how to upgrade openssl for apache 2.2.29 – still using old 0.9.8 version

I am running a 10.04LTE server where I do want to upgrade openssl for apache.

Therefore I downloaded openssl 1.0.2c and apache 2.2.29 and compiled both. The server is starting, but is using the old ssl version:

curl --head http://localhost
HTTP/1.1 200 OK
Date: Mon, 22 Jun 2015 06:00:06 GMT
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8k
Last-Modified: Sun, 18 Mar 2012 19:56:07 GMT

However, Openssl is installed in new version:

/usr/local/ssl/bin/openssl version
OpenSSL 1.0.2c 12 Jun 2015

While the original version stayes in place:

openssl version
OpenSSL 0.9.8k 25 Mar 2009

I compiled apache with:

./configure --with-included-apr --prefix=/usr/local/apache2 --enable-so     
--enable-rewrite --with-ssl=/usr/local/ssl --enable-ssl=shared
--enable-deflate --enable-expires --enable-headers 

Apache did not start before I included:

LoadModule ssl_module /usr/lib/apache2/modules/

According to the mod ssl website this is only available for apache 1.x

Not sure what is going wrong here. Thank you for any help!

1 Answer

The problem is that your Apache installation is unable to link the shared libraries of your new OpenSSL installation. Run the command ldd /usr/local/apache/modules/ (with the apporpriate path to your You’ll see that is not linking to the libraries in /usr/local/ssl/lib

You have a couple options to fix the problem:

Option #1 – Link in the libraries:

Open /etc/ for editing and add the following line: /usr/local/openssl/lib

Re-compile Apache (remember to make clean) and it should work.

If that doesn’t work. You could also try specifying LDFLAGS directly with your configure command:

LDFLAGS=-L/usr/local/ssl/lib \ ./configure --with-included-apr --prefix=/usr/local/apache2 --enable-so     
--enable-rewrite --with-ssl=/usr/local/ssl --enable-ssl=shared
--enable-deflate --enable-expires --enable-headers

Option #2 – Upgrade the system OpenSSL:

Re-install OpenSSL with the config line ./config --prefix=/usr --openssldir=/usr/local/openssl shared

When the prefix is not specified in your config line, the OpenSSL installer will default to /usr/local/ssl.

Quick install instructions:

cd /usr/local/src
tar -zxf openssl-1.0.2*
cd openssl-1.0.2*
./config --prefix=/usr --openssldir=/usr/local/openssl shared
make test
make install


답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다