问题描述
我正在尝试将openssl-1.0.1e更新为1.0.1s.它是源代码编译.完成以下步骤后,
I am trying to update openssl-1.0.1e to 1.0.1s. It's source compile. After I done the following step,
- cd openssl-1.0.1s
- ./config --shared
- 制作
- 进行安装
-
apachectl configtest
- cd openssl-1.0.1s
- ./config --shared
- make
- make install
apachectl configtest
我得到了一个错误,例如"httpd:/usr/local/apache2/conf/httpd.conf的第55行的语法错误:无法将/usr/local/apache2/modules/mod_ssl.so加载到服务器中:/usr/local/apache2/modules/mod_ssl.so:未定义的符号:SSLv2_client_method"
I got an error as "httpd: Syntax error on line 55 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/mod_ssl.so into server: /usr/local/apache2/modules/mod_ssl.so: undefined symbol: SSLv2_client_method"
我也尝试过./config --prefix=/usr enable-shared -no-ssl2
,也是同样的错误.在安装openssl-1.0.1s之前,我make clean
是旧版本.
I also tried ./config --prefix=/usr enable-shared -no-ssl2
, also it"s same error. Before I installed openssl-1.0.1s, I make clean
the old one.
有人知道任何解决方案吗?
Dose anyone know any solutions?
推荐答案
出现SSLv2_client_method
,并且朋友被意外从库的1.0.1和1.0.2分支中删除.请参见问题#4398:BUG/1.0.2g破坏了CURL扩展日期为2016年3月8日在OpenSSL开发人员邮件列表中.
It appears SSLv2_client_method
and friends were accidentally removed from the 1.0.1 and 1.0.2 branches of the library. See Issue #4398: BUG / 1.0.2g breaks CURL extension dated March 8, 2016 on the OpenSSL developer mailing list.
它已通过提交133138569f37d149,将SSLv2方法保留为返回NULL的函数来修复..您应该可以使用以下方法手动修补ssl/s2_meth.c
:
It was fixed with Commit 133138569f37d149, Retain SSLv2 methods as functions that return NULL. You should be able to patch ssl/s2_meth.c
manually with:
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
+SSL_METHOD *SSLv2_method(void) { return NULL; }
+SSL_METHOD *SSLv2_client_method(void) { return NULL; }
+SSL_METHOD *SSLv2_server_method(void) { return NULL; }
相关,这不是很正确:
Related, this is not quite correct:
它是no-ssl2
,而不是-no-ssl2
.另请参见编译和安装|在OpenSSL Wiki上配置选项.
Its no-ssl2
, not -no-ssl2
. Also see Compilation and Installation | Configure Options on the OpenSSL wiki.
此外,--prefix=/usr
可能很危险,因为它通常会破坏使用系统版本库的系统实用程序.有时,发行版会应用OpenSSL来源中不存在的补丁(Ubuntu浮现在脑海中).
Also, --prefix=/usr
can be dangerous because it usually breaks system utilities that use the system's version of the library. Sometimes the distro applies patches that are not present in OpenSSL's sources (Ubuntu comes to mind).
通常,您要的是--openssldir=/usr/local/...
.看起来您自己构建了Apache,因此您应该可以使用它.您可以获取最新的OpenSSL,在CFLAGS
中包含一个RPATH,构建OpenSSL,将其安装到/usr/local
中,然后针对该版本的OpenSSL构建Apache.有关在CFLAGS
中添加RPATH的信息,请访问以下网页上的编译和安装. OpenSSL Wiki.
Usually what you want is --openssldir=/usr/local/...
. It looks like you built Apache yourself, so you should be able to use it. You can fetch the latest OpenSSL, include an RPATH in the CFLAGS
, build OpenSSL, install it into /usr/local
, and then build Apache against that version of OpenSSL. Information on adding an RPATH in the CFLAGS
can be found at Compilation and Installation on the OpenSSL wiki.
这篇关于未定义的符号:SSLv2_client_method的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!