Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤
目前已知問題 OpenSSL 0.9.8 無法配合 Apache 2.0.54 ,編譯會失敗
我編譯 OpenSSL 0.9.8 后其他涉及到 ssl 的程序似乎編譯也有問題。
以下是一些搜索到的內容:
A patch was submitted for this yesterday:
http://mail-archives.apache.org/mod_mbox/httpd-dev/200507.mbox/%3c2005070512
[email protected]%3e
<snip>;
#ifndef PEM_F_DEF_CALLBACK
+ #ifdef PEM_F_PEM_DEF_CALLBACK
+ /* In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
+ #define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK
+ #endif
+ #endif
</snip>;
Ed
-----Original Message-----
From: Carsten Gaebler
Sent: 06 July 2005 10:31
To:
[email protected] Subject: Apache 2.0.54 won't compile with OpenSSL 0.9.8
Hi,
I've just tried to compile Apache 2.0.54 with OpenSSL 0.9.8 on Debian Linux
and I got the following error message:
/usr/src/httpd-2.0.54/srclib/apr/libtool --silent --mode=compile gcc -g
-O2 -pthread -DLINUX=2 -D_REENTRANT -D_XOPEN_SOURCE=500 -D_BSD_SOURCE
-D_SVID_SOURCE -D_GNU_SOURCE -DAP_HAVE_DESIGNATED_INITIALIZER
-I/usr/src/httpd-2.0.54/srclib/apr/include
-I/usr/src/httpd-2.0.54/srclib/apr-util/include
-I/usr/src/httpd-2.0.54/srclib/apr-util/xml/expat/lib -I.
-I/usr/src/httpd-2.0.54/os/unix
-I/usr/src/httpd-2.0.54/server/mpm/prefork
-I/usr/src/httpd-2.0.54/modules/http
-I/usr/src/httpd-2.0.54/modules/filters
-I/usr/src/httpd-2.0.54/modules/proxy -I/usr/src/httpd-2.0.54/include
-I/usr/src/httpd-2.0.54/modules/generators
-I/usr/local/openssl-0.9.8/include/openssl
-I/usr/local/openssl-0.9.8/include
-I/usr/src/httpd-2.0.54/modules/dav/main -prefer-non-pic -static -c
ssl_engine_pphrase.c && touch ssl_engine_pphrase.lo
ssl_engine_pphrase.c: In function `ssl_pphrase_Handle_CB':
ssl_engine_pphrase.c:684: `PEM_F_DEF_CALLBACK' undeclared (first use in
this function)
ssl_engine_pphrase.c:684: (Each undeclared identifier is reported only once
ssl_engine_pphrase.c:684: for each function it appears in.)
make: *** Error 1
make: Leaving directory `/usr/src/httpd-2.0.54/modules/ssl'
make: *** Error 1
make: Leaving directory `/usr/src/httpd-2.0.54/modules/ssl'
make: *** Error 1
make: Leaving directory `/usr/src/httpd-2.0.54/modules'
make: *** Error 1
The configure command was:
/configure \
--prefix=/usr/local/apache \
--enable-modules='proxy proxy-http rewrite ssl' \
--disable-actions \
--disable-asis \
--disable-auth \
--disable-autoindex \
--disable-cgi \
--disable-dir \
--disable-imap \
--disable-include \
--disable-negotiation \
--disable-proxy-connect \
--disable-proxy-ftp \
--disable-so \
--disable-status \
--disable-userdir \
--with-ssl=/usr/local/openssl-0.9.8
Any clues?
cg.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html>; for more info.
To unsubscribe, e-mail:
[email protected] " from the digest:
[email protected] For additional commands, e-mail:
[email protected] ---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html>; for more info.
