Apache 2.0.54 + OpenSSL 0.9.8 编译错误

Question

目前已知问题  OpenSSL 0.9.8 无法配合 Apache 2.0.54 ，编译会失败

我编译 OpenSSL 0.9.8 后其他涉及到 ssl 的程序似乎编译也有问题。

以下是一些搜索到的内容：
A patch was submitted for this yesterday:

http://mail-archives.apache.org/mod_mbox/httpd-dev/200507.mbox/%3c2005070512
3248.GE23007@2scale.net%3e

<snip>;

#ifndef PEM_F_DEF_CALLBACK
+ #ifdef PEM_F_PEM_DEF_CALLBACK
+ /* In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
+ #define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK
+ #endif
+ #endif

</snip>;

Ed

-----Original Message-----
From: Carsten Gaebler [mailto:apache@snakefarm.org]
Sent: 06 July 2005 10:31
To: users@httpd.apache.org
Subject: [users@httpd] Apache 2.0.54 won't compile with OpenSSL 0.9.8

Hi,

I've just tried to compile Apache 2.0.54 with OpenSSL 0.9.8 on Debian Linux
and I got the following error message:

/usr/src/httpd-2.0.54/srclib/apr/libtool --silent --mode=compile gcc  -g
-O2 -pthread    -DLINUX=2 -D_REENTRANT -D_XOPEN_SOURCE=500 -D_BSD_SOURCE
-D_SVID_SOURCE -D_GNU_SOURCE -DAP_HAVE_DESIGNATED_INITIALIZER
-I/usr/src/httpd-2.0.54/srclib/apr/include
-I/usr/src/httpd-2.0.54/srclib/apr-util/include
-I/usr/src/httpd-2.0.54/srclib/apr-util/xml/expat/lib -I.
-I/usr/src/httpd-2.0.54/os/unix
-I/usr/src/httpd-2.0.54/server/mpm/prefork
-I/usr/src/httpd-2.0.54/modules/http
-I/usr/src/httpd-2.0.54/modules/filters
-I/usr/src/httpd-2.0.54/modules/proxy -I/usr/src/httpd-2.0.54/include
-I/usr/src/httpd-2.0.54/modules/generators
-I/usr/local/openssl-0.9.8/include/openssl
-I/usr/local/openssl-0.9.8/include
-I/usr/src/httpd-2.0.54/modules/dav/main -prefer-non-pic -static -c
ssl_engine_pphrase.c && touch ssl_engine_pphrase.lo
ssl_engine_pphrase.c: In function `ssl_pphrase_Handle_CB':
ssl_engine_pphrase.c:684: `PEM_F_DEF_CALLBACK' undeclared (first use in
this function)
ssl_engine_pphrase.c:684: (Each undeclared identifier is reported only once
ssl_engine_pphrase.c:684: for each function it appears in.)
make[3]: *** [ssl_engine_pphrase.lo] Error 1
make[3]: Leaving directory `/usr/src/httpd-2.0.54/modules/ssl'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/usr/src/httpd-2.0.54/modules/ssl'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/httpd-2.0.54/modules'
make: *** [all-recursive] Error 1

The configure command was:

/configure \
--prefix=/usr/local/apache \
--enable-modules='proxy proxy-http rewrite ssl' \
--disable-actions \
--disable-asis \
--disable-auth \
--disable-autoindex \
--disable-cgi \
--disable-dir \
--disable-imap \
--disable-include \
--disable-negotiation \
--disable-proxy-connect \
--disable-proxy-ftp \
--disable-so \
--disable-status \
--disable-userdir \
--with-ssl=/usr/local/openssl-0.9.8

Any clues?

cg.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html>; for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html>; for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Answer 1

我这里同样Linux发行版，同样问题

Answer 2

Patch for 2.0.54 + OpenSSL 0.9.8
http://mail-archives.apache.org/mod_mbox/httpd-dev/200507.mbox/%3c20050705123248.GE23007@2scale.net%3e

