upgrade openssl, do I need to recompile apache

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

upgrade openssl, do I need to recompile apache

cross
I have a Solaris 8 server.  I just upgraded openssl (0.9.7m to 0.9.8.h) and prior notes indicated that an apachectl -k graceful took care of reloading the new ssl.  After restarting (either graceful or stop/start), the error log shows the old version still loading and the server-status shows the same.  The location of the new ssl is the same as the old.

I know this might be an apache question, but since they are so connected, I thought it might have come up here as well.

[Tue Oct 21 17:21:40 2008] [notice] Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7m configured -- resuming normal operations

My config.log for http show
./configure --disable-ipv6 --enable-info --enable-status --enable-ssl --with -ssl=/usr/local/ssl --disable-negotiation --disable-userdir --disable-autoindex --disable-imap --enable-expires

Any suggestions please?
Reply | Threaded
Open this post in threaded view
|

RE: upgrade openssl, do I need to recompile apache

Prathima Dandapani -X (pdandapa - HCL at Cisco)
Yes, you need to recompile mod_ssl of Apache when openssl is upgraded.

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of csross
Sent: Wednesday, October 22, 2008 3:02 AM
To: [hidden email]
Subject: upgrade openssl, do I need to recompile apache


I have a Solaris 8 server.  I just upgraded openssl (0.9.7m to 0.9.8.h) and
prior notes indicated that an apachectl -k graceful took care of reloading
the new ssl.  After restarting (either graceful or stop/start), the error
log shows the old version still loading and the server-status shows the
same.

[Tue Oct 21 17:21:40 2008] [notice] Apache/2.2.8 (Unix) mod_ssl/2.2.8
OpenSSL/0.9.7m configured -- resuming normal operations

My config.log for http show
./configure --disable-ipv6 --enable-info --enable-status --enable-ssl --with
-ssl=/usr/local/ssl --disable-negotiation --disable-userdir
--disable-autoindex --disable-imap --enable-expires

Any suggestions please?
--
View this message in context:
http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache-tp200
99833p20099833.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: upgrade openssl, do I need to recompile apache

cross
This post was updated on .
Thank you.  Do I go into the apache source (httpd-2.2.8/modules/ssl) and just recompile in this directory or recompile the entire thing (apache)?  How do you get apache to use the new mod_ssl then?

Also, I did not install mod_ssl as a separate package, I just compiled openssl and apache.  Why do some posts show compiling/installing mod_ssl separately.

Thank you very much.


Prathima Dandapani -X (pdandapa - HCL at Cisco) wrote
Yes, you need to recompile mod_ssl of Apache when openssl is upgraded.

-----Original Message-----
From: owner-openssl-users@openssl.org
[mailto:owner-openssl-users@openssl.org] On Behalf Of csross
Sent: Wednesday, October 22, 2008 3:02 AM
To: openssl-users@openssl.org
Subject: upgrade openssl, do I need to recompile apache


I have a Solaris 8 server.  I just upgraded openssl (0.9.7m to 0.9.8.h) and
prior notes indicated that an apachectl -k graceful took care of reloading
the new ssl.  After restarting (either graceful or stop/start), the error
log shows the old version still loading and the server-status shows the
same.

[Tue Oct 21 17:21:40 2008] [notice] Apache/2.2.8 (Unix) mod_ssl/2.2.8
OpenSSL/0.9.7m configured -- resuming normal operations

My config.log for http show
./configure --disable-ipv6 --enable-info --enable-status --enable-ssl --with
-ssl=/usr/local/ssl --disable-negotiation --disable-userdir
--disable-autoindex --disable-imap --enable-expires

Any suggestions please?
--
View this message in context:
http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache-tp200
99833p20099833.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
Reply | Threaded
Open this post in threaded view
|

RE: upgrade openssl, do I need to recompile apache

Dan_Mitton-2
Doesn't this all depend on if you linked mod_ssl.so to the static SSL (.a)
libraries or to the dynamic SSL (.so) libraries?



Please respond to [hidden email]
Sent by:        [hidden email]
To:     [hidden email]
cc:      (bcc: Dan Mitton/YD/RWDOE)
Subject:        RE: upgrade openssl, do I need to recompile apache
LSN: Not Relevant
User Filed as: Not a Record


Thank you.  Do I go into the apache source (httpd-2.2.8/modules/ssl) and
just
recompile in this directory or recompile the entire thing (apache)?  How
do
you get apache to use the new mod_ssl then?

Thank you very much.



Prathima Dandapani -X (pdandapa - HCL at Cisco) wrote:

>
> Yes, you need to recompile mod_ssl of Apache when openssl is upgraded.
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of csross
> Sent: Wednesday, October 22, 2008 3:02 AM
> To: [hidden email]
> Subject: upgrade openssl, do I need to recompile apache
>
>
> I have a Solaris 8 server.  I just upgraded openssl (0.9.7m to 0.9.8.h)
> and
> prior notes indicated that an apachectl -k graceful took care of
reloading
> the new ssl.  After restarting (either graceful or stop/start), the
error

> log shows the old version still loading and the server-status shows the
> same.
>
> [Tue Oct 21 17:21:40 2008] [notice] Apache/2.2.8 (Unix) mod_ssl/2.2.8
> OpenSSL/0.9.7m configured -- resuming normal operations
>
> My config.log for http show
> ./configure --disable-ipv6 --enable-info --enable-status --enable-ssl
> --with
> -ssl=/usr/local/ssl --disable-negotiation --disable-userdir
> --disable-autoindex --disable-imap --enable-expires
>
> Any suggestions please?
> --
> View this message in context:
>
http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache-tp200

> 99833p20099833.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
>

--
View this message in context:
http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache-tp20099833p20111935.html

Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: upgrade openssl, do I need to recompile apache

Prathima Dandapani -X (pdandapa - HCL at Cisco)
In reply to this post by cross
If you are loading mod_ssl dynamically into Apache,you can goto
httpd-2.2.8/modules/ssl directory and compile.
If it is statically linked to Apache then it is a must to recompile Apache
too.
Let me know for more information.

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of csross
Sent: Wednesday, October 22, 2008 8:16 PM
To: [hidden email]
Subject: RE: upgrade openssl, do I need to recompile apache


Thank you.  Do I go into the apache source (httpd-2.2.8/modules/ssl) and
just recompile in this directory or recompile the entire thing (apache)?
How do you get apache to use the new mod_ssl then?

Thank you very much.



Prathima Dandapani -X (pdandapa - HCL at Cisco) wrote:

>
> Yes, you need to recompile mod_ssl of Apache when openssl is upgraded.
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of csross
> Sent: Wednesday, October 22, 2008 3:02 AM
> To: [hidden email]
> Subject: upgrade openssl, do I need to recompile apache
>
>
> I have a Solaris 8 server.  I just upgraded openssl (0.9.7m to
> 0.9.8.h) and prior notes indicated that an apachectl -k graceful took
> care of reloading the new ssl.  After restarting (either graceful or
> stop/start), the error log shows the old version still loading and the
> server-status shows the same.
>
> [Tue Oct 21 17:21:40 2008] [notice] Apache/2.2.8 (Unix) mod_ssl/2.2.8
> OpenSSL/0.9.7m configured -- resuming normal operations
>
> My config.log for http show
> ./configure --disable-ipv6 --enable-info --enable-status --enable-ssl
> --with -ssl=/usr/local/ssl --disable-negotiation --disable-userdir
> --disable-autoindex --disable-imap --enable-expires
>
> Any suggestions please?
> --
> View this message in context:
> http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache
> -tp200
> 99833p20099833.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
>

--
View this message in context:
http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache-tp200
99833p20111935.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: upgrade openssl, do I need to recompile apache

cross
Thank you.
I did just that, without doing the ./configure again because nothing changed there.  The server-status screen and restart now shows the correct version.  Thank you very much.

Prathima Dandapani -X (pdandapa - HCL at Cisco) wrote
If you are loading mod_ssl dynamically into Apache,you can goto
httpd-2.2.8/modules/ssl directory and compile.
If it is statically linked to Apache then it is a must to recompile Apache
too.
Let me know for more information.

-----Original Message-----
From: owner-openssl-users@openssl.org
[mailto:owner-openssl-users@openssl.org] On Behalf Of csross
Sent: Wednesday, October 22, 2008 8:16 PM
To: openssl-users@openssl.org
Subject: RE: upgrade openssl, do I need to recompile apache


Thank you.  Do I go into the apache source (httpd-2.2.8/modules/ssl) and
just recompile in this directory or recompile the entire thing (apache)?
How do you get apache to use the new mod_ssl then?

Thank you very much.



Prathima Dandapani -X (pdandapa - HCL at Cisco) wrote:
>
> Yes, you need to recompile mod_ssl of Apache when openssl is upgraded.
>
> -----Original Message-----
> From: owner-openssl-users@openssl.org
> [mailto:owner-openssl-users@openssl.org] On Behalf Of csross
> Sent: Wednesday, October 22, 2008 3:02 AM
> To: openssl-users@openssl.org
> Subject: upgrade openssl, do I need to recompile apache
>
>
> I have a Solaris 8 server.  I just upgraded openssl (0.9.7m to
> 0.9.8.h) and prior notes indicated that an apachectl -k graceful took
> care of reloading the new ssl.  After restarting (either graceful or
> stop/start), the error log shows the old version still loading and the
> server-status shows the same.
>
> [Tue Oct 21 17:21:40 2008] [notice] Apache/2.2.8 (Unix) mod_ssl/2.2.8
> OpenSSL/0.9.7m configured -- resuming normal operations
>
> My config.log for http show
> ./configure --disable-ipv6 --enable-info --enable-status --enable-ssl
> --with -ssl=/usr/local/ssl --disable-negotiation --disable-userdir
> --disable-autoindex --disable-imap --enable-expires
>
> Any suggestions please?
> --
> View this message in context:
> http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache
> -tp200
> 99833p20099833.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majordomo@openssl.org
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majordomo@openssl.org
>
>

--
View this message in context:
http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache-tp200
99833p20111935.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
Reply | Threaded
Open this post in threaded view
|

RE: upgrade openssl, do I need to recompile apache

cross
In reply to this post by Dan_Mitton-2
When I configure apache I just indicate /usr/local/ssl/lib (which contains both libssl.a and libssl.so).  I did not build mod_ssl separately.  How can I see which it is linked to?

Dan_Mitton-2 wrote
Doesn't this all depend on if you linked mod_ssl.so to the static SSL (.a)
libraries or to the dynamic SSL (.so) libraries?



Please respond to openssl-users@openssl.org
Sent by:        owner-openssl-users@openssl.org
To:     openssl-users@openssl.org
cc:      (bcc: Dan Mitton/YD/RWDOE)
Subject:        RE: upgrade openssl, do I need to recompile apache
LSN: Not Relevant
User Filed as: Not a Record


Thank you.  Do I go into the apache source (httpd-2.2.8/modules/ssl) and
just
recompile in this directory or recompile the entire thing (apache)?  How
do
you get apache to use the new mod_ssl then?

Thank you very much.



Prathima Dandapani -X (pdandapa - HCL at Cisco) wrote:
>
> Yes, you need to recompile mod_ssl of Apache when openssl is upgraded.
>
> -----Original Message-----
> From: owner-openssl-users@openssl.org
> [mailto:owner-openssl-users@openssl.org] On Behalf Of csross
> Sent: Wednesday, October 22, 2008 3:02 AM
> To: openssl-users@openssl.org
> Subject: upgrade openssl, do I need to recompile apache
>
>
> I have a Solaris 8 server.  I just upgraded openssl (0.9.7m to 0.9.8.h)
> and
> prior notes indicated that an apachectl -k graceful took care of
reloading
> the new ssl.  After restarting (either graceful or stop/start), the
error
> log shows the old version still loading and the server-status shows the
> same.
>
> [Tue Oct 21 17:21:40 2008] [notice] Apache/2.2.8 (Unix) mod_ssl/2.2.8
> OpenSSL/0.9.7m configured -- resuming normal operations
>
> My config.log for http show
> ./configure --disable-ipv6 --enable-info --enable-status --enable-ssl
> --with
> -ssl=/usr/local/ssl --disable-negotiation --disable-userdir
> --disable-autoindex --disable-imap --enable-expires
>
> Any suggestions please?
> --
> View this message in context:
>
http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache-tp200

> 99833p20099833.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majordomo@openssl.org
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majordomo@openssl.org
>
>

--
View this message in context:
http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache-tp20099833p20111935.html

Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
Reply | Threaded
Open this post in threaded view
|

Re: upgrade openssl, do I need to recompile apache

11h11
> How can
> I see which it is linked to?

look at apache error.log
also you can type:
ldd httpd (in bin) to see what libs it using.

> When I configure apache I just indicate /usr/local/ssl/lib (which contains
> both libssl.a and libssl.so).

do you mean: ./configure ... --enable-ssl --with-ssl=/usr/local/ssl/lib?

patrick

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: upgrade openssl, do I need to recompile apache

cross
I forgot about ldd.  

Yes, when I configured apache I specified --enable-ssl --with-ssl=/usr/local/ssl/lib.  

I just compiled a new openssl on another server and apache sill shows ssl linked to the old openssl, so I do have to compile.

Thank you very much.

ldd /www/bin/httpd
        libssl.so.0.9.7 =>       /usr/local/ssl/lib/libssl.so.0.9.7
        libcrypto.so.0.9.7 =>    /usr/local/ssl/lib/libcrypto.so.0.9.7



patrick-51 wrote
> How can
> I see which it is linked to?

look at apache error.log
also you can type:
ldd httpd (in bin) to see what libs it using.

> When I configure apache I just indicate /usr/local/ssl/lib (which contains
> both libssl.a and libssl.so).

do you mean: ./configure ... --enable-ssl --with-ssl=/usr/local/ssl/lib?

patrick

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org