To unsubscribe, e-mail:
[email protected] " from the digest:
[email protected] For additional commands, e-mail:
[email protected] 《解決方案》
Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤
我這裡同樣Linux發行版,同樣問題
《解決方案》
Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤
Patch for 2.0.54 + OpenSSL 0.9.8
http://mail-archives.apache.org/mod_mbox/httpd-dev/200507.mbox/%
[email protected]%3e
diff -cr httpd-2.0.54.orig/docs/manual/mod/mod_ssl.xml httpd-2.0.54/docs/manual/mod/mod_ssl.xml
*** httpd-2.0.54.orig/docs/manual/mod/mod_ssl.xml Fri Feb 4 21:21:18 2005
--- httpd-2.0.54/docs/manual/mod/mod_ssl.xml Tue Jul 5 11:53:55 2005
***************
*** 65,70 ****
--- 65,71 ----
<tr>;<td>;<code>;SSL_CIPHER_EXPORT</code>;</td>; <td>;string</td>; <td>;<code>;true</code>; if cipher is an export cipher</td>;</tr>;
<tr>;<td>;<code>;SSL_CIPHER_USEKEYSIZE</code>;</td>; <td>;number</td>; <td>;Number of cipher bits (actually used)</td>;</tr>;
<tr>;<td>;<code>;SSL_CIPHER_ALGKEYSIZE</code>;</td>; <td>;number</td>; <td>;Number of cipher bits (possible)</td>;</tr>;
+ <tr>;<td>;<code>;SSL_COMP_METHOD</code>;</td>; <td>;string</td>; <td>;SSL compression method negotiated</td>;</tr>;
<tr>;<td>;<code>;SSL_VERSION_INTERFACE</code>;</td>; <td>;string</td>; <td>;The mod_ssl program version</td>;</tr>;
<tr>;<td>;<code>;SSL_VERSION_LIBRARY</code>;</td>; <td>;string</td>; <td>;The OpenSSL program version</td>;</tr>;
<tr>;<td>;<code>;SSL_CLIENT_M_VERSION</code>;</td>; <td>;string</td>; <td>;The version of the client certificate</td>;</tr>;
diff -cr httpd-2.0.54.orig/docs/manual/ssl/ssl_faq.xml httpd-2.0.54/docs/manual/ssl/ssl_faq.xml
*** httpd-2.0.54.orig/docs/manual/ssl/ssl_faq.xml Fri Feb 4 21:21:18 2005
--- httpd-2.0.54/docs/manual/ssl/ssl_faq.xml Tue Jul 5 12:14:15 2005
***************
*** 680,685 ****
--- 680,686 ----
<li>;<a href="#vhosts">;HTTPS and name-based vhosts</a>;</li>;
<li>;<a href="#vhosts2">;Why is it not possible to use Name-Based Virtual
Hosting to identify different SSL virtual hosts?</a>;</li>;
+ <li>;<a href="#comp">;How do I get SSL compression working?</a>;</li>;
<li>;<a href="#lockicon">;The lock icon in Netscape locks very late</a>;</li>;
<li>;<a href="#msie">;Why do I get I/O errors with MSIE clients?</a>;</li>;
<li>;<a href="#nn">;Why do I get I/O errors with NS clients?</a>;</li>;
***************
*** 804,809 ****
--- 805,827 ----
Use different port numbers for different SSL hosts.</p>;
</section>;
+ <section id="comp">;<title>;How do I get SSL compression working?</title>;
+ <p>;Although SSL compression negotiation was already defined in the specification
+ of SSLv2 and TLS, it took until May 2004 when RFC 3749 defined DEFLATE as
+ a negotiable standard compression method.
+ </p>;
+ <p>;OpenSSL 0.9.8 started to support this by default when compiled with the
+ <code>;zlib</code>; option. If both the client and the server support compression,
+ it will be used. However, most clients still try to initially connect with an
+ SSLv2 Hello. As SSLv2 did not include an array of prefered compression algorithms
+ in its handshake, compression can not be negotiated with these clients.
+ If the client disables support for SSLv2, based on the used SSL library
+ a SSLv3 or TLS Hello might be sent and compression might be set up.
+ You can check if clients make use of SSL compression by logging the
+ variable <code>;SSL_COMP_METHOD</code>;.
