httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gabriel Farrell <giggzy...@gmail.com>
Subject [users@httpd] My Apache build using an older OpenSSL version
Date Sun, 21 Mar 2010 17:16:13 GMT
Hello,

I want to allow multiple ssl certificates to served from the same IP
address. The SNI feature which exposes hostname early in a ssl http
request will allow NameBased virtual hosts even when using ssl.

I've successfully built the newest stable openssl ( 0.9.8m ) from
source and then built apache (2.2.15)  on a test machine, and the SNI
feature works perfectly. Both hosts have an OS of CentOS release 5.2
and are similarly configured.

However,I'm having a problem; apache continues to point to an older
version of ssl, 0.9.8b ( not the 0.9.8m I've just built) , according
to output at startup. This is on the host I actually need to make this
change ( third party has been given its IP ).
**************************************
[Thu Mar 18 18:10:27 2010] [notice] SIGHUP received.  Attempting to restart
[Thu Mar 18 18:10:28 2010][notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15
OpenSSL/0.9.8b configured -- resuming normal operation;
********************************************

Below are the steps I use for building, no problems encountered
while building, the "--with-ssl=/usr/local/openssl/" is pointing
apache to the openssl I want it to use. This directory has the freshly
built openssl in it.
********************************************
cd openssl-0.9.8m
./config enable-tls-ext --openssldir=/usr/local/openssl
make install
cd ..
tar xvf httpd-2.2.15.tar
cd httpd-2.2.15
./configure --prefix=/usr/local/apache2
--with-ssl=/usr/local/openssl/ --enable-so --enable-deflate
--enable-proxy --enable-proxy-connect --enable-proxy-http
--enable-proxy-ajp --enable-proxy-balancer --enable-ssl
--enable-unique-id --enable-usertrack --enable-vhost-alias
--with-mpm=prefork --enable-static-ab --enable-rewrite
make install

*******************************
I start apache using /usr/local/apache2/bin/apachectl start, and I get
the output indicating it is using an older openssl.

Can you help me out, I'm stumped

Thank you,
Gabriel Farrell.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message