My Apache build using an older OpenSSL version

My Apache build using an older OpenSSL version

am 21.03.2010 18:16:13 von Gabriel Farrell

Hello,

I want to allow multiple ssl certificates to served from the same IP
address. The SNI feature which exposes hostname early in a ssl http
request will allow NameBased virtual hosts even when using ssl.

I've successfully built the newest stable openssl ( 0.9.8m ) from
source and then built apache (2.2.15) =A0on a test machine, and the SNI
feature works perfectly. Both hosts have an OS of CentOS release 5.2
and are similarly configured.

However,I'm having a problem; apache continues to point to an older
version of ssl, 0.9.8b ( not the 0.9.8m I've just built) , according
to output at startup. This is on the host I actually need to make this
change ( third party has been given its IP ).
**************************************
[Thu Mar 18 18:10:27 2010] [notice] SIGHUP received. =A0Attempting to resta=
rt
[Thu Mar 18 18:10:28 2010][notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15
OpenSSL/0.9.8b configured -- resuming normal operation;
********************************************

Below are the steps I use for building, no problems encountered
while building, the "--with-ssl=3D/usr/local/openssl/" is pointing
apache to the openssl I want it to use. This directory has the freshly
built openssl in it.
********************************************
cd openssl-0.9.8m
../config enable-tls-ext --openssldir=3D/usr/local/openssl
make install
cd ..
tar xvf httpd-2.2.15.tar
cd httpd-2.2.15
../configure --prefix=3D/usr/local/apache2
--with-ssl=3D/usr/local/openssl/ --enable-so --enable-deflate
--enable-proxy --enable-proxy-connect --enable-proxy-http
--enable-proxy-ajp --enable-proxy-balancer --enable-ssl
--enable-unique-id --enable-usertrack --enable-vhost-alias
--with-mpm=3Dprefork --enable-static-ab --enable-rewrite
make install

*******************************
I start apache using /usr/local/apache2/bin/apachectl start, and I get
the output indicating it is using an older openssl.

Can you help me out, I'm stumped

Thank you,
Gabriel Farrell.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: My Apache build using an older OpenSSL version

am 21.03.2010 21:22:45 von Eric Covener

On Sun, Mar 21, 2010 at 1:16 PM, Gabriel Farrell wrote:
> I start apache using /usr/local/apache2/bin/apachectl start, and I get
> the output indicating it is using an older openssl.

maybe set LD_LIBRARY_PATH in /usr/local/apache2/bin/envvars to find
your openssl.


--
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org