Redhat – Error when building Apache 2.4.25 from source with open ssl 1.1.0c

apache-2.4httpdopensslredhat

I have built Apache 2.4.25 with OpenSSL 1.0.2 successfully.

But Because of some security holes we found in our Internal tests,
I have been asked to patch Openssl with the latest version.
So I am trying to build Apache httpd 2.4.25 with OpenSSL 1.1.0c (or) 1.1.0d

My Environments

lsb_release -a
Distributor ID: RedHatEnterpriseServer
Description:    Red Hat Enterprise Linux Server release 5.11 (Tikanga)
Release:        5.11
Codename:       Tikanga

Perl:           5.24
PCRE:           8.38
APR:            1.5.2
APR-util:       1.5.4
OpenSSL:        1.1.0c / 1.1.0d

All the above Apache dependencies have been successfully built and installed

Apache 2.4.25 – Installation steps

cd /my/softwares
tar -xvf httpd-2.4.25.tar -C /my/build/

cd /my/build/httpd-2.4.25/

./configure --prefix=/my/apache-httpd-2.4.25 \
    --with-pcre=/my/dependencies/pcre-8.38/ \
    --with-apr=/my/dependencies/apr-1.5.2 \
    --with-apr-util=/my/dependencies/apr-util-1.5.4 \
    --enable-ssl --with-ssl=/usr/local/ssl-1.1.0c \
    --enable-ssl-staticlib-deps \
    --enable-mods-static=ssl

make // see below errors
make install

I am getting the below error when building Apache from source with open ssl.
Please help me in the right directions.

ssl_engine_init.c: In function 'make_dh_params':
ssl_engine_init.c:61: error: dereferencing pointer to incomplete type
ssl_engine_init.c:62: error: dereferencing pointer to incomplete type
ssl_engine_init.c:63: error: dereferencing pointer to incomplete type
ssl_engine_init.c:63: error: dereferencing pointer to incomplete type
ssl_engine_init.c: In function 'ssl_init_ctx_protocol':
ssl_engine_init.c:519: warning: 'TLSv1_client_method' is deprecated (declared at /usr/local/ssl-1.1.0c/include/openssl/ssl.h:1598)
ssl_engine_init.c:520: warning: 'TLSv1_server_method' is deprecated (declared at /usr/local/ssl-1.1.0c/include/openssl/ssl.h:1597)
ssl_engine_init.c:525: warning: 'TLSv1_1_client_method' is deprecated (declared at /usr/local/ssl-1.1.0c/include/openssl/ssl.h:1604)
ssl_engine_init.c:526: warning: 'TLSv1_1_server_method' is deprecated (declared at /usr/local/ssl-1.1.0c/include/openssl/ssl.h:1603)
ssl_engine_init.c:530: warning: 'TLSv1_2_client_method' is deprecated (declared at /usr/local/ssl-1.1.0c/include/openssl/ssl.h:1610)
ssl_engine_init.c:531: warning: 'TLSv1_2_server_method' is deprecated (declared at /usr/local/ssl-1.1.0c/include/openssl/ssl.h:1609)
ssl_engine_init.c: In function 'ssl_init_ctx_session_cache':
ssl_engine_init.c:641: warning: passing argument 2 of 'SSL_CTX_sess_set_get_cb' from incompatible pointer type
ssl_engine_init.c: In function 'use_certificate_chain':
ssl_engine_init.c:861: warning: implicit declaration of function 'BIO_s_file_internal'
ssl_engine_init.c:861: warning: passing argument 1 of 'BIO_new' makes pointer from integer without a cast
ssl_engine_init.c: In function 'ssl_init_server_certs':
ssl_engine_init.c:1201: error: dereferencing pointer to incomplete type
make[3]: *** [ssl_engine_init.lo] Error 1
make[3]: Leaving directory `/my/build/httpd-2.4.25/modules/ssl'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/my/build/httpd-2.4.25/modules/ssl'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/my/build/httpd-2.4.25/modules'
make: *** [all-recursive] Error 1

Best Answer

As of now, with the latest version Apache HTTPD 2.4.25, the 2.4 branch is not yet compatible with Openssl 1.1.x, you will have to stick with the latest 1.0.2x if you want to stay up to date on security issues.

Related Solutions

Compiling Apache mod_ssl for different target hardware (hardware capability unsupported SSE2 error)

Here are the steps that I have done to successfully build and install the Apache httpd-2.4.10 and OpenSSL openssl-1.0.1j on Solaris 10.

