Hi,

I'm upgrading openssl on a number of servers and obviously this
involves re-compiling Apache. I am recompiling Apache using this line:

SSL_BASE=/workbench/openssl ./configure --prefix=/workbench/apache
--enable-module=ssl --enable-shared=ssl --enable-rule=SHARED_CORE
--enable-module=so

My question is how can you determine what compilation flags were used
when Apache was originally compiled?

Any is much appreciated,

Thanks,

Bob

On 2006-10-05, Bob <bobsaila@hotmail.co.uk> wrote:
> I'm upgrading openssl on a number of servers and obviously this
> involves re-compiling Apache.

Well... if your mod_ssl is using dynamic linking, it shouldn't be
necessary to recompile it, just upgrade the libraries.

> My question is how can you determine what compilation flags were used
> when Apache was originally compiled?

The only way is to check the configure log file, httpd -V will tell you
something, but not the whole list.

Davide

--
!07/11 PDP a ni deppart m'I !pleH

Hi,

Thanks for the quick reply.

How can I tell if mod_ssl is using dynamic linking?

Thanks again,

Bob

Davide Bianchi wrote:

> On 2006-10-05, Bob <bobsaila@hotmail.co.uk> wrote:
> > I'm upgrading openssl on a number of servers and obviously this
> > involves re-compiling Apache.
>
> Well... if your mod_ssl is using dynamic linking, it shouldn't be
> necessary to recompile it, just upgrade the libraries.
>
> > My question is how can you determine what compilation flags were used
> > when Apache was originally compiled?
>
> The only way is to check the configure log file, httpd -V will tell you
> something, but not the whole list.
>
> Davide
>
> --
> !07/11 PDP a ni deppart m'I !pleH

On 2006-10-05, Bob <bobsaila@hotmail.co.uk> wrote:
> How can I tell if mod_ssl is using dynamic linking?

ldd /where/is/mod_ssl.so

will show '/lib/ld-linux.so' if it's compiled with dynamic linking.

Davide

--
HAL 9000: Dave. Put down those Windows disks, Dave. DAVE!

Hi,

Thanks for the reply again.

I ran locate to try and find mod_ssl.so but it returned nothing. The
closest I have is libssl.so, and when I run ldd on it, it returns the
following:

libc.so.6 => /lib/libc.so.6 (0x400f8000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)

Is that the correct file to be looking at? If so, it would seem that
dynamic linking has been used.

If that is the case, when you say there is no need to recompile it
(Apache?), just the libraries, do you mean just openssl?

Also, where can I find the configure log file that you originally
mentioned?

Thanks again,

Bob

Davide Bianchi wrote:

> On 2006-10-05, Bob <bobsaila@hotmail.co.uk> wrote:
> > How can I tell if mod_ssl is using dynamic linking?
>
> ldd /where/is/mod_ssl.so
>
> will show '/lib/ld-linux.so' if it's compiled with dynamic linking.
>
> Davide
>
> --
> HAL 9000: Dave. Put down those Windows disks, Dave. DAVE!

On 2006-10-05, Bob <bobsaila@hotmail.co.uk> wrote:
> I ran locate to try and find mod_ssl.so but it returned nothing.

Look in your httpd.conf (or wathever your configuration file is),
if there is a LoadModule then you know a) that the module is loaded
at runtime and b) where it is, if there isn't such line then the
module is probably compiled built-in, then you have to recompile it.

Davide

> Also, where can I find the configure log file that you originally
> mentioned?

If you still have it, is in the directory with the sources.
Davide

--
If at first you don't succeed, get a job with Microsoft.
-- Gareth Barnard

[ Davide Bianchi ]

> On 2006-10-05, Bob <bobsaila@hotmail.co.uk> wrote:
>> I'm upgrading openssl on a number of servers and obviously this
>> involves re-compiling Apache.
>
> Well... if your mod_ssl is using dynamic linking, it shouldn't be
> necessary to recompile it, just upgrade the libraries.

A caveat to this should be "if the two versions are binary
compatible", and OpenSSL versions frequently aren't. My advice is also
to try upgrading before recompiling Apache, but be prepared to have to
recompile even though it might be a minor upgrade (say, from 0.9.7k to
0.9.7l).


Rgds,
Kenneth Svee

Hi Kenneth, Davide,

Many thanks for you replies.

Davide, is the configure log file called configure.status?

Kenneth, as far as I can tell, mod_ssl is using dynamic linking but is
there a way to tell if there are binary compatibility issues?

Finally, can I just confirm that we are talking about leaving Apache
and ModSSL alone and only changing OpenSSL?

