Summary: Apache with mod_ssl on Solaris 9 (from source)

From: Andreas Höschler <ahoesch_at_smartsoft.de>
Date: Sat Dec 18 2004 - 06:31:33 EST
Dear managers,

thanks to

Christophe Dupre <duprec@scorec.rpi.edu>
"Luc I. Suryo" <luc@suryo.com>

and others. I was finally able to build Apache from source on Solaris 9
and get ssl to work. I thought this would be less tricky. First to
Apache 2.x. These sources did not build for me. I got this error

/usr/share/src/httpd-2.0.50/srclib/apr/libtool --silent --mode=compile
gcc  -g -O2 -pthreads    -DSOLARIS2=9 -D_POSIX_PTHREAD_SEMANTICS
-D_REENTRANT -DAP_HAVE_DESIGNATED_INITIALIZER
-I/usr/share/src/httpd-2.0.50/srclib/apr/include
-I/usr/src/httpd-2.0.50/srclib/apr/include
-I/usr/share/src/httpd-2.0.50/srclib/apr-util/include
-I/usr/src/httpd-2.0.50/srclib/apr-util/include
-I/usr/src/httpd-2.0.50/srclib/apr-util/xml/expat/lib -I.
-I/usr/src/httpd-2.0.50/os/unix
-I/usr/src/httpd-2.0.50/server/mpm/prefork
-I/usr/src/httpd-2.0.50/modules/http
-I/usr/src/httpd-2.0.50/modules/filters
-I/usr/src/httpd-2.0.50/modules/proxy -I/usr/src/httpd-2.0.50/include
-I/usr/src/httpd-2.0.50/modules/generators
-I/usr/local/ssl/include/openssl -I/usr/local/ssl/include
-I/usr/src/httpd-2.0.50/modules/dav/main -prefer-non-pic -static -c
exports.c && touch exports.lo
exports.c:1574: error: redefinition of 'ap_hack_apr_base64_encode_len'
exports.c:177: error: previous definition of
'ap_hack_apr_base64_encode_len' was here
exports.c:1575: error: redefinition of 'ap_hack_apr_base64_encode'
...

According to google this is a known bug and replacing
build/make_exports.awk with a newer version is supposed to fix it, but
I didn't find a newer version, so this did not get me any further.

I then retried to build apache 1.3.27 and finally was successfull.
First forget openssl 0.9.6. It has a bug that does not allow you to
create reasonable signatures and certificates. openssl-0.9.7e seems a
good choice.  Second there is a bug in mod_ssl that breaks the
compilation of apache, since some bad file is recreated by flex during
the build process, which breaks the whole thing. So here is what has
worked for me on Solaris 8 and Solaris 9.

Get the apache sources and unpack.

	cd /usr/src
	ftp sunsite.informatik.rwth-aachen.de
	cd /pub/mirror/ftp.sunfreeware.com/SOURCES
	passive
	bin
	get apache-1.3.27.tar.gz
	get mod_ssl-2.8.12-1.3.27.tar.gz
	get openssl-0.9.7e.tar.gz
	quit

	gunzip apache-1.3.27.tar.gz
	tar xvf apache-1.3.27.tar

	gunzip mod_ssl-2.8.12-1.3.27.tar.gz
	tar xvf mod_ssl-2.8.12-1.3.27.tar

	gunzip openssl-0.9.7e.tar.gz
	tar xvf openssl-0.9.7e.tar

Build openssl.

	cd openssl-0.9.7e
   	./config
   	make
  	make test
	make install
	cd ..

Apply a patch to the Apache sources and build apache.

	cd mod_ssl-2.8.12-1.3.27
	./configure --with-apache=../apache_1.3.27
	cd ..

	cd apache_1.3.27
	export SSL_BASE=/usr/local/ssl
	./configure --prefix=/usr/local/apache --enable-module=all
--enable-shared=max --enable-module=so --enable-module=ssl
--enable-shared=ssl --enable-module=most --disable-module=auth_db

	cp /usr/src/mod_ssl-2.8.12-1.3.27/pkg.sslmod/ssl_expr_scan.c
/usr/src/apache_1.3.27/src/modules/ssl/ssl_expr_scan.c

	make
	make certificate TYPE=custom
	make install
	cd ..