2. diff -cr httpd-2.0.54.orig/docs/manual/mod/mod_ssl.xml httpd-2.0.54/docs/manual/mod/mod_ssl.xml
3. *** httpd-2.0.54.orig/docs/manual/mod/mod_ssl.xml        Fri Feb  4 21:21:18 2005
4. --- httpd-2.0.54/docs/manual/mod/mod_ssl.xml        Tue Jul  5 11:53:55 2005
5. ***************
6. *** 65,70 ****
7. --- 65,71 ----
8.   <tr>;<td>;<code>;SSL_CIPHER_EXPORT</code>;</td>;             <td>;string</td>;    <td>;<code>;true</code>; if cipher is an export cipher</td>;</tr>;
9.   <tr>;<td>;<code>;SSL_CIPHER_USEKEYSIZE</code>;</td>;         <td>;number</td>;    <td>;Number of cipher bits (actually used)</td>;</tr>;
10.   <tr>;<td>;<code>;SSL_CIPHER_ALGKEYSIZE</code>;</td>;         <td>;number</td>;    <td>;Number of cipher bits (possible)</td>;</tr>;
11. + <tr>;<td>;<code>;SSL_COMP_METHOD</code>;</td>;               <td>;string</td>;    <td>;SSL compression method negotiated</td>;</tr>;
12.   <tr>;<td>;<code>;SSL_VERSION_INTERFACE</code>;</td>;         <td>;string</td>;    <td>;The mod_ssl program version</td>;</tr>;
13.   <tr>;<td>;<code>;SSL_VERSION_LIBRARY</code>;</td>;           <td>;string</td>;    <td>;The OpenSSL program version</td>;</tr>;
14.   <tr>;<td>;<code>;SSL_CLIENT_M_VERSION</code>;</td>;          <td>;string</td>;    <td>;The version of the client certificate</td>;</tr>;
15. diff -cr httpd-2.0.54.orig/docs/manual/ssl/ssl_faq.xml httpd-2.0.54/docs/manual/ssl/ssl_faq.xml
16. *** httpd-2.0.54.orig/docs/manual/ssl/ssl_faq.xml        Fri Feb  4 21:21:18 2005
17. --- httpd-2.0.54/docs/manual/ssl/ssl_faq.xml        Tue Jul  5 12:14:15 2005
18. ***************
19. *** 680,685 ****
20. --- 680,686 ----
21.   <li>;<a href="#vhosts">;HTTPS and name-based vhosts</a>;</li>;
22.   <li>;<a href="#vhosts2">;Why is it not possible to use Name-Based Virtual
23.   Hosting to identify different SSL virtual hosts?</a>;</li>;
24. + <li>;<a href="#comp">;How do I get SSL compression working?</a>;</li>;
25.   <li>;<a href="#lockicon">;The lock icon in Netscape locks very late</a>;</li>;
26.   <li>;<a href="#msie">;Why do I get I/O errors with MSIE clients?</a>;</li>;
27.   <li>;<a href="#nn">;Why do I get I/O errors with NS clients?</a>;</li>;
28. ***************
29. *** 804,809 ****
30. --- 805,827 ----
31.       Use different port numbers for different SSL hosts.</p>;
32.   </section>;
33.   
34. + <section id="comp">;<title>;How do I get SSL compression working?</title>;
35. + <p>;Although SSL compression negotiation was already defined in the specification
36. + of SSLv2 and TLS, it took until May 2004 when RFC 3749 defined DEFLATE as
37. + a negotiable standard compression method.
38. + </p>;
39. + <p>;OpenSSL 0.9.8 started to support this by default when compiled with the
40. + <code>;zlib</code>; option. If both the client and the server support compression,
41. + it will be used. However, most clients still try to initially connect with an
42. + SSLv2 Hello. As SSLv2 did not include an array of prefered compression algorithms
43. + in its handshake, compression can not be negotiated with these clients.
44. + If the client disables support for SSLv2, based on the used SSL library
45. + a SSLv3 or TLS Hello might be sent and compression might be set up.
46. + You can check if clients make use of SSL compression by logging the
47. + variable <code>;SSL_COMP_METHOD</code>;.
48. + </p>;
49. + </section>;
50. +
51.   <section id="lockicon">;<title>;When I use Basic Authentication over HTTPS the lock icon in Netscape browsers
52.   still shows the unlocked state when the dialog pops up. Does this mean the
53.   username/password is still transmitted unencrypted?</title>;
54. diff -cr httpd-2.0.54.orig/modules/ssl/ssl_engine_vars.c httpd-2.0.54/modules/ssl/ssl_engine_vars.c
55. *** httpd-2.0.54.orig/modules/ssl/ssl_engine_vars.c        Fri Feb  4 21:21:18 2005
56. --- httpd-2.0.54/modules/ssl/ssl_engine_vars.c        Tue Jul  5 10:51:40 2005
57. ***************
58. *** 47,52 ****
59. --- 47,53 ----
60.   static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var);
61.   static void  ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize);
62.   static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var);
63. + static char *ssl_var_lookup_ssl_comp_method(SSL *ssl);
64.   
65.   static int ssl_is_https(conn_rec *c)
66.   {
67. ***************
68. *** 282,287 ****
69. --- 283,291 ----
70.           if ((xs = SSL_get_certificate(ssl)) != NULL)
71.               result = ssl_var_lookup_ssl_cert(p, xs, var+7);
72.       }
73. +     else if (ssl != NULL && strlen(var) >;= 11 && strcEQn(var, "COMP_METHOD", 7)) {
74. +             result = ssl_var_lookup_ssl_comp_method(ssl);
75. +     }
76.       return result;
77.   }
78.   
79. ***************
80. *** 594,599 ****
81. --- 598,636 ----
82.       }
83.       return result;
84.   }
85. +
86. + static char *ssl_var_lookup_ssl_comp_method(SSL *ssl)
87. + {
88. +     char *result = "NULL";
89. + #ifdef OPENSSL_VERSION_NUMBER
90. + #if (OPENSSL_VERSION_NUMBER >;= 0x00908000)
91. +     SSL_SESSION *pSession = SSL_get_session(ssl);
92. +
93. +     if (pSession) {
94. +         switch (pSession->;compress_meth) {
95. +         case 0:
96. +             /* default "NULL" already set */
97. +             break;
98. +
99. +             /* Defined by RFC 3749, deflate is coded by "1" */
100. +         case 1:
101. +             result = "DEFLATE";
102. +             break;
103. +
104. +             /* IANA assigned compression number for LZS */
105. +         case 0x40:
106. +             result = "LZS";
107. +             break;
108. +
109. +         default:
110. +             result = "UNKNOWN";
111. +             break;
112. +         }
113. +     }
114. + #endif
115. + #endif
116. +     return result;
117. + }
118.   
119.   /*  _________________________________________________________________
120.   **
121. diff -cr httpd-2.0.54.orig/modules/ssl/ssl_toolkit_compat.h httpd-2.0.54/modules/ssl/ssl_toolkit_compat.h
122. *** httpd-2.0.54.orig/modules/ssl/ssl_toolkit_compat.h        Fri Feb  4 21:21:18 2005
123. --- httpd-2.0.54/modules/ssl/ssl_toolkit_compat.h        Tue Jul  5 11:33:33 2005
124. ***************
125. *** 99,104 ****
126. --- 99,111 ----
127.   #define HAVE_SSL_X509V3_EXT_d2i
128.   #endif
129.   
130. + #ifndef PEM_F_DEF_CALLBACK
131. + #ifdef PEM_F_PEM_DEF_CALLBACK
132. + /* In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
133. + #define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK
134. + #endif
135. + #endif
136. +
137.   #elif defined (SSLC_VERSION_NUMBER) /* RSA */
138.   
139.   /* sslc does not support this function, OpenSSL has since 9.5.1 */

