Jac*_* M. 1 freebsd openssl apache-2.2
我正在尝试同时升级 Apache 和 OpenSSL。我已经用我需要的所有模块编译了 Apache,它弹出并运行,但仍然显示旧版本的 OpenSSL。
这是我的配置命令:
./configure --prefix=/usr/local/apache2.2.24/ --with-ssl=/usr/local/openssl-1.0.1e/ --enable-mods-shared="all [sic] ssl rewrite"
该目录中的 OpenSSL 是正确的:
$ /usr/local/openssl-1.0.1e/bin/openssl version
OpenSSL 1.0.1e 11 Feb 2013
然而,当我查询服务器时,我仍然在标头中得到旧版本的 OpenSSL:
$ curl -I http://www.mydomain.com/
HTTP/1.1 200 OK
Date: Thu, 09 May 2013 14:51:59 GMT
Server: Apache/2.2.24 (Unix) DAV/2 mod_ssl/2.2.24 OpenSSL/1.0.0g
在过去的几天里,我重新编译了几百次,但无法弄清楚我错过了什么。每个目录都已被删除并从头开始创建(包括我正在编译的源目录)。
该系统是旧版本的 FreeBSD,ports安装损坏,因此我无法使用端口进行编译。
First, FIX YOUR PORTS - rm -rf /usr/ports if that's what it takes. This will not harm installed software. Use portsnap for an easy way to grab a new copy of the ports tree. Advanced users can use svn.
Second, DO NOT compile Apache from downloaded source. You're begging for trouble, and should NOT be surprised that you've found it. Use the ports tree. Even if you want to use a different version of software from the Ports tree, learn how to modify your local tree for the version you want.
Run ldd against the mod_ssl.so file, since you're compiling downloaded source the installation direction is probably non-standard (meaning future admins of your system will be unable to find the directory easily).
See what libssl.so it's using, and where it'll be loaded from. Make sure you have the latest OpenSSL libraries in that location.
当您从端口构建 Apache 时,它应该始终针对 OpenSSL 的端口安装版本(libssl.so in /usr/local/lib)构建。由于情况并非如此,因此任何人都可以猜测它正在加载什么。
| 归档时间: |
|
| 查看次数: |
7536 次 |
| 最近记录: |