how to upgrade openssl for apache 2.2.29 - still using old 0.9.8 version
I am running a 10.04LTE server where I do want to upgrade openssl for apache.
Therefore I downloaded openssl 1.0.2c and apache 2.2.29 and compiled both. The server is starting, but is using the old ssl version:
curl --head http://localhost
HTTP/1.1 200 OK
Date: Mon, 22 Jun 2015 06:00:06 GMT
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8k
Last-Modified: Sun, 18 Mar 2012 19:56:07 GMT
However, Openssl is installed in new version:
/usr/local/ssl/bin/openssl version
OpenSSL 1.0.2c 12 Jun 2015
While the original version stayes in place:
openssl version
OpenSSL 0.9.8k 25 Mar 2009
I compiled apache with:
./configure --with-included-apr --prefix=/usr/local/apache2 --enable-so
--enable-rewrite --with-ssl=/usr/local/ssl --enable-ssl=shared
--enable-deflate --enable-expires --enable-headers
Apache did not start before I included:
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
According to the mod ssl website this is only available for apache 1.x
Not sure what is going wrong here. Thank you for any help!
The problem is that your Apache installation is unable to link the shared libraries of your new OpenSSL installation. Run the command ldd /usr/local/apache/modules/mod_ssl.so
(with the apporpriate path to your mod_ssl.so). You'll see that mod_ssl.so is not linking to the libraries in /usr/local/ssl/lib
You have a couple options to fix the problem:
Option #1 - Link in the libraries:
Open /etc/ld.so.conf.d/local.conf
for editing and add the following line: /usr/local/openssl/lib
Re-compile Apache (remember to make clean
) and it should work.
If that doesn't work. You could also try specifying LDFLAGS
directly with your configure
command:
LDFLAGS=-L/usr/local/ssl/lib \ ./configure --with-included-apr --prefix=/usr/local/apache2 --enable-so
--enable-rewrite --with-ssl=/usr/local/ssl --enable-ssl=shared
--enable-deflate --enable-expires --enable-headers
Option #2 - Upgrade the system OpenSSL:
Re-install OpenSSL with the config line ./config --prefix=/usr --openssldir=/usr/local/openssl shared
When the prefix is not specified in your config line, the OpenSSL installer will default to /usr/local/ssl
.
Quick install instructions:
cd /usr/local/src
wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
tar -zxf openssl-1.0.2*
cd openssl-1.0.2*
./config --prefix=/usr --openssldir=/usr/local/openssl shared
make
make test
make install