+ </p>;
+ </section>;
+
<section id="lockicon">;<title>;When I use Basic Authentication over HTTPS the lock icon in Netscape browsers
still shows the unlocked state when the dialog pops up. Does this mean the
username/password is still transmitted unencrypted?</title>;
diff -cr httpd-2.0.54.orig/modules/ssl/ssl_engine_vars.c httpd-2.0.54/modules/ssl/ssl_engine_vars.c
*** httpd-2.0.54.orig/modules/ssl/ssl_engine_vars.c Fri Feb 4 21:21:18 2005
--- httpd-2.0.54/modules/ssl/ssl_engine_vars.c Tue Jul 5 10:51:40 2005
***************
*** 47,52 ****
--- 47,53 ----
static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var);
static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize);
static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var);
+ static char *ssl_var_lookup_ssl_comp_method(SSL *ssl);
static int ssl_is_https(conn_rec *c)
{
***************
*** 282,287 ****
--- 283,291 ----
if ((xs = SSL_get_certificate(ssl)) != NULL)
result = ssl_var_lookup_ssl_cert(p, xs, var+7);
}
+ else if (ssl != NULL && strlen(var) >;= 11 && strcEQn(var, "COMP_METHOD", 7)) {
+ result = ssl_var_lookup_ssl_comp_method(ssl);
+ }
return result;
}
***************
*** 594,599 ****
--- 598,636 ----
}
return result;
}
+
+ static char *ssl_var_lookup_ssl_comp_method(SSL *ssl)
+ {
+ char *result = "NULL";
+ #ifdef OPENSSL_VERSION_NUMBER
+ #if (OPENSSL_VERSION_NUMBER >;= 0x00908000)
+ SSL_SESSION *pSession = SSL_get_session(ssl);
+
+ if (pSession) {
+ switch (pSession->;compress_meth) {
+ case 0:
+ /* default "NULL" already set */
+ break;
+
+ /* Defined by RFC 3749, deflate is coded by "1" */
+ case 1:
+ result = "DEFLATE";
+ break;
+
+ /* IANA assigned compression number for LZS */
+ case 0x40:
+ result = "LZS";
+ break;
+
+ default:
+ result = "UNKNOWN";
+ break;
+ }
+ }
+ #endif
+ #endif
+ return result;
+ }
/* _________________________________________________________________
**
diff -cr httpd-2.0.54.orig/modules/ssl/ssl_toolkit_compat.h httpd-2.0.54/modules/ssl/ssl_toolkit_compat.h
*** httpd-2.0.54.orig/modules/ssl/ssl_toolkit_compat.h Fri Feb 4 21:21:18 2005
--- httpd-2.0.54/modules/ssl/ssl_toolkit_compat.h Tue Jul 5 11:33:33 2005
***************
*** 99,104 ****
--- 99,111 ----
#define HAVE_SSL_X509V3_EXT_d2i
#endif
+ #ifndef PEM_F_DEF_CALLBACK
+ #ifdef PEM_F_PEM_DEF_CALLBACK
+ /* In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
+ #define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK
+ #endif
+ #endif
+
#elif defined (SSLC_VERSION_NUMBER) /* RSA */
/* sslc does not support this function, OpenSSL has since 9.5.1 */
《解決方案》
Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤
我以為只有我遇到了這個問題,看來我的猜測是正確的:BUG!
我當初換回 openssl-0.9.7g 就沒事了,你也試試看
《解決方案》
Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤
你需要慘招修改apache的源代碼,我在Linux BSD Windows都通過了的
《解決方案》
Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤
原帖由 "HonestQiao"]你需要慘招修改apache的源代碼,我在Linux BSD Windows都通過了的
需要改哪裡?
《解決方案》
Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤
原帖由 "platinum" 發表:
需要改哪裡?
特此留念
http://mail-archives.apache.org/mod_mbox/httpd-dev/200507.mbox/%
[email protected]%3e
modules/ssl/ssl_toolkit_compat.h
#define HAVE_SSL_X509V3_EXT_d2i
#endif
+ #ifndef PEM_F_DEF_CALLBACK
+ #ifdef PEM_F_PEM_DEF_CALLBACK
+ /* In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
+ #define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK
+ #endif
+ #endif
+
#elif defined (SSLC_VERSION_NUMBER) /* RSA */
/* sslc does not support this function, OpenSSL has since 9.5.1 */
《解決方案》
Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤
改的真不少啊。。。。
《解決方案》
Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤
不過沒什麼,修改修改就可以了。
我編譯作為WAPM的最新測試,高了好半天,終於敲定了,也不複雜
《解決方案》
Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤
原帖由 "HonestQiao" 發表:
不過沒什麼,修改修改就可以了。
我編譯作為WAPM的最新測試,高了好半天,終於敲定了,也不複雜
小喬同志對 lighttpd 有沒有研究,號稱那個比 apache 速度要快,也支持 PHP/CGI/SSL
