Can't get Apache 2.2.21 to compile with OpenSSL support
Solution 1
When you compiled Apache you should have "--enable-so". I think you must have because the so module is trying to load.
Also after compiling openssl ensure the system can find the shared library with "/sbin/ldconfig -v /usr/local/openssl/lib"
and I also like to edit /etc/ld.so.conf.d/local.conf to add a line for /usr/local/openssl/lib
Solution 2
I recall that openssl doesn't make shared libraries by default. I do this:
./Configure --prefix=/usr/local/openssl linux-elf shared
Then you still have to do ldconfig as above. And tell apache where to find ssl libs.
Solution 3
Had the same problem few minutes again, so I add:
LDFLAGS=-L/usr/local/ssl/lib
and the parameter for ./configure (Apache) modified from:
--with-ssl=/usr/local/ssl
to
--with-ssl=/usr/local/ssl/lib
and no its ok.
Related videos on Youtube
angstwad
Updated on September 18, 2022Comments
-
angstwad almost 2 years
Alright -- having a bad couple days here compiling Apache 2.2.21 on CentOS 5.7 with the following configure commands:
./configure --enable-ssl=shared --with-ssl=/usr/local/openssl
I've compiled from source OpenSSL 1.0.0e from source:
./config --prefix=/usr/local --openssldir=/usr/local/openssl shared zlib-dynamic
I attempt to start Apache and it returns:
httpd: Syntax error on line 54 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/mod_ssl.so into server: /usr/local/apache2/modules/mod_ssl.so: undefined symbol: SSL_get_servername
If I look at how the libraries are linked, this is what I get:
[root@web1 modules]# ldd mod_ssl.so libssl.so.6 => /lib64/libssl.so.6 (0x00002aaaaace4000) libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002aaaaaf30000) libdl.so.2 => /lib64/libdl.so.2 (0x00002aaaab281000) libz.so.1 => /lib64/libz.so.1 (0x00002aaaab486000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00002aaaab69a000) libc.so.6 => /lib64/libc.so.6 (0x00002aaaab8b5000) libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00002aaaabc0e000) libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002aaaabe3c000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002aaaac0d1000) libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002aaaac2d4000) /lib64/ld-linux-x86-64.so.2 (0x0000555555554000) libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00002aaaac4f9000) libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002aaaac702000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00002aaaac904000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00002aaaacb19000) libsepol.so.1 => /lib64/libsepol.so.1 (0x00002aaaacd32000)
Basically, I've tired compiling from source OpenSSL (both 0.9.8r and 1e), having yum reinstall from the repos, done a
make clean
and remade both OpenSSL and Apache numerous times -- but I can't get it to compile into the apache base or dynamically as a shared object file.What am I doing wrong here?
Update 1:
After doing a
make clean
andmake distclean
, I've reconfigured with the same parameters as above without any effect.The config.log is at Pastebin.
Update 2:
Modifying the LD_LIBRARY_PATH had no effect on the lib-deps of mod_ssl.so.
UPDATE 3:
I've compiled and recompiled many times, and verified with
ldconfig
that the OpenSSL libs dir is in my path, and included in ld.so.conf. Still cannot get httpd/mod_ssl to load the library at runtime.-
Chida almost 12 yearsIs this still an open question you are interested in? If so, I can provide detailes steps since I did this recently on my CentOS 6.3. I was enabling FIPS on OpenSSL and Apache.
-
Jay Levitt almost 12 yearsI'm not the OP, but I'm interested - please do post an answer!
-
-
angstwad over 12 yearsNo change with
make clean
andmake distclean
, but I have tried them before. config.log link is above. -
MrTuttle over 12 yearsexport LD_LIBRARY_PATH=/usr/local/openssl/lib:$LD_LIBRARY_PATH, then recheck ldd.
-
MrTuttle over 12 yearsbasically, it looks like Apache's finding the right libraries at compile-time, but not at run-time. adjusting LD_LIBRARY_PATH will give your openssl libs precedence in the search path.
-
angstwad over 12 yearsAfter modifying the LD_LIBRARY_PATH var, the results are the same.
-
angstwad over 12 yearsThat's correct. I've tried with
--enable-so
and without (and then compiling it into httpd). Either way do it, it will not load the libssl.so.* files no matter where they are when they're in the library path, and everything in between, trying builds of apache from 2.2.19-2.2.21 and openssl.0.9.8.r-1.0.0e. -
angstwad over 12 yearsIt is compiling the
mod_ssl.so
file inmodules/
. I'm still executing./configure --with-ssl=the/right/dir
, and configure sees this at configure-time. Once it compiles, and we come to runtime, it doesn't link properly to the library dictated at compile time. -
angstwad over 12 yearsCorrect, and OpenSSL has been compiled this way. Apache will not link the library to the libraries installed from compiling OpenSSL nor through yum and the CentOS repos.
-
sinping over 12 yearsYou could try removing openssl-devel from your system and then try again. If you are compiling your own version of SSL, you likely don't need that. As a last resort, you can manually tell mod_ssl.so which library to use with this: nixos.org/patchelf.html
-
angstwad over 12 yearsSELinux is disabled.
-
John over 12 yearsFresh install of ScientificLinux 5.5 without openssl-devel.<br>openssl 1.0.0e<br>./Configure --prefix=/usr/local/openssl100e linux-elf shared; make install<br>cd /usr/local; ln -s openssl100e ssl<br>/sbin/ldconfig -v /usr/local/ssl/lib<br><br>Apache 2.2.21:<br>--prefix=/usr/local/apache --enable-so --enable-ssl --with-ssl=/usr/local/ssl and others.<br>bin/apachectl -M | grep ssl says "ssl_module (shared)"<br>Copied a generic server.crt and server.key into the conf directory, uncommented conf/extra/httpd-ssl.conf<br>/usr/local/servers/bin/apachectl start worked and nmap shows 80 and 443 open.
-
Thomas K almost 10 yearsHad the same problem it was resolved when doing the "/sbin/ldconfig -v /usr/local/openssl/lib" command. Although i had to use "sudo" and i had not compiled it in "/usr/local/openssl".