1

So we have to use TLS1.1 on the webpage but are at the moment running OpenSSL0.9.8za. So have to upgrade OpenSSL to at least 1.0.2.

Operating system MacOS 10.12.6 Sierra.
Apache version 2.2.34

I installed OpenSSL using the quick way in the install file: ./config -> make -> make test -> make install and it installed with no problems I could see.

However when I try to build a new mod_ssl.so with:

sudo /usr/local/apache2/bin/apxs -c -D HAVE_OPENSSL=1 -i -I /usr/local/ssl/include/openssl mod_ssl.c

Got many errors without the -D HAVE_OPENSSL=1 but with it I get 2 warnings:

mod_ssl.c:275:5: warning: 'ERR_remove_state' is deprecated

mod_ssl.c:302:5: warning: implicit declaration of function 'CRYPTO_malloc_init' is invalid in C99 [-Wimplicit-function-declaration]

but it creates a mod_ssl.so in /usr/local/apache2/modules/mod_ssl.so where it's supposed to be. But when I start the server I get the following error message:

httpd: Syntax error on line 97 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/mod_ssl.so into server: dlopen(/usr/local/apache2/modules/mod_ssl.so, 10): Symbol not found: _ssl_cmd_SSLCACertificateFile\n Referenced from: /usr/local/apache2/modules/mod_ssl.so\n Expected in: flat namespace\n in /usr/local/apache2/modules/mod_ssl.so

Line 97 is the load command:

LoadModule ssl_module modules/mod_ssl.so

The old mod_ssl.so is 335K in size, the one built now is 26K in size. I don't know if that means anything.

I've tried to build the mod_ssl.so with the includes directly from the downloaded OpenSSL folder with the same result.

I've looked around the web for 2 days now but I can't find any solution. Any ideas what I've done wrong?

--- Edit ---

I've tried:

sudo /usr/local/apache2/bin/apxs -c -D HAVE_OPENSSL=1 -i -I /usr/local/ssl/include/ -L /usr/local/ssl/lib -Wl,-rpath=/usr/local/ssl/lib mod_ssl.c

Is this how path should look like? This compiles without any warnings and creates a mod_ssl.so file that's 26k big but can't be run. Trying to start the server gives the same error message as above.

I've also tried to compile the Apache server to see if the server can compile it itself using:

./configure --enable-mods-shared="all" --enable-so --enable-ssl --with-ssl=/usr/local/ssl

however this gives error:

configure: error: ... Error, SSL/TLS libraries were missing or unusable

And linking straight to /usr/local/ssl/lib folder:

./configure --enable-mods-shared="all" --enable-so --enable-ssl --with-ssl=/usr/local/ssl/lib

However this gives 10 warnings and an error before it fails on the make step of the installation.

First warning:

ssl_engine_init.c:374:13: warning: implicit declaration of function 'SSLv2_client_method' is
  invalid in C99 [-Wimplicit-function-declaration]

Final error:

ssl_engine_init.c:992:42: error: incomplete definition of type 'struct dh_st' BN_num_bits(dhparams->p), vhost_id,
Community
  • 1
  • 1
D.Gaters
  • 11
  • 1
  • 4
  • 3
    Did you follow instructions like mentioned here: https://httpd.apache.org/docs/2.4/programs/apxs.html ? –  Jan 24 '18 at 18:28
  • Use `-I /usr/local/ssl/include/`, not `-I /usr/local/ssl/include/openssl`. You are also missing `-L` to tell the linker where the new libraries are; and you are missing RPATHs or new-dtags to ensure the new libraries are used at runtime. – jww Jan 24 '18 at 22:56
  • @jww Thank you. I tried building it with: "sudo /usr/local/apache2/bin/apxs -c -D HAVE_OPENSSL=1 -i -I /usr/local/ssl/include/ -L /usr/local/ssl/lib -Wl,-rpath=/usr/local/ssl/lib mod_ssl.c" Is that how RPATH should look like? How would I use new-dtags? – D.Gaters Jan 25 '18 at 16:03

1 Answers1

1

I ran into a similar situation when building mod_ssl (on Ubuntu, but the principle should be the same). I found that I could get a proper-sized and working mod_ssl.so file if I told apxs to process all of the C source files in that directory, along the lines of:

apxs2 -c *.c
sudo apxs2 -i mod_ssl.la

(So only the mod_ssl.la file needed to be mentioned when installing, but all source files had to be included when compiling.)

dshep
  • 31
  • 2