Now build mod_ssl (it seems that this is not really necessary).

	cd mod_ssl-2.8.12-1.3.27
	./configure --with-ssl=../openssl-0.9.6i
--with-apxs=/usr/local/apache/bin/apxs
	make
	make install

The following command gives a list of available and statically linked
modules.

	/usr/local/apache/bin/httpd -l

We now need to set the correct ServerName in httpd.conf. All other
values should have been automatically set by the build process. Make
sure no other httpd daemon is running.

	pico /usr/local/apache/conf/httpd.conf
	tail -f /usr/local/apache/logs/error_log

	/usr/local/apache/bin/apachectl startssl
	/usr/local/apache/bin/apachectl start

Building from sources creates a start script with the start options
start and startssl. The package from sunfreeware.com does not know
about startssl.

Regards,

      Andreas

> -----Original Message-----
> From: sunmanagers-bounces@sunmanagers.org
> [mailto:sunmanagers-bounces@sunmanagers.org] On Behalf Of Andreas
> Hvschler
> Sent: Saturday, December 18, 2004 12:22 AM
> To: sunmanagers@sunmanagers.org
> Subject: Apache with mod_ssl on Solaris 9 (from source)
>
> Dear managers,
>
> I am still trying to get this working. Somebody mentioned that there
> was a problem with the openssl 0.9.6i package from sunfreeware.com.
> Therefore I decided to install from source. I did the following:
>
> 	gunzip apache-1.3.27.tar.gz
> 	tar xvf apache-1.3.27.tar
>
> 	gunzip mod_ssl-2.8.12-1.3.27.tar.gz
> 	tar xvf mod_ssl-2.8.12-1.3.27.tar
>
> 	gunzip openssl-0.9.6i.tar.gz
> 	tar xvf openssl-0.9.6i.tar
>
> Build OpenSSL.
>
> 	cd openssl-0.9.6i
>    	./config
>    	make
>   	make test
> 	make install
> 	cd ..
>
> Apply a patch to the Apache sources and build apache.
>
> 	cd mod_ssl-2.8.12-1.3.27
> 	./configure --with-apache=../apache_1.3.27 --with-eapi-only
> 	cd ..
>
> 	cd apache_1.3.27
> 	./configure --prefix=/usr/local/apache --enable-module=all
> --enable-shared=max --enable-rule=EAPI --with-layout=Apache
> --disable-module=auth_db
> 	make
> 	make install
> 	cd ..
>
> Now build mod_ssl
>
> 	cd mod_ssl-2.8.12-1.3.27
> 	./configure --with-ssl=../openssl-0.9.6i
> --with-apxs=/usr/local/apache/bin/apxs
> 	make
> 	make install
>
> The follwing command gives a list of available and statically linked
> modules.
>
> 	/usr/local/apache/bin/httpd -l
>
> Compiled-in modules:
>    http_core.c
>    mod_so.c
> suexec: disabled; invalid wrapper /usr/local/apache/bin/suexec
>
> Create certificate.
>
> 	cd /usr/local/ssl/certs
> 	...
> 	...
> 	cp server.key /usr/local/apache/conf/advanced-it.key
> 	cp server.crt /usr/local/apache/conf/advanced-it.crt
>
> I then edited httpd.conf
>
> 	Port 80
> 	Listen 80
> 	Listen 443
> 	ServerAdmin ahoesch@advanced-it.org
> 	ServerName www.advanced-it.org
>
> <VirtualHost _default_:443>
> SSLEngine on
> SSLCertificateFile /usr/local/apache/conf/advanced-it.crt
> SSLCertificateKeyFile /usr/local/apache/conf/advanced-it.key
> BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0
> force-response-1.0
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> </VirtualHost>
>
> and started the guy. Now I get
>
> /usr/local/apache/bin/apachectl start
>
> Syntax error on line 1054 of /usr/local/apache/conf/httpd.conf:
> Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module
> not included in the server configuration
> /usr/local/apache/bin/apachectl start: httpd could not be started
>
> I hoped the above process from sunfreeware.com would setup apache with
> mod_ssl. What is still missing? Thanks a lot!
>
> Regards,
>
>    Andreas
> _______________________________________________
> sunmanagers mailing list
> sunmanagers@sunmanagers.org
> http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Sat Dec 18 06:32:02 2004

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:41 EST