Freebsd – Apache recompile does not find new OpenSSL

apache-2.2freebsdopenssl

I'm trying to upgrade both Apache and OpenSSL at the same time. I've gotten Apache compiled with all the modules I need, and it pops up and runs, but still shows an old version of OpenSSL.

Here is my config command:

./configure --prefix=/usr/local/apache2.2.24/ --with-ssl=/usr/local/openssl-1.0.1e/ --enable-mods-shared="all [sic] ssl rewrite"

The OpenSSL in that directory is correct:

$ /usr/local/openssl-1.0.1e/bin/openssl version
OpenSSL 1.0.1e 11 Feb 2013

Yet, when I query the server I still get an old version of OpenSSL in the header:

$ curl -I http://www.mydomain.com/
HTTP/1.1 200 OK
Date: Thu, 09 May 2013 14:51:59 GMT
Server: Apache/2.2.24 (Unix) DAV/2 mod_ssl/2.2.24 OpenSSL/1.0.0g

I've recompiled a few hundred times over the last few days, and cannot figure out what I'm missing. Each of the directories has been deleted and made from scratch (including the source directories I'm compiling in).

The system is an older version of FreeBSD with a broken ports install, so I cannot use ports for the compile.

Best Answer

First, FIX YOUR PORTS - rm -rf /usr/ports if that's what it takes. This will not harm installed software. Use portsnap for an easy way to grab a new copy of the ports tree. Advanced users can use svn.

Second, DO NOT compile Apache from downloaded source. You're begging for trouble, and should NOT be surprised that you've found it. Use the ports tree. Even if you want to use a different version of software from the Ports tree, learn how to modify your local tree for the version you want.

Run ldd against the mod_ssl.so file, since you're compiling downloaded source the installation direction is probably non-standard (meaning future admins of your system will be unable to find the directory easily).

See what libssl.so it's using, and where it'll be loaded from. Make sure you have the latest OpenSSL libraries in that location.

When you build Apache from ports it should always build against the ports installed version of OpenSSL (libssl.so in /usr/local/lib). Since that's not the case it's anyone's guess as to what it's loading.

Related Topic