今天在Redhat 5.4上編譯安裝OpenSSL 1.0.1和Apache 2.2.22,總是報告checking for SSL_CTX_new... no錯誤,最後在國外一個網站上找到解決辦法。人家就一句話就搞定了,效率啊...
一、卸載原來的OpenSSL
查詢原安裝包
rpm -qa|grep openssl*
或,
rpm -qa|grep ssl*
[root@localhost tmp]# rpm -qa |grep ssl
openssl-0.9.8e-12.el5_4.6
docbook-style-dsssl-1.79-4.1
openssl-devel-0.9.8e-12.el5_4.6
openssl-0.9.8e-12.el5_4.6
openssl-devel-0.9.8e-12.el5_4.6
mod_ssl-2.2.3-43.el5
然後把它們全部卸載掉。卸載方法,參考:Linux下如何卸載軟件
二、編譯安裝openssl
# cd /tmp
# wget http://www.openssl.org/source/openssl-1.0.1.tar.gz
# tar xzvf openssl-1.0.1.tar.gz
# cd openssl-1.0.1
# ./config --prefix=/usr/local/openssl
# make && make install
安裝openssl這裡設置路徑為/usr/local/openssl,下文已經後續安裝其它軟件,凡是涉及到ssl的,也同樣需要指定這個路徑,因為我們沒有按照系統默認的路徑安裝。
三、編譯安裝Apache
# wget http://www.apache.org/dist/httpd/httpd-2.2.22.tar.gz
# tar zxvf httpd-2.2.22.tar.gz
# cd httpd-2.2.22
# ./configure --prefix=/usr/local/apache2 --enable-so --enable-rewrite --enable-ssl --with-ssl=/usr/local/openssl
# make && make install
錯誤如下:
checking whether to enable mod_ssl... checking dependencies
checking for SSL/TLS toolkit base... /usr/local/ssl
adding "-I/usr/local/ssl/include" to CPPFLAGS
adding "-I/usr/local/ssl/include" to INCLUDES
adding "-L/usr/local/ssl/lib" to LDFLAGS
checking for OpenSSL version... checking openssl/opensslv.h usability... yes
checking openssl/opensslv.h presence... yes
checking for openssl/opensslv.h... yes
checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
OK
forcing SSL_LIBS to "-lssl -lcrypto "
adding "-lssl" to LIBS
adding "-lcrypto" to LIBS
checking openssl/engine.h usability... yes
checking openssl/engine.h presence... yes
checking for openssl/engine.h... yes
checking for SSLeay_version... yes
checking for SSL_CTX_new... no
checking for ENGINE_init... no
checking for ENGINE_load_builtin_engines... no
checking for SSL_set_cert_store... no
configure: error: ... Error, SSL/TLS libraries were missing or unusable
這在APACHE上一個版本時,有個類似的BUG(地址:https://issues.apache.org/bugzilla/show_bug.cgi?id=48880),那時SSLeay_version... yes這一句都不會過SSLeay_version... no。
最後找到解決辦法,執行如下一句設置環境變量:
export LDFLAGS=-ldl
四、APACHE開啟HTTPS配置
Redhat下如果是源碼編譯安裝apache2,只需修改../apache2/conf/httpd.conf其中的,
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
注釋去掉,然後再修改:.../conf/extra/httpd-ssl.conf文件,
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/var/www/html"
ServerName 12.34.56.78:443
ServerAdmin [email protected]
ErrorLog "/usr/local/apache2/logs/error_log"
TransferLog "/usr/local/apache2/logs/access_log"
...
設置證書文件路徑SSLCertificateFile和SSLCertificateKeyFile文件路徑,如果使用的證書SSLCertificateFile裡已包含服務器私鑰,則需把下面的設置項SSLCertificateKeyFile注釋關閉。
SSLCertificateFile "/usr/local/apache2/conf/apache.pem"
#SSLCertificateFile "/usr/local/apache2/conf/server-dsa.crt"
#SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
#SSLCertificateKeyFile "/usr/local/apache2/conf/server-dsa.key"