You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by xPostings <po...@mysign.ch> on 2008/12/31 11:15:23 UTC
[users@httpd] Can't compile libssl and libz into httpd 2.2.11
Hi
I really don't know if it's only a config problem on my side or
if it's a change from apache 2.2.8 to 2.2.11:
How can I compile httpd WITHOUT any linkings to libssl and libz
(that means compile it into httpd). Also the httpd 2.2.8 is bigger
in filesize than 2.2.11 (bacause libz and libssl is not compiled into...)
if I ldd the "old" 2.2.8 it shows the following:
linux-gate.so.1 => (0xffffe000)
libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7f0a000)
libaprutil-1.so.0 => /usr/local/apache2.2.8/lib/libaprutil-1.so.0 (0xb7ef4000)
libexpat.so.0 => /usr/local/apache2.2.8/lib/libexpat.so.0 (0xb7ed8000)
libapr-1.so.0 => /usr/local/apache2.2.8/lib/libapr-1.so.0 (0xb7eb5000)
librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7eac000)
libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7e7e000)
libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7e6b000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7e67000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7d36000)
/lib/ld-linux.so.2 (0xb7f39000)
the 2.2.11 shows
linux-gate.so.1 => (0xffffe000)
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7eb9000)
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7d7e000)
libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7d59000)
libaprutil-1.so.0 => /usr/local/apache2.2.11/lib/libaprutil-1.so.0 (0xb7d3d000)
libexpat.so.0 => /usr/local/apache2.2.11/lib/libexpat.so.0 (0xb7d21000)
libapr-1.so.0 => /usr/local/apache2.2.11/lib/libapr-1.so.0 (0xb7cfc000)
librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7cf3000)
libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7cc4000)
libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7cb2000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7cae000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7b7d000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7b69000)
/lib/ld-linux.so.2 (0xb7efe000)
I compiled the versions with following ./configure:
./configure --prefix=/usr/local/apache2.2.11 \
--enable-static-support \
--with-mpm=worker \
--enable-mods-shared=all \
--enable-so \
--enable-deflate=static \
--with-z=/usr/local \
--enable-ssl=static \
--with-ssl=/usr/local/ssl \
--enable-rewrite=static \
--enable-auth-basic=static \
--enable-authn-file=static \
--enable-authz-user=static \
--enable-authz-groupfile=static \
--enable-authz-host=static \
--enable-expires=static \
--enable-headers=static
so mod_deflate as mod_ssl are part of the httpd.
Can anybody help me?
My box is a debian etch only basic netinstall with
apt-get install build-essential
apt-get install autoconf automake libtool
cheers
mike
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: AW: [users@httpd] Can't compile libssl and libz into httpd 2.2.11
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
xPostings wrote:
> Hi Williams
>
> I understand your argument. But in my case I would like to compile libssl
> into the httpd because of the criticial SSL/TLS vulnerability. Why that?
> The answer is easy: Because I can only control the installed httpd but not
> the installation of the debian boxes itself in the production enviroment.
> So the only way to enforce that the right libssl is in place is to compile
> it into httpd. So maybe the reason for my a little bit strange question is
> now much clearer.
> So, can anybody help me how I can compile the libssl and libz into httpd?
Dirt simple stupid answer, build and libssl and libz into a directory that
you explicitly reference --with-openssl= --with-zlib=, but build only the
static objects.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
AW: [users@httpd] Can't compile libssl and libz into httpd 2.2.11
Posted by xPostings <po...@mysign.ch>.
Hi Williams
I understand your argument. But in my case I would like to compile libssl
into the httpd because of the criticial SSL/TLS vulnerability. Why that?
The answer is easy: Because I can only control the installed httpd but not
the installation of the debian boxes itself in the production enviroment.
So the only way to enforce that the right libssl is in place is to compile
it into httpd. So maybe the reason for my a little bit strange question is
now much clearer.
So, can anybody help me how I can compile the libssl and libz into httpd?
cheers
mike
> -----Ursprüngliche Nachricht-----
> Von: William A. Rowe, Jr. [mailto:wrowe@rowe-clan.net]
> Gesendet: Freitag, 2. Januar 2009 15:48
> An: users@httpd.apache.org
> Betreff: Re: [users@httpd] Can't compile libssl and libz into httpd
> 2.2.11
>
>
> xPostings wrote:
> >
> > I really don't know if it's only a config problem on my side or
> > if it's a change from apache 2.2.8 to 2.2.11:
> > How can I compile httpd WITHOUT any linkings to libssl and libz
> > (that means compile it into httpd). Also the httpd 2.2.8 is bigger
> > in filesize than 2.2.11 (bacause libz and libssl is not
> compiled into...)
> >
> > My box is a debian etch only basic netinstall with
>
> There were libz security flaws back in the early 1.1 and 1.2
> series and
> periodic security updates to libssl. If you have the debian
> folks offering
> you updated / patched / secured flavor, why on earth would
> you want to lock
> into the flavor of the day and deprive yourself of the fixes
> to criticial
> SSL/TLS vulnerability fixes as more are discovered in the future?
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Can't compile libssl and libz into httpd 2.2.11
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
xPostings wrote:
>
> I really don't know if it's only a config problem on my side or
> if it's a change from apache 2.2.8 to 2.2.11:
> How can I compile httpd WITHOUT any linkings to libssl and libz
> (that means compile it into httpd). Also the httpd 2.2.8 is bigger
> in filesize than 2.2.11 (bacause libz and libssl is not compiled into...)
>
> My box is a debian etch only basic netinstall with
There were libz security flaws back in the early 1.1 and 1.2 series and
periodic security updates to libssl. If you have the debian folks offering
you updated / patched / secured flavor, why on earth would you want to lock
into the flavor of the day and deprive yourself of the fixes to criticial
SSL/TLS vulnerability fixes as more are discovered in the future?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org