httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: AW: [users@httpd] Self-compiled httpd and OpenSSL: Trying to start httpd without using LD_LIBRARY_PATH
Date Thu, 07 Apr 2016 20:17:11 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel,

On 4/7/16 2:52 PM, Poggenpohl, Daniel wrote:
> my setup is: I have a Moodle installation I need to run. So I need
> Apache, PHP, OpenSSL, iconv, mbstring, curl, zip, etc. . The plan
> is to have a relatively new PHP (5.6.20) and stay "new" with Apache
> and OpenSSL.
> 
> [snip]
> 
> This all didn't happen when I compiled OpenSSL 1.0.2g with SSLv2 
> support, by the way (we deactivated SSLv2 in our Apache anyway,
> and SSLLabs says we're in the clear regarding to Drown). With SSLv2
> support, PHP's configure finished without a real warning. And I
> could build it as well. So I frowned and accepted SSLv2 support for
> the moment.

Okay, so:

1. Things just don't seem to work if you compile without SSLv2
2. You don't actually need it, so it's disabled everywhere

That's fine. It would be good to find out *why* SSLv2 support is
required for everything to build/run properly, but it's not an
anormous concern just to have it in the binary.

> By the way, you didn't quote my CPPFLAGS and LDFLAGS that I set. 
> Using LDFLAGS, or rather -R I understand that I can set the
> runtime search path when linking the library. When I "ldd -s
> httpd", no SSL library is necessary there. And "ldd -s
> modules/mod_ssl.so" tells me it finds the locally installed 1.0.2g
> version. So I still don't understand why I need to set
> LD_LIBRARY_PATH when the linker finds what I want.

Hmm. I'm not familiar enough with the httpd build process to know what
the exact implications of using -R are.

> Yes, I want to avoid using LD_LIBRARY_PATH, because I read about 
> methods (like using -R) that could tell libraries where they
> should look first and LD_LIBRARY_PATH seems to be a kind of last
> resort.

If -R is supposed to work, then by all means use -R. Just be aware
that if you need to upgrade OpenSSL, you either need to use a
version-independent installation path (e.g. /usr/local/openssl/current
- -- I'd recommend a symlink for this purpose), or you'll need to
recompile httpd (mod_ssl, really).

Someone else will have to comment on why -R might not be having the
intended effect.

> Notes: - Yes, OpenSSL is compiled as a shared library. - Ideally, I
> would use /latest links combined with -R to avoid recompiling.

:)

> - Do I understand the following right? -I tells the compiler where
> to look for headers during compile time. -L tells the compiler
> where to find libraries to use in linking during the build. -R
> tells the Linker where to search for libraries during runtime.

Precisely.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlcGwEcACgkQ9CaO5/Lv0PBSVwCgwaYwPlK5IjWi9l+5Qo5hk4XE
1w8AoI2JmTc9VdnK/kkwoaU/cVVRtkrA
=phx0
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message