upgrade openssl, do I need to recompile apache
csross
I have a Solaris 8 server. I just upgraded openssl (0.9.7m to 0.9.8.h) and
prior notes indicated that an apachectl -k graceful took care of reloading
the new ssl. After restarting (either graceful or stop/start), the error
log shows the old version still loading and the server-status shows the
same.
[Tue Oct 21 17:21:40 2008] [notice] Apache/2.2.8 (Unix) mod_ssl/2.2.8
OpenSSL/0.9.7m configured -- resuming normal operations
My config.log for http show
./configure --disable-ipv6 --enable-info --enable-status --enable-ssl --with
-ssl=/usr/local/ssl --disable-negotiation --disable-userdir
--disable-autoindex --disable-imap --enable-expires
Any suggestions please?
--
View this message in context: http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache-tp20099833p20099833.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
csross
I have a Solaris 8 server. I just upgraded openssl (0.9.7m to 0.9.8.h) and
prior notes indicated that an apachectl -k graceful took care of reloading
the new ssl. After restarting (either graceful or stop/start), the error
log shows the old version still loading and the server-status shows the
I know this might be an apache question, but since they are so connected, I
thought it might have come up here as well.
Prathima Dandapani -X (pdandapa - HCL at Cisco)
-----Original Message-----
From: owner-ope...@openssl.org
[mailto:owner-ope...@openssl.org] On Behalf Of csross
Sent: Wednesday, October 22, 2008 3:02 AM
To: openss...@openssl.org
Subject: upgrade openssl, do I need to recompile apache
I have a Solaris 8 server. I just upgraded openssl (0.9.7m to 0.9.8.h) and
prior notes indicated that an apachectl -k graceful took care of reloading
the new ssl. After restarting (either graceful or stop/start), the error
log shows the old version still loading and the server-status shows the
same.
[Tue Oct 21 17:21:40 2008] [notice] Apache/2.2.8 (Unix) mod_ssl/2.2.8
csross
Thank you. Do I go into the apache source (httpd-2.2.8/modules/ssl) and just
recompile in this directory or recompile the entire thing (apache)? I'm not
loading ssl dynamically in apache.
Thank you very much.
--
View this message in context: http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache-tp20099833p20111935.html
csross
Thank you. Do I go into the apache source (httpd-2.2.8/modules/ssl) and just
recompile in this directory or recompile the entire thing (apache)?
Thank you very much.
csross
Thank you. Do I go into the apache source (httpd-2.2.8/modules/ssl) and just
you get apache to use the new mod_ssl then?
Prathima Dandapani -X (pdandapa - HCL at Cisco)
httpd-2.2.8/modules/ssl directory and compile.
If it is statically linked to Apache then it is a must to recompile Apache
too.
Let me know for more information.
Dan_M...@ymp.gov
libraries or to the dynamic SSL (.so) libraries?
Please respond to openss...@openssl.org
Sent by: owner-ope...@openssl.org
To: openss...@openssl.org
cc: (bcc: Dan Mitton/YD/RWDOE)
Subject: RE: upgrade openssl, do I need to recompile apache
LSN: Not Relevant
User Filed as: Not a Record
csross
Thank you.
I did just that, without doing the ./configure again because nothing changed
there. The server-status screen and restart now shows the correct version.
Thank you very much.
Prathima Dandapani -X (pdandapa - HCL at Cisco) wrote:
>
> If you are loading mod_ssl dynamically into Apache,you can goto
> httpd-2.2.8/modules/ssl directory and compile.
> If it is statically linked to Apache then it is a must to recompile Apache
> too.
> Let me know for more information.
>
> -----Original Message-----
> From: owner-ope...@openssl.org
> [mailto:owner-ope...@openssl.org] On Behalf Of csross
> Sent: Wednesday, October 22, 2008 8:16 PM
> To: openss...@openssl.org
> Subject: RE: upgrade openssl, do I need to recompile apache
>
>
--
View this message in context: http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache-tp20099833p20133479.html
csross
When I configure apache I just indicate /usr/local/ssl/lib (which contains
both libssl.a and libssl.so). I did not build mod_ssl separately. How can
I see which it is linked to?
Dan_Mitton-2 wrote:
>
> Doesn't this all depend on if you linked mod_ssl.so to the static SSL (.a)
> libraries or to the dynamic SSL (.so) libraries?
>
>
>
> Please respond to openss...@openssl.org
> Sent by: owner-ope...@openssl.org
> To: openss...@openssl.org
> cc: (bcc: Dan Mitton/YD/RWDOE)
> Subject: RE: upgrade openssl, do I need to recompile apache
> LSN: Not Relevant
> User Filed as: Not a Record
>
>
--
View this message in context: http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache-tp20099833p20137223.html
patrick
> I see which it is linked to?
look at apache error.log
also you can type:
ldd httpd (in bin) to see what libs it using.
> When I configure apache I just indicate /usr/local/ssl/lib (which contains
> both libssl.a and libssl.so).
do you mean: ./configure ... --enable-ssl --with-ssl=/usr/local/ssl/lib?
patrick
csross
I forgot about ldd.
Yes, when I configured apache I specified --enable-ssl
--with-ssl=/usr/local/ssl/lib.
I just compiled a new openssl on another server and apache sill shows ssl
linked to the old openssl, so I do have to compile.
Thank you very much.
ldd /www/bin/httpd
libssl.so.0.9.7 => /usr/local/ssl/lib/libssl.so.0.9.7
libcrypto.so.0.9.7 => /usr/local/ssl/lib/libcrypto.so.0.9.7
--
View this message in context: http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache-tp20099833p20155706.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.