-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel, On 4/7/16 2:52 PM, Poggenpohl, Daniel wrote: > my setup is: I have a Moodle installation I need to run. So I need > Apache, PHP, OpenSSL, iconv, mbstring, curl, zip, etc. . The plan > is to have a relatively new PHP (5.6.20) and stay "new" with Apache > and OpenSSL. > > [snip] > > This all didn't happen when I compiled OpenSSL 1.0.2g with SSLv2 > support, by the way (we deactivated SSLv2 in our Apache anyway, > and SSLLabs says we're in the clear regarding to Drown). With SSLv2 > support, PHP's configure finished without a real warning. And I > could build it as well. So I frowned and accepted SSLv2 support for > the moment. Okay, so: 1. Things just don't seem to work if you compile without SSLv2 2. You don't actually need it, so it's disabled everywhere That's fine. It would be good to find out *why* SSLv2 support is required for everything to build/run properly, but it's not an anormous concern just to have it in the binary. > By the way, you didn't quote my CPPFLAGS and LDFLAGS that I set. > Using LDFLAGS, or rather -R I understand that I can set the > runtime search path when linking the library. When I "ldd -s > httpd", no SSL library is necessary there. And "ldd -s > modules/mod_ssl.so" tells me it finds the locally installed 1.0.2g > version. So I still don't understand why I need to set > LD_LIBRARY_PATH when the linker finds what I want. Hmm. I'm not familiar enough with the httpd build process to know what the exact implications of using -R are. > Yes, I want to avoid using LD_LIBRARY_PATH, because I read about > methods (like using -R) that could tell libraries where they > should look first and LD_LIBRARY_PATH seems to be a kind of last > resort. If -R is supposed to work, then by all means use -R. Just be aware that if you need to upgrade OpenSSL, you either need to use a version-independent installation path (e.g. /usr/local/openssl/current - -- I'd recommend a symlink for this purpose), or you'll need to recompile httpd (mod_ssl, really). Someone else will have to comment on why -R might not be having the intended effect. > Notes: - Yes, OpenSSL is compiled as a shared library. - Ideally, I > would use /latest links combined with -R to avoid recompiling. :) > - Do I understand the following right? -I tells the compiler where > to look for headers during compile time. -L tells the compiler > where to find libraries to use in linking during the build. -R > tells the Linker where to search for libraries during runtime. Precisely. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlcGwEcACgkQ9CaO5/Lv0PBSVwCgwaYwPlK5IjWi9l+5Qo5hk4XE 1w8AoI2JmTc9VdnK/kkwoaU/cVVRtkrA =phx0 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx