歡迎您光臨本站 註冊首頁

Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤

←手機掃碼閱讀     火星人 @ 2014-03-04 , reply:0

Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤

目前已知問題  OpenSSL 0.9.8 無法配合 Apache 2.0.54 ,編譯會失敗

我編譯 OpenSSL 0.9.8 后其他涉及到 ssl 的程序似乎編譯也有問題。


以下是一些搜索到的內容:
A patch was submitted for this yesterday:

http://mail-archives.apache.org/mod_mbox/httpd-dev/200507.mbox/%3c2005070512
3248.GE23007@2scale.net%3e


<snip>;

#ifndef PEM_F_DEF_CALLBACK
+ #ifdef PEM_F_PEM_DEF_CALLBACK
+ /* In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
+ #define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK
+ #endif
+ #endif

</snip>;


Ed


-----Original Message-----
From: Carsten Gaebler
Sent: 06 July 2005 10:31
To: users@httpd.apache.org
Subject: Apache 2.0.54 won't compile with OpenSSL 0.9.8

Hi,

I've just tried to compile Apache 2.0.54 with OpenSSL 0.9.8 on Debian Linux
and I got the following error message:


/usr/src/httpd-2.0.54/srclib/apr/libtool --silent --mode=compile gcc  -g
-O2 -pthread    -DLINUX=2 -D_REENTRANT -D_XOPEN_SOURCE=500 -D_BSD_SOURCE
-D_SVID_SOURCE -D_GNU_SOURCE -DAP_HAVE_DESIGNATED_INITIALIZER
-I/usr/src/httpd-2.0.54/srclib/apr/include
-I/usr/src/httpd-2.0.54/srclib/apr-util/include
-I/usr/src/httpd-2.0.54/srclib/apr-util/xml/expat/lib -I.
-I/usr/src/httpd-2.0.54/os/unix
-I/usr/src/httpd-2.0.54/server/mpm/prefork
-I/usr/src/httpd-2.0.54/modules/http
-I/usr/src/httpd-2.0.54/modules/filters
-I/usr/src/httpd-2.0.54/modules/proxy -I/usr/src/httpd-2.0.54/include
-I/usr/src/httpd-2.0.54/modules/generators
-I/usr/local/openssl-0.9.8/include/openssl
-I/usr/local/openssl-0.9.8/include
-I/usr/src/httpd-2.0.54/modules/dav/main -prefer-non-pic -static -c
ssl_engine_pphrase.c && touch ssl_engine_pphrase.lo
ssl_engine_pphrase.c: In function `ssl_pphrase_Handle_CB':
ssl_engine_pphrase.c:684: `PEM_F_DEF_CALLBACK' undeclared (first use in
this function)
ssl_engine_pphrase.c:684: (Each undeclared identifier is reported only once
ssl_engine_pphrase.c:684: for each function it appears in.)
make: *** Error 1
make: Leaving directory `/usr/src/httpd-2.0.54/modules/ssl'
make: *** Error 1
make: Leaving directory `/usr/src/httpd-2.0.54/modules/ssl'
make: *** Error 1
make: Leaving directory `/usr/src/httpd-2.0.54/modules'
make: *** Error 1


The configure command was:


/configure \
--prefix=/usr/local/apache \
--enable-modules='proxy proxy-http rewrite ssl' \
--disable-actions \
--disable-asis \
--disable-auth \
--disable-autoindex \
--disable-cgi \
--disable-dir \
--disable-imap \
--disable-include \
--disable-negotiation \
--disable-proxy-connect \
--disable-proxy-ftp \
--disable-so \
--disable-status \
--disable-userdir \
--with-ssl=/usr/local/openssl-0.9.8


Any clues?

cg.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html>; for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html>; for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
《解決方案》

Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤

我這裡同樣Linux發行版,同樣問題
《解決方案》

Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤

Patch for 2.0.54 + OpenSSL 0.9.8
http://mail-archives.apache.org/mod_mbox/httpd-dev/200507.mbox/%3c20050705123248.GE23007@2scale.net%3e

diff -cr httpd-2.0.54.orig/docs/manual/mod/mod_ssl.xml httpd-2.0.54/docs/manual/mod/mod_ssl.xml
*** httpd-2.0.54.orig/docs/manual/mod/mod_ssl.xml        Fri Feb  4 21:21:18 2005
--- httpd-2.0.54/docs/manual/mod/mod_ssl.xml        Tue Jul  5 11:53:55 2005
***************
*** 65,70 ****
--- 65,71 ----
  <tr>;<td>;<code>;SSL_CIPHER_EXPORT</code>;</td>;             <td>;string</td>;    <td>;<code>;true</code>; if cipher is an export cipher</td>;</tr>;
  <tr>;<td>;<code>;SSL_CIPHER_USEKEYSIZE</code>;</td>;         <td>;number</td>;    <td>;Number of cipher bits (actually used)</td>;</tr>;
  <tr>;<td>;<code>;SSL_CIPHER_ALGKEYSIZE</code>;</td>;         <td>;number</td>;    <td>;Number of cipher bits (possible)</td>;</tr>;
+ <tr>;<td>;<code>;SSL_COMP_METHOD</code>;</td>;               <td>;string</td>;    <td>;SSL compression method negotiated</td>;</tr>;
  <tr>;<td>;<code>;SSL_VERSION_INTERFACE</code>;</td>;         <td>;string</td>;    <td>;The mod_ssl program version</td>;</tr>;
  <tr>;<td>;<code>;SSL_VERSION_LIBRARY</code>;</td>;           <td>;string</td>;    <td>;The OpenSSL program version</td>;</tr>;
  <tr>;<td>;<code>;SSL_CLIENT_M_VERSION</code>;</td>;          <td>;string</td>;    <td>;The version of the client certificate</td>;</tr>;
diff -cr httpd-2.0.54.orig/docs/manual/ssl/ssl_faq.xml httpd-2.0.54/docs/manual/ssl/ssl_faq.xml
*** httpd-2.0.54.orig/docs/manual/ssl/ssl_faq.xml        Fri Feb  4 21:21:18 2005
--- httpd-2.0.54/docs/manual/ssl/ssl_faq.xml        Tue Jul  5 12:14:15 2005
***************
*** 680,685 ****
--- 680,686 ----
  <li>;<a href="#vhosts">;HTTPS and name-based vhosts</a>;</li>;
  <li>;<a href="#vhosts2">;Why is it not possible to use Name-Based Virtual
  Hosting to identify different SSL virtual hosts?</a>;</li>;
+ <li>;<a href="#comp">;How do I get SSL compression working?</a>;</li>;
  <li>;<a href="#lockicon">;The lock icon in Netscape locks very late</a>;</li>;
  <li>;<a href="#msie">;Why do I get I/O errors with MSIE clients?</a>;</li>;
  <li>;<a href="#nn">;Why do I get I/O errors with NS clients?</a>;</li>;
***************
*** 804,809 ****
--- 805,827 ----
      Use different port numbers for different SSL hosts.</p>;
  </section>;
  
+ <section id="comp">;<title>;How do I get SSL compression working?</title>;
+ <p>;Although SSL compression negotiation was already defined in the specification
+ of SSLv2 and TLS, it took until May 2004 when RFC 3749 defined DEFLATE as
+ a negotiable standard compression method.
+ </p>;
+ <p>;OpenSSL 0.9.8 started to support this by default when compiled with the
+ <code>;zlib</code>; option. If both the client and the server support compression,
+ it will be used. However, most clients still try to initially connect with an
+ SSLv2 Hello. As SSLv2 did not include an array of prefered compression algorithms
+ in its handshake, compression can not be negotiated with these clients.
+ If the client disables support for SSLv2, based on the used SSL library
+ a SSLv3 or TLS Hello might be sent and compression might be set up.
+ You can check if clients make use of SSL compression by logging the
+ variable <code>;SSL_COMP_METHOD</code>;.
+ </p>;
+ </section>;
+
  <section id="lockicon">;<title>;When I use Basic Authentication over HTTPS the lock icon in Netscape browsers
  still shows the unlocked state when the dialog pops up. Does this mean the
  username/password is still transmitted unencrypted?</title>;
diff -cr httpd-2.0.54.orig/modules/ssl/ssl_engine_vars.c httpd-2.0.54/modules/ssl/ssl_engine_vars.c
*** httpd-2.0.54.orig/modules/ssl/ssl_engine_vars.c        Fri Feb  4 21:21:18 2005
--- httpd-2.0.54/modules/ssl/ssl_engine_vars.c        Tue Jul  5 10:51:40 2005
***************
*** 47,52 ****
--- 47,53 ----
  static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var);
  static void  ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize);
  static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var);
+ static char *ssl_var_lookup_ssl_comp_method(SSL *ssl);
  
  static int ssl_is_https(conn_rec *c)
  {
***************
*** 282,287 ****
--- 283,291 ----
          if ((xs = SSL_get_certificate(ssl)) != NULL)
              result = ssl_var_lookup_ssl_cert(p, xs, var+7);
      }
+     else if (ssl != NULL && strlen(var) >;= 11 && strcEQn(var, "COMP_METHOD", 7)) {
+             result = ssl_var_lookup_ssl_comp_method(ssl);
+     }
      return result;
  }
  
