3

I am asked to recompile mo_ssl with openssl 1.0.2 in SuseSE11SP3. However, I am a newbie to Suse, but know a little bit of linux.

  • OS : Suse SE11SP3
  • Openssl : 0.9.8j <-which comes with original Suse linux
  • Web Server : Apache httpd 2.2.9

Here is limitation I have. I cannot use zypper or rpm because company security policy does not allow me to do it. It is absurd, this is how it goes here. Another limitation I have is this system is used by other web servers which I don't have permission. I have to make it as locally as possible.

What I want it to happen is that when I recompile apache server, I like to see mod_ssl is linked to newer version Openssl library.

So, I downloaded Openssl 1.0.2h source file:

./confgiure --prefix=//PREFIX/openssl --opendir=/PREFIX/openssl
make test
make install

Successfully, I installed openssl on local directory.

and then I attempted to recompile httpd2.2.9 which already exists. so I went to source file in httpd 2.2.9

make clean

export LIBS=-ldl
export LD_LIBRARY_PATH="/PREFIX/openssl"
export LIBS="-L/PREFIX/openssl"
export CPPFLAGS="-I/PREFIX/include/openssl" 

./configure --prefix=/PREFIX/apache22  --enable-so --enable-ssl=ssl -with-ssl=/PREFIX/openssl --enable-module=shared CC=/usr/bin/gcc

make install

There were some errors but I kind of figured out and make it compiled. However, the final result for mod_ssl is still linked to old Openssl 0.9.8 instead of newer version 1.0.2h

What did I miss in these steps? Or where did I go wrong?

//openssl install
./config -fPIC shared --prefix=/PREFIX/openssl --openssldir=/PREFIX/openssl
make 
make test
make install

// install apache2 

//recompiling after apache2 is installed with openssl 

export LIBS=-ldl
export LD_LIBRARY_PATH="/PREFIX/openssl/lib"
export LDFLAGS="-L/PREFIX/openssl"
export CPPFLAGS="-I/PREFIX/openssl/include/openssl" 
export CFLAGS="-Wl,-rpath=/PREFIX/openssl:/usr/lib -I/PREFIX/openssl/include/openssl"

./configure --prefix=/PREFIX/apache22  --enable-so --enable-ssl=shared -with-ssl=/PREFIX/openssl --enable-module=shared CC=/usr/bin/gcc
make
make install

The above command creates mod_ssl.so under "apache22/modules" but when I did ldd mod_ssl.so it came out like the following

linux-vdso.so.1 =>  (0x00007fffef8f2000)
libssl.so.1.0.0 => not found
libcrypto.so.1.0.0 => not found
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007ffe6a48d000)
libc.so.6 => /lib64/libc.so.6 (0x00007ffe6a116000)
/lib64/ld-linux-x86-64.so.2 (0x00007ffe6a913000)

libssl.so, libcrypto.so is not linked .. I don't know whatelse I can do it here to link mod_ssl.so to different version of openssl.

please help me.

CharlieSiNB
  • 90
  • 1
  • 1
  • 10
  • Have you tried setting `LDFLAGS=-L/PREFIX/openssl`? – alvits Oct 11 '16 at 01:01
  • Thank you for your quick reply. Yes. I tried. it did not work out. – CharlieSiNB Oct 11 '16 at 05:48
  • Tell the linker that you have a preferred path. Try `export CPPFLAGS="-Wl,-rpath=/PREFIX/openssl:/usr/lib -I/PREFIX/include/openssl"`. – alvits Oct 11 '16 at 21:12
  • Alvits, Thank you very much for your reply. I wil try it and let you know. – CharlieSiNB Oct 11 '16 at 23:10
  • I had a typo error. It should be `CFLAGS`, not `CPPFLAGS`. – alvits Oct 11 '16 at 23:50
  • I don't know how much I aprreciate your hep here , Alvits. but can I ask one more here. It seems like that apache does not create mod_ssl.so under module directory isntead it create mod_ssl.c evidenced by "httpd -l". but I like to have mod_ssl.so under modules direcotry. can I do it? – CharlieSiNB Oct 12 '16 at 00:15
  • I think you need to change `--enable-ssl=ssl` to `--enable-ssl=shared`. – alvits Oct 12 '16 at 00:21
  • Thank for your help, alvits. I had to recompile openssl because it was not compiled with shared option. and I recompile apache again as shown in additional information above under separation line. – CharlieSiNB Oct 12 '16 at 01:25
  • As I added some lines the above original question, it seems like mod_ssl.so is not linked to opensssl, does it? or not.. I don't know.. I am so grateful for your help.. I feel so helpless here. – CharlieSiNB Oct 12 '16 at 01:27
  • It is linked. But your runtime path is pointing to a wrong directory that's why it can't find them. Adjust `-Wl,-rpath` accordingly where libssl.so and libcrypto.so are. I would suggest creating a `/etc/ld.so.conf.d/*.conf` file for your new lib location, but it might conflict with your existing libcrypto and libssl. So adjusting `-Wl,-rpath` should do it. – alvits Oct 12 '16 at 01:28
  • From your updated post it seems your libraries are located in `/PREFIX/openssl/lib`. Use `export CFLAGS="-Wl,-rpath=/PREFIX/openssl/lib:/usr/lib -I/PREFIX/openssl/include/openssl"`. – alvits Oct 12 '16 at 01:32
  • Alvits, I don't know how to express my gratitude for you. yes. you're right. but I changed also my LD_LIBRARY_PATH=/PREFIX/openssl/lib. It worked .!!!!!!!!!!!!!!!!!! thank you so much!!!!!!!! – CharlieSiNB Oct 12 '16 at 01:53