Download following software
openssl-1.0.1j.tar.gz
httpd-2.4.10.tar.gz
apr-1.5.1.tar.gz
apr-util-1.5.4.tar.gz
pcre-8.36.tar.gz
Verify Make and CC
By default gcc is at /usr/sfw/bin/gcc and make is at /usr/ccs/bin/make

Include following in the PATH
usr/local/ssl/bin:/usr/sfw/bin:/usr/local/bin:/usr/ccs/bin

Include following in the LD_LIBRARY_PATH
/usr/local/lib:/usr/local/ssl/lib
Build and install openssl-1.0.1j
Unzip and un-tar openssl-1.0.1j.tar.gz to /usr/local/openssl-1.0.1j
Execute following commands in order. The shared parameter is very important so that it can be linked with httpd-2.4.10 build for SSL enabling.
```
$ cd /usr/local/openssl-1.0.1j
$ ./config shared
$ make
$ make test
$ make install
```
By default it installs openssl at /usr/local/ssl
Install pcre-8.36 Unzip and un-tar pcre-8.36.tar.gz to /usr/local/ pcre-8.36

Execute following commands in order
```
$ cd /usr/local/ pcre-8.36
$ ./configure 
$ make
$ make install
```
By default, make install installs the package's commands under /usr/local/bin, include files under /usr/local/include, etc.
Build and install httpd-2.4.10

Unzip and un-tar httpd-2.4.10.tar.gz to /usr/local/httpd-2.4.10

Unzip and un-tar apr-1.5.1.tar.gz to /usr/local/httpd-2.4.10/srclib
Rename /usr/local/apr-1.5.1 to /usr/local/apr

Unzip and un-tar apr-util-1.5.4.tar.gz to /usr/local/httpd-2.4.10/srclib
Rename /usr/local/apr-util to /usr/local/apr-util

Execute following commands in order
```
$ ./configure --prefix=/usr/local/apache2 --with-included-apr --enable-so –enable-ssl=shared --with-ssl=/usr/local/ssl
$ make
$ make install
```
It installs it at /usr/local/apache2

The installation is complete. To enable SSL and Proxy, update /usr/local/apache2/conf/httpd.conf with uncommentting following lines

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_express_module modules/mod_proxy_express.so

LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule ssl_module modules/mod_ssl.so

Include conf/extra/httpd-ssl.conf

Now you can work on httpd-ssl.conf as you usually do to complete your configuration

Ssh – How to update OpenSSL using Putty and yum command

As a worst-case scenario, you could always just compile your own version of openssl as an RPM for your system, and then rpm -ihv.

EDIT: Starting with the source file (.tar.gz), here's what you want to do:

1) Create a new directory to house the RPM hierarchy.

# mkdir -p myopenssl/BUILD myopenssl/RPMS myopenssl/SOURCES myopenssl/SPECS myopenssl/SRPMS

2) Go into the SOURCES directory, and download your source openssl.tar.gz

# cd myopenssl/SOURCES
# mv openssl.tar.gz myopenssl/SOURCES/

3) Create a spec file that provides the necessary metadata (you will need to verify all the values are correct)

--- spec ----
%define _topdir     /home/user/myopenssl
%define name            openssl
%define release     0
%define version     x.x
%define buildroot %{_topdir}/%{name}-%{version}-root

BuildRoot:  %{buildroot}
Summary:        openssl
License:        GPL
Name:           %{name}
Version:        %{version}
Release:        %{release}
Source:         %{name}-%{version}.tar.gz
Prefix:         /usr
Group:          Development/Tools

%description
Special build of openssl for centos.

%prep
%setup -q

%build
./configure
make

%install
make install prefix=$RPM_BUILD_ROOT/usr

%files
%defattr(-,root,root)
/usr/local/bin/openssl

%doc %attr(0444,root,root) /usr/local/share/man/man1/openssl.1

4) After you have a spec file, use the rpmbuild command to build your RPM

# rpmbuild -v -bb --clean myopenssl/SPECS/openssl.spec

5) Your RPM is built at this point... use the following command to look at the contents:

# rpm -Vp RPMS/i386/myopenssl.i386.rpm

6) To install it, run the following as root:

# rpm -ihv myopenssl.i386.rpm

Hope this helps!

Best Answer

Related Solutions

Compiling Apache mod_ssl for different target hardware (hardware capability unsupported SSE2 error)

Ssh – How to update OpenSSL using Putty and yum command

Related Topic