httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Poggenpohl, Daniel" <daniel.poggenp...@fernuni-hagen.de>
Subject AW: [users@httpd] Self-compiled httpd and OpenSSL: Trying to start httpd without using LD_LIBRARY_PATH
Date Thu, 07 Apr 2016 18:52:32 GMT
Hi,

my setup is: I have a Moodle installation I need to run. So I need Apache, PHP, OpenSSL, iconv,
mbstring, curl, zip, etc. . The plan is to have a relatively new PHP (5.6.20) and stay "new"
with Apache and OpenSSL.
Solaris 11.3 seems to come with Apache 2.4.16, PHP 5.3.29, OpenSSL 1.0.1q, curl 7.35.0, OpenLDAP
2.4.30, and others using the official package repository, so I don't really want to use the
official packages for Apache, PHP and OpenSSL.
I tried using another package repository (OpenCSW), which seems to provide Apache 2.4.18,
PHP 5.6.20, curl 7.48.0, OpenSSL 1.0.1s runtime libraries, OpenLDAP 2.4.40, etc. .The problem
there is that officially, the packages have these release numbers, but when I install PHP
via pkgutil, I get 5.3.XX ínstead.
So I decided to compile from source.

I compiled OpenSSL 1.0.2g from source without SSLv2 support (without enable-ssl2), because
I don't really want to have SSLv2 support if I don't need it.
Compiling Apache with the setup below posed no problem other than httpd not finding 1.0.2g
without LD_LIBRARY_PATH.
But the problems began when I compiled PHP 5.6.20 from source (I will send my configure call
when I'm back at work tomorrow).
Basically, the configure checks curl, uses the system curl which tries to use one of the functions
in OpenSSL 1.0.2g which are gone. So I had to compile curl 7.48.0.
The next problem was the jpeg extension which I solved by setting some -I and -L options and
the PKG_CONFIG_PATH  (pointing to the openssl and curl dirs) . It seems to have used the system
curl as well.
Then I had to compile iconv because of unrelated reasons.
Then the zip extension wouldn't work so I had to compile libzip.
And so on and so on.

This all didn't happen when I compiled OpenSSL 1.0.2g with SSLv2 support, by the way (we deactivated
SSLv2 in our Apache anyway, and SSLLabs says we're in the clear regarding to Drown). With
SSLv2 support, PHP's configure finished without a real warning. And I could build it as well.
So I frowned and accepted SSLv2 support for the moment.

By the way, you didn't quote my CPPFLAGS and LDFLAGS that I set. Using LDFLAGS, or rather
-R I understand that I can set the runtime search path when linking the library. When I "ldd
-s httpd", no SSL library is necessary there. And "ldd -s modules/mod_ssl.so" tells me it
finds the locally installed 1.0.2g version. So I still don't understand why I need to set
LD_LIBRARY_PATH when the linker finds what I want.

Yes, I want to avoid using LD_LIBRARY_PATH, because I read about methods (like using -R) that
could tell libraries where they should look first and LD_LIBRARY_PATH seems to be a kind of
last resort.

Notes:
- Yes, OpenSSL is compiled as a shared library.
- Ideally, I would use /latest links combined with -R to avoid recompiling.
- Do I understand the following right? -I tells the compiler where to look for headers during
compile time. -L tells the compiler where to find libraries to use in linking during the build.
-R tells the Linker where to search for libraries during runtime.

Regards,
Daniel Poggenpohl
________________________________________
Von: Christopher Schultz [chris@christopherschultz.net]
Gesendet: Donnerstag, 7. April 2016 20:03
An: users@httpd.apache.org
Betreff: Re: [users@httpd] Self-compiled httpd and OpenSSL: Trying to start httpd without
using LD_LIBRARY_PATH

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel,

On 4/7/16 11:21 AM, Poggenpohl, Daniel wrote:
> I'm working with Solaris 11.3 32Bit.
>
> I've compiled and installed OpenSSL 1.0.2g with SSLv2 support
> (yeah, I know, but I can't get my setup to work without it) using:

You need to fix that ... right now. When you say "my setup won't work
without it", what do you mean?

Please tell me you accidentally typed "SSLv2" instead of "SSLv3", and
meant "SSLv3".

> My system has OpenSSL 1.0.1q pre-installed.

Okay.

> I've compiled Apache HTTPD 2.4.18 with the following options: cd
> /basedir/installers/httpd-2.4.18 OPENSSLDIR=/basedir/openssl/1.0.2g
> \ PKG_CONFIG_PATH=$OPENSSLDIR/lib/pkgconfig:$PKG_CONFIG_PATH \ ; \
> ./configure --prefix=/basedir/apache2/2.4.18 \ --enable-rewrite
> --enable-so --enable-dav --enable-deflate \ --enable-authnz-ldap
> --enable-ldap --with-ldap \ --enable-ssl --with-ssl=$OPENSSLDIR \

Okay.

> When I export LD_LIBRARY_PATH in envvars using the OPENSSLDIR/lib,
> apache via PHPInfo finds 1.0.2g. When I don't use LD_LIBRARY_PATH,
> the system 1.0.1q is used.
>
> Can I do something about this? Or is this effect because of PHP?

That's totally expected. When you compiled httpd, the
- --with-ssl=$OPENSSLDIR really only chose the library header files to
use for the compilation. Since OpenSSL is (likely) compiled as a
shared-library, the linking is actually done at runtime instead of
compile-time.

LD_LIBRARY_PATH is how dynamic linking actually locates the libraries
that will be used at runtime. Your httpd build information is not
retained, and you need to set up the environment to get what you want.

Is there a particular problem with setting LD_LIBRARY_PATH, or did you
just want to know if you could avoid it?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlcGoN0ACgkQ9CaO5/Lv0PBWUACcCTt4QOC9+nuxGqRUi1m5vI76
AC4An1vY4posMmjV5ODqG58xYNZi4DYL
=s0+x
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message