1

I'm trying to upgrade both Apache and OpenSSL at the same time. I've gotten Apache compiled with all the modules I need, and it pops up and runs, but still shows an old version of OpenSSL.

Here is my config command:

./configure --prefix=/usr/local/apache2.2.24/ --with-ssl=/usr/local/openssl-1.0.1e/ --enable-mods-shared="all [sic] ssl rewrite"

The OpenSSL in that directory is correct:

$ /usr/local/openssl-1.0.1e/bin/openssl version OpenSSL 1.0.1e 11 Feb 2013

Yet, when I query the server I still get an old version of OpenSSL in the header:

$ curl -I http://www.mydomain.com/ HTTP/1.1 200 OK Date: Thu, 09 May 2013 14:51:59 GMT Server: Apache/2.2.24 (Unix) DAV/2 mod_ssl/2.2.24 OpenSSL/1.0.0g

I've recompiled a few hundred times over the last few days, and cannot figure out what I'm missing. Each of the directories has been deleted and made from scratch (including the source directories I'm compiling in).

The system is an older version of FreeBSD with a broken ports install, so I cannot use ports for the compile.

Improve this question
7
  • Does the openssl in /usr/local include the development headers? if not, you are always linking against the older version. Commented May 9, 2013 at 15:22
  • It does have the include/openssl/ directory with all of the *.h files in it. Commented May 9, 2013 at 15:23
  • Read the config.log to see what it actually auto-detected. Commented May 9, 2013 at 16:47
  • Not sure exactly what to look for in config.log, but it looks like it found the one I specified: configure:13500: result: /usr/local/openssl-1.0.1e Commented May 9, 2013 at 17:04
  • Add a pointer to the directory containing the development headers using -L, check the output of ./configure --help=recursive for more info. Commented May 9, 2013 at 18:25

3 Answers 3

Reset to default
5

First, FIX YOUR PORTS - rm -rf /usr/ports if that's what it takes. This will not harm installed software. Use portsnap for an easy way to grab a new copy of the ports tree. Advanced users can use svn.

Second, DO NOT compile Apache from downloaded source. You're begging for trouble, and should NOT be surprised that you've found it. Use the ports tree. Even if you want to use a different version of software from the Ports tree, learn how to modify your local tree for the version you want.

Run ldd against the mod_ssl.so file, since you're compiling downloaded source the installation direction is probably non-standard (meaning future admins of your system will be unable to find the directory easily).

See what libssl.so it's using, and where it'll be loaded from. Make sure you have the latest OpenSSL libraries in that location.

When you build Apache from ports it should always build against the ports installed version of OpenSSL (libssl.so in /usr/local/lib). Since that's not the case it's anyone's guess as to what it's loading.

Improve this answer
4
  • Unfortunately, my system is far enough out of date (and planned to be replaced in a few months) that I cannot compile from ports. Variable ALL_OPTIONS is recursive. is the biggest issue. As a result, compiling from source is somewhat required. Commented May 28, 2013 at 20:00
  • Is the error you're getting Unknown modifier ‘u’? Commented May 28, 2013 at 20:10
  • Yes. That's the other half of it. Unfortunately recompiling make is causing problems for some of our custom software that builds weekly. Commented May 28, 2013 at 20:29
  • I have to chime in with the token "you shouldn't running a system that old", but I'm sure you know already. You can download an older copy of the Mk scripts and the ports system will work again. See the 4 commands at the bottom of this post: cinto.in/?p=185 Commented May 28, 2013 at 20:34
1

You may want to consider fixing your ports collection instead. If you're running an unsupported version, you may not be able to get the latest versions of the ports you want. Otherwise, you can follow the Handbook instructions on how to use portsnap to get yourself the latest ports collection.

Improve this answer
1

One workaround is to use rpath when configuring apache, ie:

$ LDFLAGS=-Wl,-rpath=/opt/openssl/lib ./configure ...

Verify after installing apache:

$ ldd /opt/apache-httpd/modules/mod_ssl.so ... libssl.so.1.0.0 => /opt/openssl/lib/libssl.so.1.0.0 (0x00007fdd56278000) libcrypto.so.1.0.0 => /opt/openssl/lib/libcrypto.so.1.0.0 (0x00007fdd55e9c000) ...
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.