2

Since yesterday, I've applied OpenSSL-1.0.2h to my Nginx server, which I both recompiled from source. For the OpenSSL part, I've followed this guide: https://syslint.com/blog/tutorial/how-to-upgrade-openssl-on-centos-7-or-rhel-7/. It was relatively easy compiling Nginx afterwards with:

./configure --prefix=/etc/nginx ... --with-openssl=/usr/local/src/openssl-1.0.2h

Background information

$ openssl version
OpenSSL 1.0.2h  3 May 2016

$ which openssl
/usr/bin/openssl

$ ls /usr/bin/openssl
/usr/bin/openssl -> /usr/local/ssl/bin/openssl

$ find / -name "openssl"
...
/usr/include/openssl
/usr/local/src/openssl-1.0.2h/apps/openssl
/usr/local/src/openssl-1.0.2h/include/openssl
/usr/local/src/openssl-1.0.2h/.openssl/include/openssl
/usr/local/src/openssl-1.0.2h/.openssl/bin/openssl
/usr/local/ssl/include/openssl
/usr/local/ssl/bin/openssl
...

$ nginx -V
nginx version: nginx/1.11.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC)
built with OpenSSL 1.0.2h  3 May 2016

$ ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013

$ php -i
...
OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL Header Version => OpenSSL 1.0.1e-fips 11 Feb 2013
Native OpenSSL support => enabled
...

Unfortunately, Googling' around and searching the PHP docs (http://php.net/manual/en/openssl.installation.php) didn't help for me. I thought about recompiling PHP with the newest OpenSSL by supplying:

./configure -disable-shared ... --with-openssl=/usr/local/src/openssl-1.0.2h

however this tells me:

configure: error: Cannot find OpenSSL's libraries

Any help is appreciated!

Rowan Kaag
  • 21
  • 3

1 Answers1

0

I think you should install openssl-devel(yum install openssl-devel). Then you could recompile PHP with latest OpenSSL.

Alexander Tolkachev
  • 4,608
  • 3
  • 14
  • 23