***************
*** 594,599 ****
--- 598,636 ----
      }
      return result;
  }
+
+ static char *ssl_var_lookup_ssl_comp_method(SSL *ssl)
+ {
+     char *result = "NULL";
+ #ifdef OPENSSL_VERSION_NUMBER
+ #if (OPENSSL_VERSION_NUMBER >;= 0x00908000)
+     SSL_SESSION *pSession = SSL_get_session(ssl);
+
+     if (pSession) {
+         switch (pSession->;compress_meth) {
+         case 0:
+             /* default "NULL" already set */
+             break;
+
+             /* Defined by RFC 3749, deflate is coded by "1" */
+         case 1:
+             result = "DEFLATE";
+             break;
+
+             /* IANA assigned compression number for LZS */
+         case 0x40:
+             result = "LZS";
+             break;
+
+         default:
+             result = "UNKNOWN";
+             break;
+         }
+     }
+ #endif
+ #endif
+     return result;
+ }
  
  /*  _________________________________________________________________
  **
diff -cr httpd-2.0.54.orig/modules/ssl/ssl_toolkit_compat.h httpd-2.0.54/modules/ssl/ssl_toolkit_compat.h
*** httpd-2.0.54.orig/modules/ssl/ssl_toolkit_compat.h        Fri Feb  4 21:21:18 2005
--- httpd-2.0.54/modules/ssl/ssl_toolkit_compat.h        Tue Jul  5 11:33:33 2005
***************
*** 99,104 ****
--- 99,111 ----
  #define HAVE_SSL_X509V3_EXT_d2i
  #endif
  
+ #ifndef PEM_F_DEF_CALLBACK
+ #ifdef PEM_F_PEM_DEF_CALLBACK
+ /* In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
+ #define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK
+ #endif
+ #endif
+
  #elif defined (SSLC_VERSION_NUMBER) /* RSA */
  
  /* sslc does not support this function, OpenSSL has since 9.5.1 */
《解決方案》

Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤

我以為只有我遇到了這個問題,看來我的猜測是正確的:BUG!
我當初換回 openssl-0.9.7g 就沒事了,你也試試看
《解決方案》

Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤

你需要慘招修改apache的源代碼,我在Linux BSD Windows都通過了的
《解決方案》

Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤

原帖由 "HonestQiao"]你需要慘招修改apache的源代碼,我在Linux BSD Windows都通過了的

需要改哪裡?
《解決方案》

Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤

原帖由 "platinum" 發表:

需要改哪裡?

特此留念

http://mail-archives.apache.org/mod_mbox/httpd-dev/200507.mbox/%3c20050705123248.GE23007@2scale.net%3e

modules/ssl/ssl_toolkit_compat.h

  #define HAVE_SSL_X509V3_EXT_d2i
  #endif
  
+ #ifndef PEM_F_DEF_CALLBACK
+ #ifdef PEM_F_PEM_DEF_CALLBACK
+ /* In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
+ #define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK
+ #endif
+ #endif
+
  #elif defined (SSLC_VERSION_NUMBER) /* RSA */
  
  /* sslc does not support this function, OpenSSL has since 9.5.1 */
《解決方案》

Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤

改的真不少啊。。。。
《解決方案》

Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤

不過沒什麼,修改修改就可以了。

我編譯作為WAPM的最新測試,高了好半天,終於敲定了,也不複雜
《解決方案》

Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤

原帖由 "HonestQiao" 發表:
不過沒什麼,修改修改就可以了。

我編譯作為WAPM的最新測試,高了好半天,終於敲定了,也不複雜
小喬同志對 lighttpd 有沒有研究,號稱那個比 apache 速度要快,也支持 PHP/CGI/SSL

[火星人 ] Apache 2.0.54 + OpenSSL 0.9.8 編譯錯誤已經有972次圍觀

http://coctec.com/docs/service/show-post-36921.html