复制代码

Answer 3

我以为只有我遇到了这个问题，看来我的猜测是正确的：BUG！
我当初换回 openssl-0.9.7g 就没事了，你也试试看

Answer 4

你需要惨招修改apache的源代码，我在Linux BSD Windows都通过了的

Answer 5

[quote]原帖由 "HonestQiao"]你需要惨招修改apache的源代码，我在Linux BSD Windows都通过了的[/quote 发表：

需要改哪里？

Answer 6

原帖由 "platinum" 发表：

需要改哪里？

特此留念

http://mail-archives.apache.org/mod_mbox/httpd-dev/200507.mbox/%3c20050705123248.GE23007@2scale.net%3e

modules/ssl/ssl_toolkit_compat.h

1.   #define HAVE_SSL_X509V3_EXT_d2i
2.   #endif
3.   
4. + #ifndef PEM_F_DEF_CALLBACK
5. + #ifdef PEM_F_PEM_DEF_CALLBACK
6. + /* In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
7. + #define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK
8. + #endif
9. + #endif
10. +
11.   #elif defined (SSLC_VERSION_NUMBER) /* RSA */
12.   
13.   /* sslc does not support this function, OpenSSL has since 9.5.1 */

复制代码

Answer 7

改的真不少啊。。。。

Answer 8

不过没什么，修改修改就可以了。

我编译作为WAPM的最新测试，高了好半天，终于敲定了，也不复杂

Answer 9

原帖由 "HonestQiao" 发表：
不过没什么，修改修改就可以了。

我编译作为WAPM的最新测试，高了好半天，终于敲定了，也不复杂

小乔同志对 lighttpd 有没有研究，号称那个比 apache 速度要快，也支持 PHP/CGI/SSL