The Doctor wrote:
On Wed, May 30, 2012 at 08:45:46AM -0400, bhorow...@vai.net wrote:
Quick question for the group? I am running Apache 2.2.22 with OpenSSL
1.0.1c installed. This machine formerly had 1.0.0d and I am noticing that
the apache logs are stating that OpenSSL is still at the earlier version.
However when I do an openSSL version command it responds saying I am at
the later release. How do I gracefully correct this situation (Linux Suse
Enterprise server 11)? I thought that if I go through the Apache install
again and point to the OpenSSL version that is installed that this problem
would be solved but I was wrong. Any help would be appreciated.
Commands used to install openSSL
./config --prefix=/usr/local/lib/openssl
make
make test
make install
Commands to install apache
./configure --enable-proxy --enable-so --enable-ssl
--with-ssl=/usr/local/lib/openssl (<-----location of openssl 1.0.1c)
make
make install
Did you recompile your apache with the new openssl?
Hi Bernard,
Perhaps the Doctor is suggesting you may need to to do a make of apache
in a totally clean directory. If you have built apache before you
installed the new OpenSSL in that directory, then running make in it
again will not rebuild and relink your code. So you may need to unpack a
totally new apache directory which is possibly safer than using 'make
clean'. I say this because if you ran 'configure' in that directory
previously it will have done things like create your Makefiles which
will probably set the library paths.
Three other things to try:
1. Assuming you are using dynamic libraries, then run strace to see
where apache is getting its SSL libraries. You may need to change your
library path in the apache startup script.
2. This is probably related to 1, investigate how SELinux sets the user
environment, check to see what your system is doing and how this affects
library searches for dynamic libraries.
3. If apache uses static libraries (unlikely) and you have built from a
clean directory, I suggest you look to see if the old libraries still
exist on your system, you may find the build is finding them before your
new libraries. You will find this from the "make" output. If this is the
case you need to modify your library path for the build, or move (or
remove) the other version of OpenSSL before the build. Be careful of the
latter case, other code on your system will almost certainly be using
the other libraries so removing or even moving them may not be a good idea.
Good Luck,
Jeremy
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org