Specifying the openssl version used with mod_ssl

This is a multi-part message in MIME format.

------=_NextPart_000_00E8_01CB5010.149B6C20
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit

Hello,

We are using mac Leopard OS. We have rolled our own Apache(2.2.16)
separate from the default install. We have also rolled our own OpenSSL to
the latest version. However when we compile Apache and enable mod_ssl it
still uses the old OpenSSL version. We can see it in our http headers:



Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7l



When typing "openssl version" from my account and the root account I get:

OpenSSL 1.0.0a 1 Jun 2010

I've seen this in some apache configs:

--enable-ssl --with-ssl=/usr/local/ssl

I've tried the above with no success. According to the output I get when
configuring/making/installing apache it is finding openssl at the above
directory. The problem is though that the http header stays the same.



The problem is we can't upgrade the default openssl version on the OS
without apple providing the update. The outdated version is tripping our
security scans. Like I said we rolled our owned updated version but cannot
get apache/mod_ssl to use it. Any help is appreciated.

Thanks,



Gunner Geller


------=_NextPart_000_00E8_01CB5010.149B6C20
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">

Re: Specifying the openssl version used with mod_ssl

Hello Gunner,

Have you tried
--enable-ssl --with-ssl=/path/to/just/compiled/openssl ?

Regards,

Gregg

Gunner Geller wrote:
> Hello,
>
> We are using mac Leopard OS. We have rolled our own Apache(2.2.16)
> separate from the default install. We have also rolled our own OpenSSL to
> the latest version. However when we compile Apache and enable mod_ssl it
> still uses the old OpenSSL version. We can see it in our http headers:
>
>
>
> Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7l
>
>
>
> When typing "openssl version" from my account and the root account I get:
>
> OpenSSL 1.0.0a 1 Jun 2010
>
> I've seen this in some apache configs:
>
> --enable-ssl --with-ssl=/usr/local/ssl
>
> I've tried the above with no success. According to the output I get when
> configuring/making/installing apache it is finding openssl at the above
> directory. The problem is though that the http header stays the same.
>
>
>
> The problem is we can't upgrade the default openssl version on the OS
> without apple providing the update. The outdated version is tripping our
> security scans. Like I said we rolled our owned updated version but cannot
> get apache/mod_ssl to use it. Any help is appreciated.
>
> Thanks,
>
>
>
> Gunner Geller
>
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Specifying the openssl version used with mod_ssl

Hello all,
Sorry for the delay. We found a work around and quit looking into
the below issue. Thanks to Peter for the static library suggestion and Lee
for the same and for getting me back on the topic. We were able to get
everything working how it should. A note, we are compiling modssl into
apache. We are not using it as a shared object. Here are the key config
options for openssl and apache:

Openssl:

../configure --prefix=/usr/local/ssl --shared

Apache:

../configure --with-included-apr --enable-ssl --with-ssl=/usr/local/ssl


It is probably a good idea to run a sudo make clean for each installation.
At least it was for us since we re-installed about 50 times.


Thanks again,

Gunner Geller


-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Gregg L. Smith
Sent: Monday, September 13, 2010 12:48 PM
To: modssl-users@modssl.org
Subject: Re: Specifying the openssl version used with mod_ssl

Hello Gunner,

Have you tried
--enable-ssl --with-ssl=/path/to/just/compiled/openssl ?

Regards,

Gregg

Gunner Geller wrote:
> Hello,
>
> We are using mac Leopard OS. We have rolled our own Apache(2.2.16)
> separate from the default install. We have also rolled our own OpenSSL to
> the latest version. However when we compile Apache and enable mod_ssl it
> still uses the old OpenSSL version. We can see it in our http headers:
>
>
>
> Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7l
>
>
>
> When typing "openssl version" from my account and the root account I get:
>
> OpenSSL 1.0.0a 1 Jun 2010
>
> I've seen this in some apache configs:
>
> --enable-ssl --with-ssl=/usr/local/ssl
>
> I've tried the above with no success. According to the output I get when
> configuring/making/installing apache it is finding openssl at the above
> directory. The problem is though that the http header stays the same.
>
>
>
> The problem is we can't upgrade the default openssl version on the OS
> without apple providing the update. The outdated version is tripping our
> security scans. Like I said we rolled our owned updated version but cannot
> get apache/mod_ssl to use it. Any help is appreciated.
>
> Thanks,
>
>
>
> Gunner Geller
>
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org