Hi, my setup is: I have a Moodle installation I need to run. So I need Apache, PHP, OpenSSL, iconv, mbstring, curl, zip, etc. . The plan is to have a relatively new PHP (5.6.20) and stay "new" with Apache and OpenSSL. Solaris 11.3 seems to come with Apache 2.4.16, PHP 5.3.29, OpenSSL 1.0.1q, curl 7.35.0, OpenLDAP 2.4.30, and others using the official package repository, so I don't really want to use the official packages for Apache, PHP and OpenSSL. I tried using another package repository (OpenCSW), which seems to provide Apache 2.4.18, PHP 5.6.20, curl 7.48.0, OpenSSL 1.0.1s runtime libraries, OpenLDAP 2.4.40, etc. .The problem there is that officially, the packages have these release numbers, but when I install PHP via pkgutil, I get 5.3.XX ínstead. So I decided to compile from source. I compiled OpenSSL 1.0.2g from source without SSLv2 support (without enable-ssl2), because I don't really want to have SSLv2 support if I don't need it. Compiling Apache with the setup below posed no problem other than httpd not finding 1.0.2g without LD_LIBRARY_PATH. But the problems began when I compiled PHP 5.6.20 from source (I will send my configure call when I'm back at work tomorrow). Basically, the configure checks curl, uses the system curl which tries to use one of the functions in OpenSSL 1.0.2g which are gone. So I had to compile curl 7.48.0. The next problem was the jpeg extension which I solved by setting some -I and -L options and the PKG_CONFIG_PATH (pointing to the openssl and curl dirs) . It seems to have used the system curl as well. Then I had to compile iconv because of unrelated reasons. Then the zip extension wouldn't work so I had to compile libzip. And so on and so on. This all didn't happen when I compiled OpenSSL 1.0.2g with SSLv2 support, by the way (we deactivated SSLv2 in our Apache anyway, and SSLLabs says we're in the clear regarding to Drown). With SSLv2 support, PHP's configure finished without a real warning. And I could build it as well. So I frowned and accepted SSLv2 support for the moment. By the way, you didn't quote my CPPFLAGS and LDFLAGS that I set. Using LDFLAGS, or rather -R I understand that I can set the runtime search path when linking the library. When I "ldd -s httpd", no SSL library is necessary there. And "ldd -s modules/mod_ssl.so" tells me it finds the locally installed 1.0.2g version. So I still don't understand why I need to set LD_LIBRARY_PATH when the linker finds what I want. Yes, I want to avoid using LD_LIBRARY_PATH, because I read about methods (like using -R) that could tell libraries where they should look first and LD_LIBRARY_PATH seems to be a kind of last resort. Notes: - Yes, OpenSSL is compiled as a shared library. - Ideally, I would use /latest links combined with -R to avoid recompiling. - Do I understand the following right? -I tells the compiler where to look for headers during compile time. -L tells the compiler where to find libraries to use in linking during the build. -R tells the Linker where to search for libraries during runtime. Regards, Daniel Poggenpohl ________________________________________ Von: Christopher Schultz [chris@xxxxxxxxxxxxxxxxxxxxxx] Gesendet: Donnerstag, 7. April 2016 20:03 An: users@xxxxxxxxxxxxxxxx Betreff: Re: Self-compiled httpd and OpenSSL: Trying to start httpd without using LD_LIBRARY_PATH -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel, On 4/7/16 11:21 AM, Poggenpohl, Daniel wrote: > I'm working with Solaris 11.3 32Bit. > > I've compiled and installed OpenSSL 1.0.2g with SSLv2 support > (yeah, I know, but I can't get my setup to work without it) using: You need to fix that ... right now. When you say "my setup won't work without it", what do you mean? Please tell me you accidentally typed "SSLv2" instead of "SSLv3", and meant "SSLv3". > My system has OpenSSL 1.0.1q pre-installed. Okay. > I've compiled Apache HTTPD 2.4.18 with the following options: cd > /basedir/installers/httpd-2.4.18 OPENSSLDIR=/basedir/openssl/1.0.2g > \ PKG_CONFIG_PATH=$OPENSSLDIR/lib/pkgconfig:$PKG_CONFIG_PATH \ ; \ > ./configure --prefix=/basedir/apache2/2.4.18 \ --enable-rewrite > --enable-so --enable-dav --enable-deflate \ --enable-authnz-ldap > --enable-ldap --with-ldap \ --enable-ssl --with-ssl=$OPENSSLDIR \ Okay. > When I export LD_LIBRARY_PATH in envvars using the OPENSSLDIR/lib, > apache via PHPInfo finds 1.0.2g. When I don't use LD_LIBRARY_PATH, > the system 1.0.1q is used. > > Can I do something about this? Or is this effect because of PHP? That's totally expected. When you compiled httpd, the - --with-ssl=$OPENSSLDIR really only chose the library header files to use for the compilation. Since OpenSSL is (likely) compiled as a shared-library, the linking is actually done at runtime instead of compile-time. LD_LIBRARY_PATH is how dynamic linking actually locates the libraries that will be used at runtime. Your httpd build information is not retained, and you need to set up the environment to get what you want. Is there a particular problem with setting LD_LIBRARY_PATH, or did you just want to know if you could avoid it? - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlcGoN0ACgkQ9CaO5/Lv0PBWUACcCTt4QOC9+nuxGqRUi1m5vI76 AC4An1vY4posMmjV5ODqG58xYNZi4DYL =s0+x -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx