-so --enable-ssl=ssl -with-ssl=/PREFIX/openssl --enable-module=shared CC=/usr/bin/gcc

make install

有一些错误，但我有点想通并编译它.然而，mod_ssl 的最终结果仍然链接到旧的 Openssl 0.9.8 而不是新版本 1.0.2h

There were some errors but I kind of figured out and make it compiled. However, the final result for mod_ssl is still linked to old Openssl 0.9.8 instead of newer version 1.0.2h

我在这些步骤中遗漏了什么?还是我哪里做错了?

What did I miss in these steps? Or where did I go wrong?

//openssl install
./config -fPIC shared --prefix=/PREFIX/openssl --openssldir=/PREFIX/openssl
make 
make test
make install

// install apache2 

//recompiling after apache2 is installed with openssl 

export LIBS=-ldl
export LD_LIBRARY_PATH="/PREFIX/openssl/lib"
export LDFLAGS="-L/PREFIX/openssl"
export CPPFLAGS="-I/PREFIX/openssl/include/openssl" 
export CFLAGS="-Wl,-rpath=/PREFIX/openssl:/usr/lib -I/PREFIX/openssl/include/openssl"

./configure --prefix=/PREFIX/apache22  --enable-so --enable-ssl=shared -with-ssl=/PREFIX/openssl --enable-module=shared CC=/usr/bin/gcc
make
make install

上面的命令在apache22/modules"下创建了 mod_ssl.so 但是当我做 ldd mod_ssl.so 时，结果如下

The above command creates mod_ssl.so under "apache22/modules" but when I did ldd mod_ssl.so it came out like the following

linux-vdso.so.1 =>  (0x00007fffef8f2000)
libssl.so.1.0.0 => not found
libcrypto.so.1.0.0 => not found
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007ffe6a48d000)
libc.so.6 => /lib64/libc.so.6 (0x00007ffe6a116000)
/lib64/ld-linux-x86-64.so.2 (0x00007ffe6a913000)

libssl.so，libcrypto.so 未链接.. 我不知道我还能在这里做些什么来将 mod_ssl.so 链接到不同版本的 openssl.

libssl.so, libcrypto.so is not linked .. I don't know whatelse I can do it here to link mod_ssl.so to different version of openssl.

请帮帮我.

推荐答案

由于 Alvits 的帮助，我第一次可以在 stackoverflow 中写出这个答案.

Due to Alvits's help, I could write this answer in stackoverflow for the first time.

<强>！！向阿尔维茨致敬！！

我最初的任务是我需要在本地目录中安装不同版本的 openssl，这与系统 openssl 不同.但我喜欢制作链接到较新的 openssl 的 mod_ssl.

My original task was that I need to install different version of openssl in local direcotry which is different from system openssl. But I like to make mod_ssl which is linked to newer openssl.

首先，我安装了带有共享选项的 openssl，我最初忘记了它并且没有创建 mod_ssl.所以要小心不要忘记它.

First, I installed openssl with shared option, which I originally forgot about it and mod_ssl was not created. so be careful not forgetting it.

cd openssl_source_direcotry
./config -fPIC shared --prefix=/PREFIX/openssl --openssldir=/PREFIX/openssl
make 
make test
make install

下一步，我添加了一些环境变量.PREFIX 是我的本地目录.安装时请使用不同的名称而不是 PREFIX.

Next step, I added some environment variables. PREFIX is my local directory. When you install please use different name instead of PREFIX.

export LIBS=-ldl
export LD_LIBRARY_PATH="/PREFIX/openssl/lib"
export LDFLAGS="-L/PREFIX/openssl"
export CPPFLAGS="-I/PREFIX/openssl/include/openssl" 
export CFLAGS="-Wl,-rpath=/PREFIX/openssl/lib:/usr/lib -I/PREFIX/openssl/include/openssl"

下一步是重新编译apache服务器.我假设您的服务器上已经安装了 apache 服务器.

Next step is to recompile apache server. I assumed that apache server is already installed on your server.

./configure --prefix=/PREFIX/apache22 --with-apr=/PREFIX/apache22/bin --with-apr-util=/PREFIX/apache22/bin --enable-so --enable-ssl=shared -with-ssl=/PREFIX/openssl --enable-module=shared CC=/usr/bin/gcc
make install

接下来到apache22/modules确认mod_ssl.so是否正确链接.

Next, go to apache22/modules to confirm whether mod_ssl.so is correctly linked.

ldd mod_ssl.so 

        linux-vdso.so.1 =>  (0x00007fff823ff000)
        libssl.so.1.0.0 => /PREFIX/openssl/lib/libssl.so.1.0.0 (0x00007fb3b32d4000)
        libcrypto.so.1.0.0 => /PREFIX/openssl/lib/libcrypto.so.1.0.0 (0x00007fb3b2e8c000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fb3b2c3e000)
        libc.so.6 => /lib64/libc.so.6 (0x00007fb3b28c7000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007fb3b26c2000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fb3b377d000)

再来一次，我非常感谢 Alvits 的帮助.没有他的帮助，我无法走到这一步.

One more tiem, I really appreciate Alvits for his help. without his help, I couldn't make this far.

这篇关于如何在 Apache 2.2.9 中使用 mod_ssl 将 openssl 0.9.8 升级到 1.0.2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！