2 Answers2

3

Due to Alvits's help, I could write this answer in stackoverflow for the first time.

!! Kudos to Alvits !!

My original task was that I need to install different version of openssl in local direcotry which is different from system openssl. But I like to make mod_ssl which is linked to newer openssl.

First, I installed openssl with shared option, which I originally forgot about it and mod_ssl was not created. so be careful not forgetting it. 

cd openssl_source_direcotry
./config -fPIC shared --prefix=/PREFIX/openssl --openssldir=/PREFIX/openssl
make 
make test
make install

Next step, I added some environment variables. PREFIX is my local directory. When you install please use different name instead of PREFIX. 

export LIBS=-ldl
export LD_LIBRARY_PATH="/PREFIX/openssl/lib"
export LDFLAGS="-L/PREFIX/openssl"
export CPPFLAGS="-I/PREFIX/openssl/include/openssl" 
export CFLAGS="-Wl,-rpath=/PREFIX/openssl/lib:/usr/lib -I/PREFIX/openssl/include/openssl"

Next step is to recompile apache server. I assumed that apache server is already installed on your server. 

./configure --prefix=/PREFIX/apache22 --with-apr=/PREFIX/apache22/bin --with-apr-util=/PREFIX/apache22/bin --enable-so --enable-ssl=shared -with-ssl=/PREFIX/openssl --enable-module=shared CC=/usr/bin/gcc
make install

Next, go to apache22/modules to confirm whether mod_ssl.so is correctly linked. 

ldd mod_ssl.so 

        linux-vdso.so.1 =>  (0x00007fff823ff000)
        libssl.so.1.0.0 => /PREFIX/openssl/lib/libssl.so.1.0.0 (0x00007fb3b32d4000)
        libcrypto.so.1.0.0 => /PREFIX/openssl/lib/libcrypto.so.1.0.0 (0x00007fb3b2e8c000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fb3b2c3e000)
        libc.so.6 => /lib64/libc.so.6 (0x00007fb3b28c7000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007fb3b26c2000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fb3b377d000)

One more tiem, I really appreciate Alvits for his help. without his help, I couldn't make this far.

CharlieSiNB
  • 90
  • 1
  • 1
  • 10
  • I am trying to recompile the apache with the latest openssl and am stuck at second step, my apache2 is located at `/etc/apache2` but it doesnt have a `bin` dir, I ran `sudo find / -name apache2 -type d ` command and verified the results of the command and none the `find` results have `apache2/bin` dir, can you please let me where can I find the actual location of `apache2/bin`? – OTUser Feb 15 '18 at 17:07
  • saved lot of my time, thank you – Bikramjit Singh Feb 11 '23 at 16:01
1

This is really helpful, before recompiling apache, make sure to clean apache as 'make clean'

The process for recompiling apache as make clean, configure, make install.

Boggavarapu Rajesh
  • 11
  • 1
  • This solved the problem for me, I upgraded `openssl` but somehow httpd was still using old openssl. I was missing make clean in while recompiling apache, once did `make clean`, httpd started using upgraded openssl version. – Chaman Bharti May 24 '22 at 18:26