我成功地用OpenSSL 1.0.2构build了Apache 2.4.25。
但是由于我们在内部testing中发现的一些安全漏洞,我被要求为Openssl补丁最新版本。 所以我想用OpenSSL 1.1.0c(或)1.1.0d来构buildApache httpd 2.4.25
我的环境
lsb_release -a Distributor ID: RedHatEnterpriseServer Description: Red Hat Enterprise Linux Server release 5.11 (Tikanga) Release: 5.11 Codename: Tikanga Perl: 5.24 PCRE: 8.38 APR: 1.5.2 APR-util: 1.5.4 OpenSSL: 1.1.0c / 1.1.0d 以上所有的Apache依赖关系已经成功构build和安装
Apache 2.4.25 – 安装步骤
cd /my/softwares tar -xvf httpd-2.4.25.tar -C /my/build/ cd /my/build/httpd-2.4.25/ ./configure --prefix=/my/apache-httpd-2.4.25 \ --with-pcre=/my/dependencies/pcre-8.38/ \ --with-apr=/my/dependencies/apr-1.5.2 \ --with-apr-util=/my/dependencies/apr-util-1.5.4 \ --enable-ssl --with-ssl=/usr/local/ssl-1.1.0c \ --enable-ssl-staticlib-deps \ --enable-mods-static=ssl make // see below errors make install
打开ssl从源代码构buildApache时出现以下错误。 请帮助我在正确的方向。
ssl_engine_init.c: In function 'make_dh_params': ssl_engine_init.c:61: error: dereferencing pointer to incomplete type ssl_engine_init.c:62: error: dereferencing pointer to incomplete type ssl_engine_init.c:63: error: dereferencing pointer to incomplete type ssl_engine_init.c:63: error: dereferencing pointer to incomplete type ssl_engine_init.c: In function 'ssl_init_ctx_protocol': ssl_engine_init.c:519: warning: 'TLSv1_client_method' is deprecated (declared at /usr/local/ssl-1.1.0c/include/openssl/ssl.h:1598) ssl_engine_init.c:520: warning: 'TLSv1_server_method' is deprecated (declared at /usr/local/ssl-1.1.0c/include/openssl/ssl.h:1597) ssl_engine_init.c:525: warning: 'TLSv1_1_client_method' is deprecated (declared at /usr/local/ssl-1.1.0c/include/openssl/ssl.h:1604) ssl_engine_init.c:526: warning: 'TLSv1_1_server_method' is deprecated (declared at /usr/local/ssl-1.1.0c/include/openssl/ssl.h:1603) ssl_engine_init.c:530: warning: 'TLSv1_2_client_method' is deprecated (declared at /usr/local/ssl-1.1.0c/include/openssl/ssl.h:1610) ssl_engine_init.c:531: warning: 'TLSv1_2_server_method' is deprecated (declared at /usr/local/ssl-1.1.0c/include/openssl/ssl.h:1609) ssl_engine_init.c: In function 'ssl_init_ctx_session_cache': ssl_engine_init.c:641: warning: passing argument 2 of 'SSL_CTX_sess_set_get_cb' from incompatible pointer type ssl_engine_init.c: In function 'use_certificate_chain': ssl_engine_init.c:861: warning: implicit declaration of function 'BIO_s_file_internal' ssl_engine_init.c:861: warning: passing argument 1 of 'BIO_new' makes pointer from integer without a cast ssl_engine_init.c: In function 'ssl_init_server_certs': ssl_engine_init.c:1201: error: dereferencing pointer to incomplete type make[3]: *** [ssl_engine_init.lo] Error 1 make[3]: Leaving directory `/my/build/httpd-2.4.25/modules/ssl' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/my/build/httpd-2.4.25/modules/ssl' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/my/build/httpd-2.4.25/modules' make: *** [all-recursive] Error 1
截至目前 ,使用最新版本的Apache HTTPD 2.4.25,2.4分支还不能与Openssl 1.1.x兼容,如果你想了解最新的安全问题,你将不得不坚持使用最新的1.0.2x。