I’m successfully compiling OpenSSL 1.1.1c from source for PHP-FPM to use in preference to the system-native OpenSSL (1.0.*). I’m installing OpenSSL 1.1.1c to /etc/php/shared/openssl with the following configure flags (split for clarity): ./config \ --openssldir=/etc/php/shared/openssl \ --prefix=/etc/php/shared/openssl \ -fstack-protector-strong \ -Wl,-rpath,/etc/php/shared/openssl/lib \ no-ssl2 \ no-ssl3 \ no-weak-ssl-ciphers \ shared The `config` and subsequent `make` complete without any visible issues shown. However, /etc/php/shared/openssl/certs is an empty directory. The system-native OpenSSL uses /etc/ssl/certs for its *.pem files, and there are >250 of them in that directory. Are there OpenSSL compile flags to explicitly build or obtain the current up-to-date *.pem files for my PHP-only OpenSSL build, or should be looking elsewhere? Thank you in advance, and best wishes. Please note: my working hours may not be your working hours. Please do not feel obligated to reply outside of your normal work schedule.
|
