Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 47576 invoked from network); 2 Oct 2009 14:14:38 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 2 Oct 2009 14:14:38 -0000 Received: (qmail 99740 invoked by uid 500); 2 Oct 2009 14:14:34 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 99715 invoked by uid 500); 2 Oct 2009 14:14:34 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 99706 invoked by uid 99); 2 Oct 2009 14:14:34 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Oct 2009 14:14:34 +0000 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [209.85.221.132] (HELO mail-qy0-f132.google.com) (209.85.221.132) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Oct 2009 14:14:23 +0000 Received: by qyk38 with SMTP id 38so68010qyk.16 for ; Fri, 02 Oct 2009 07:14:02 -0700 (PDT) MIME-Version: 1.0 Received: by 10.229.119.69 with SMTP id y5mr2830070qcq.100.1254492841676; Fri, 02 Oct 2009 07:14:01 -0700 (PDT) In-Reply-To: <1254472333.54871.14.camel@strangepork.london.mintel.ad> References: <1254472333.54871.14.camel@strangepork.london.mintel.ad> Date: Fri, 2 Oct 2009 09:14:01 -0500 Message-ID: From: Rodney Beede To: users@httpd.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Apache 2.2.13, OpenSSL 0.9.8k, Linux, [error] Unable to initialize TLS servername On Fri, Oct 2, 2009 at 3:32 AM, Tom Evans wrote: > On Thu, 2009-10-01 at 13:24 -0500, Rodney Beede wrote: >> So I have a 64-bit Linux system (Oracle Unbreakable 5.4) where I am >> trying to compile Apache 2.2.13 with Openssl 0.9.8k with mod_ssl as a >> shared module. >> I setup my Openssl as follows: >> ./config --prefix=3D/software/openssl shared enable-tlsext >> make >> make test >> make install >> All went well there. >> Then I built Apache with the following: >> export PATH=3D/software/openssl/bin:$PATH >> export LD_LIBRARY_PATH=3D/software/openssl/lib >> openssl version >> =A0 =A0 =A0Gives 0.9.8k version as expected >> ./configure --prefix=3D/software/apache2 --with-included-apr >> --disable-autoindex --disable-imagemap --disable-include >> --disable-negotiation --disable-userdir --with-port=3D8080 >> --with-ssl=3D/software/openssl --with-ldap >> --enable-mods-shared=3D"auth_digest ldap authnz_ldap authn_file >> authz_user rewrite ssl deflate proxy proxy_ajp proxy_balancer" >> make >> make install >> All goes well. >> >> I then uncomment httpd-ssl.conf from httpd.conf and add a server.crt >> and server.key to conf/ >> I then run /software/apache2/bin/httpd >> The logs/errors file gives the following error message: >> =A0[error] Unable to initialize TLS servername extension callback >> (incompatible OpenSSL version?) > > This is probably because you built apache against one version of OpenSSL > and your dynamic loader is finding a different version. > > You're building it against OpenSSL installed in /software/openssl/. > Is /software/openssl/lib in your ld path when you come to run it? What > does ldd say about the shared module and the apache binary? I set my PATH to the /software/openssl/bin folder and LD_LIBRARY_PATH to /software/openssl/lib before compiling Apache httpd. ldd concurs that /software/openssl is being used for both the module and binary. Is there something else I missed? I'd consider stripping out the vendor packaged and installed older version of openssl, but that would break pretty much everything else in the distro. The vendor is slow on providing patches which leaves security vulnerabilities. Perhaps I'd be better switching to another distro. > >> >> >> In the end I got it to work by recompiling Apache with mod_ssl static >> instead of shared =A0(./configure --enable-ssl and no "ssl" in the >> enable-mods-shared list). >> >> My question is has anyone managed to get Apache 2.2.13 with Openssl >> 0.9.8k to work with mod_ssl as a shared module? >> This thread seems to be the only one that really relates to the error >> I'm seeing. =A0The suggestion of changing the Apache ssl cert directives >> didn't work for me though. >> http://groups.google.com/group/lucky.freebsd.ports/browse_thread/thread/= 8678679422363783 >> >> I suppose I could try openssl 1.0.0 beta 3 next. =A0Anyone had success w= ith that? > > Until you have apache finding the version of openssl that you built it > against at runtime, you could keep trying different versions of openssl > and it will have the same effect. > > Cheers > > Tom > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project= . > See for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > =A0 " =A0 from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org