You are not logged in.
- Topics: Active | Unanswered
#1 2022-09-23 15:24:58
- Carlo1983
- Member
- Registered: 2022-09-15
- Posts: 5
Compiling Apache httpd with custom OpenSSL (v. 1.1.1q)
Hi to all,
I have just installed by source the OpenSSL v.1.1.1q on my Arch Linux.
Now I want use it to build Apache httpd.
I have compiled the OpenSSL like this:
CFLAGS=-fPIC ./config shared -Wl,--enable-new-dtags -Wl,-rpath=/opt/OpenSSL/openssl-1.1.1q/lib --prefix=/opt/OpenSSL/openssl-1.1.1q --openssldir=/opt/OpenSSL/openssl-1.1.1q
make
make installand all went well.
The ldd -v command on the openssl file link the right libraries.
I have just compiled Apache httpd with those steps but ldd -v command on the mod_ssl.so links the libraries to the wrong path (/usr/lib/libcrypto.so).
This is part of my config.nice:
"./configure" \
"--prefix=/opt/Apache/httpd-2.4.54" \
"--enable-ssl" \
"--with-ssl=/opt/OpenSSL/openssl-1.1.1q" \
"$@"and this is my ldd output
ldd -v /opt/Apache/httpd-2.4.54/modules/mod_ssl.so
linux-vdso.so.1 => linux-vdso.so.1 (0x00007ffe53fbc000)
libssl.so.1.1 => /usr/lib/libssl.so.1.1 (0x00007f1350f0e000)
libcrypto.so.1.1 => /usr/lib/libcrypto.so.1.1 (0x00007f1350c2d000)
libc.so.6 => /usr/lib/libc.so.6 (0x00007f1350a46000)
/usr/lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007f1351018000)
Version information:
/opt/Apache/httpd-2.4.54/modules/mod_ssl.so:
libc.so.6 (GLIBC_2.14) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.4) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.2.5) => /usr/lib/libc.so.6
libssl.so.1.1 (OPENSSL_1_1_1) => /usr/lib/libssl.so.1.1
libssl.so.1.1 (OPENSSL_1_1_0) => /usr/lib/libssl.so.1.1
libcrypto.so.1.1 (OPENSSL_1_1_0) => /usr/lib/libcrypto.so.1.1
/usr/lib/libssl.so.1.1:
libc.so.6 (GLIBC_2.14) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.4) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.3.4) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.2.5) => /usr/lib/libc.so.6
libcrypto.so.1.1 (OPENSSL_1_1_0d) => /usr/lib/libcrypto.so.1.1
libcrypto.so.1.1 (OPENSSL_1_1_0i) => /usr/lib/libcrypto.so.1.1
libcrypto.so.1.1 (OPENSSL_1_1_0f) => /usr/lib/libcrypto.so.1.1
libcrypto.so.1.1 (OPENSSL_1_1_1) => /usr/lib/libcrypto.so.1.1
libcrypto.so.1.1 (OPENSSL_1_1_0) => /usr/lib/libcrypto.so.1.1
/usr/lib/libcrypto.so.1.1:
libc.so.6 (GLIBC_2.15) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.14) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.4) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.3) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.25) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.3.2) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.33) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.7) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.3.4) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.17) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.16) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.34) => /usr/lib/libc.so.6
libc.so.6 (GLIBC_2.2.5) => /usr/lib/libc.so.6
/usr/lib/libc.so.6:
ld-linux-x86-64.so.2 (GLIBC_2.2.5) => /usr/lib64/ld-linux-x86-64.so.2
ld-linux-x86-64.so.2 (GLIBC_2.3) => /usr/lib64/ld-linux-x86-64.so.2
ld-linux-x86-64.so.2 (GLIBC_PRIVATE) => /usr/lib64/ld-linux-x86-64.so.2This is what I get in the error_log:
AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 1.1.1q 5 Jul 2022, version currently loaded is OpenSSL 1.1.1o 3 May 2022) - may result in undefined or erroneous behaviorand, moreover I heve noticed this:
strings /opt/Apache/httpd-2.4.54/modules/mod_ssl.so | grep OpenSSL
OpenSSL_version_num
OpenSSL_version
SSLOpenSSLConfCmd
OpenSSL configuration command
': This version of OpenSSL does not support the Entropy Gathering Daemon (EGD).
This version of OpenSSL does not have any compression methods available, cannot enable SSLCompression.
SSLv3 not supported by this version of OpenSSL
'%s': invalid OpenSSL configuration command
OpenSSL 1.1.1q 5 Jul 2022
OpenSSL
AH01894: Unable to initialize TLS servername extension callback (incompatible OpenSSL version?)
AH01913: Unable to initialize TLS session ticket key callback (incompatible OpenSSL version?)
AH02407: "SSLOpenSSLConfCmd %s %s" failed for %s
AH02556: "SSLOpenSSLConfCmd %s %s" applied to %s
OpenSSL
OpenSSL
OpenSSL 1.1.1q 5 Jul 2022
ssl_cmd_SSLOpenSSLConfCmd
OpenSSL_version_num@OPENSSL_1_1_0
OpenSSL_version@OPENSSL_1_1_0as I aspected.
How can I compile correctly Apache in order to let it uses the right OpenSSL in the mod_ssl.so file?
Thanks for the support.
Last edited by Carlo1983 (2022-09-23 15:27:20)
Offline
#2 2022-09-24 14:22:22
- Lone_Wolf
- Member
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 11,911
Re: Compiling Apache httpd with custom OpenSSL (v. 1.1.1q)
No clue how to answer your questions directly, but on archlinux installing from source usually means :
create a PKGBUILD and needed files
build with makepkg
install with pacman
Doing that is almost always less work, only requires root rights at last step and is easier to troubleshoot then configure/make/install .
The versions of apache & openssl you're trying to build are the same as in the repo pacakges .
I'd start with retrieving the PKGBUILDs used by the repo packages and adjust them to build your custom setup.
You should start by reading https://wiki.archlinux.org/title/Arch_Build_System and make sure to also read the 'related articles' (top right of the page).
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
Offline
#3 2022-09-24 14:24:13
- Slithery
- Administrator
- From: Norfolk, UK
- Registered: 2013-12-01
- Posts: 5,776
Re: Compiling Apache httpd with custom OpenSSL (v. 1.1.1q)
You're having problems because you manually built OpenSSL from source instead of using a PKGBUILD (as was recommended in your previous thread).
Offline
#4 2022-09-24 16:49:01
- loqs
- Member
- Registered: 2014-03-06
- Posts: 17,327
Re: Compiling Apache httpd with custom OpenSSL (v. 1.1.1q)
The system ssl library /usr/lib/libcrypto.so.1.1 is "version currently loaded is OpenSSL 1.1.1o 3 May 2022" so not Arch linux or at least not current Arch linux.
Offline