Thanks to you both,

Bob

Kenneth Svee wrote:

> [ Davide Bianchi ]
>
> > On 2006-10-05, Bob <bobsaila@hotmail.co.uk> wrote:
> >> I'm upgrading openssl on a number of servers and obviously this
> >> involves re-compiling Apache.
> >
> > Well... if your mod_ssl is using dynamic linking, it shouldn't be
> > necessary to recompile it, just upgrade the libraries.
>
> A caveat to this should be "if the two versions are binary
> compatible", and OpenSSL versions frequently aren't. My advice is also
> to try upgrading before recompiling Apache, but be prepared to have to
> recompile even though it might be a minor upgrade (say, from 0.9.7k to
> 0.9.7l).
>
>
> Rgds,
> Kenneth Svee

On 2006-10-06, Bob <bobsaila@hotmail.co.uk> wrote:
> Davide, is the configure log file called configure.status?

Yes, that's the one.

> Finally, can I just confirm that we are talking about leaving Apache
> and ModSSL alone and only changing OpenSSL?

Yes.

Davide

--
I read .doc files with "rm". All you lose is the microsoft-specific
font selections, the macro viruses and the luser babblings.
-- Gary "Wolf" Barnes

On 2006-10-06, Bob <bobsaila@hotmail.co.uk> wrote:
> others isn't present so doesn't that mean that either it is statically
> linked or is not using modssl at all? How can I tell the difference?

If it's statically linked httpd -l will show it.

Davide

--
If at first you don't succeed, get a job with Microsoft.
-- Gareth Barnard

Hi again,

Davide, I've checked the httpd.conf files on the systems and have found
that all but one have modssl dynamically linked. I'm not 100% sure
about the last however. The LoadModule line that I've looked for on the
others isn't present so doesn't that mean that either it is statically
linked or is not using modssl at all? How can I tell the difference?

Thanks again,

Bob

On Oct 6, 10:56 am, Davide Bianchi <davideyeahs...@onlyforfun.net>
wrote:
> On 2006-10-06, Bob <bobsa...@hotmail.co.uk> wrote:
>
> > Davide, is the configure log file called configure.status?Yes, that's the one.
>
> > Finally, can I just confirm that we are talking about leaving Apache
> > and ModSSL alone and only changing OpenSSL?Yes.
>
> Davide
>
> --
> I read .doc files with "rm". All you lose is the microsoft-specific
> font selections, the macro viruses and the luser babblings.
> -- Gary "Wolf" Barnes

Hi Davide,

I've tried leaving modssl and apache alone and only updating openssl.
However, when I fire up apache after putting the new version of openssl
in place, it still reports that it is using the original version. I've
experimented a little, and it seems as though apache doesn't care if
the openssl directory is present. I've removed the openssl directory
completely and apache still starts in ssl mode!

Surely this means that anything I do to openssl is detached from
apache? How can I get apache to acknowledge the fact that I am now
using a newer version of openssl?

Thanks again,

Bob


Davide Bianchi wrote:

> On 2006-10-06, Bob <bobsaila@hotmail.co.uk> wrote:
> > others isn't present so doesn't that mean that either it is statically
> > linked or is not using modssl at all? How can I tell the difference?
>
> If it's statically linked httpd -l will show it.
>
> Davide
>
> --
> If at first you don't succeed, get a job with Microsoft.
> -- Gareth Barnard

On 2006-10-06, Bob <bobsaila@hotmail.co.uk> wrote:
> I've tried leaving modssl and apache alone and only updating openssl.
> However, when I fire up apache after putting the new version of openssl
> in place, it still reports that it is using the original version. I've

Something make me think that you didn't "updated" openssl, but merely
installed a new version on the side of the old one. Unfortunately, this
is quite a tricky thing to check and is impossible to do without access to
the system. At this point I suggest you go ahead and recompile mod_ssl with
the new libraries.

Davide

--
What you end up with, after running an operating system concept through
these many marketing coffee filters, is something not unlike plain hot
water.
-- Matt Welsh

Hi Davide,

Thanks for the reply.

I compiled and installed openssl into the same directory that the
original was in. It seems as though this directory has no bearing on
apache at all. Does this mean I'm doing something wrong? How do I
correctly update openssl? If I recompile mod_ssl won't I then have to
recompile apache too?

Thanks again,

Bob

Davide Bianchi wrote:

> On 2006-10-06, Bob <bobsaila@hotmail.co.uk> wrote:
> > I've tried leaving modssl and apache alone and only updating openssl.
> > However, when I fire up apache after putting the new version of openssl
> > in place, it still reports that it is using the original version. I've
>
> Something make me think that you didn't "updated" openssl, but merely
> installed a new version on the side of the old one. Unfortunately, this
> is quite a tricky thing to check and is impossible to do without access to
> the system. At this point I suggest you go ahead and recompile mod_ssl with
> the new libraries.
>
> Davide
>
> --
> What you end up with, after running an operating system concept through
> these many marketing coffee filters, is something not unlike plain hot
> water.
> -- Matt Welsh