On Thu, 2009-10-01 at 13:24 -0500, Rodney Beede wrote: > So I have a 64-bit Linux system (Oracle Unbreakable 5.4) where I am > trying to compile Apache 2.2.13 with Openssl 0.9.8k with mod_ssl as a > shared module. > I setup my Openssl as follows: > ./config --prefix=/software/openssl shared enable-tlsext > make > make test > make install > All went well there. > Then I built Apache with the following: > export PATH=/software/openssl/bin:$PATH > export LD_LIBRARY_PATH=/software/openssl/lib > openssl version > Gives 0.9.8k version as expected > ./configure --prefix=/software/apache2 --with-included-apr > --disable-autoindex --disable-imagemap --disable-include > --disable-negotiation --disable-userdir --with-port=8080 > --with-ssl=/software/openssl --with-ldap > --enable-mods-shared="auth_digest ldap authnz_ldap authn_file > authz_user rewrite ssl deflate proxy proxy_ajp proxy_balancer" > make > make install > All goes well. > > I then uncomment httpd-ssl.conf from httpd.conf and add a server.crt > and server.key to conf/ > I then run /software/apache2/bin/httpd > The logs/errors file gives the following error message: > [error] Unable to initialize TLS servername extension callback > (incompatible OpenSSL version?)
This is probably because you built apache against one version of OpenSSL and your dynamic loader is finding a different version. You're building it against OpenSSL installed in /software/openssl/. Is /software/openssl/lib in your ld path when you come to run it? What does ldd say about the shared module and the apache binary? > > > In the end I got it to work by recompiling Apache with mod_ssl static > instead of shared (./configure --enable-ssl and no "ssl" in the > enable-mods-shared list). > > My question is has anyone managed to get Apache 2.2.13 with Openssl > 0.9.8k to work with mod_ssl as a shared module? > This thread seems to be the only one that really relates to the error > I'm seeing. The suggestion of changing the Apache ssl cert directives > didn't work for me though. > http://groups.google.com/group/lucky.freebsd.ports/browse_thread/thread/8678679422363783 > > I suppose I could try openssl 1.0.0 beta 3 next. Anyone had success with > that? Until you have apache finding the version of openssl that you built it against at runtime, you could keep trying different versions of openssl and it will have the same effect. Cheers Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
