编译安装OPENSSL和APACHE

今天在CentOS6.6上编译安装OpenSSL 1.0.1和Apache 2.2.31，总是报告checking for SSL_CTX_new... no错误，最后在国外一个网站上找到解决办法。人家就一句话就搞定了，效率啊...

一、卸载原来的OpenSSL

查询原安装包

rpm -qa|grep openssl*

或,

rpm -qa|grep ssl*

[root@localhost tmp]# rpm -qa |grep ssl
openssl-0.9.8e-12.el5_4.6
docbook-style-dsssl-1.79-4.1
openssl-devel-0.9.8e-12.el5_4.6
openssl-0.9.8e-12.el5_4.6
openssl-devel-0.9.8e-12.el5_4.6
mod_ssl-2.2.3-43.el5

然后把它们全部卸载掉。卸载方法，参考：Linux下如何卸载软件

二、编译安装openssl

# cd /tmp
# wget http://www.openssl.org/source/openssl-1.0.1.tar.gz
# tar xzvf openssl-1.0.1.tar.gz
# cd openssl-1.0.1
# ./config --prefix=/usr/local/openssl
# make && make install

安装openssl这里设置路径为/usr/local/openssl，下文已经后续安装其它软件，凡是涉及到ssl的，也同样需要指定这个路径，因为我们没有按照系统默认的路径安装。

三、编译安装Apache

# wget http://www.apache.org/dist/httpd/httpd-2.2.31.tar.gz
# tar zxvf httpd-2.2.31.tar.gz
# cd httpd-2.2.31
# ./configure --prefix=/usr/local/apache2 --enable-so --enable-rewrite --enable-ssl --with-ssl=/usr/local/openssl
# make && make install

错误如下：

checking whether to enable mod_ssl... checking dependencies
checking for SSL/TLS toolkit base... /usr/local/ssl
adding "-I/usr/local/ssl/include" to CPPFLAGS
adding "-I/usr/local/ssl/include" to INCLUDES
adding "-L/usr/local/ssl/lib" to LDFLAGS
checking for OpenSSL version... checking openssl/opensslv.h usability... yes
checking openssl/opensslv.h presence... yes
checking for openssl/opensslv.h... yes
checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
OK
forcing SSL_LIBS to "-lssl -lcrypto "
adding "-lssl" to LIBS
adding "-lcrypto" to LIBS
checking openssl/engine.h usability... yes
checking openssl/engine.h presence... yes
checking for openssl/engine.h... yes
checking for SSLeay_version... yes
checking for SSL_CTX_new... no
checking for ENGINE_init... no
checking for ENGINE_load_builtin_engines... no
checking for SSL_set_cert_store... no
configure: error: ... Error, SSL/TLS libraries were missing or unusable 

这在APACHE上一个版本时，有个类似的BUG（地址：https://issues.apache.org/bugzilla/show_bug.cgi?id=48880），那时SSLeay_version... yes这一句都不会过SSLeay_version... no。

最后找到解决办法，执行如下一句设置环境变量：

export LDFLAGS=-ldl

四、APACHE开启HTTPS配置

Redhat下如果是源码编译安装apache2，只需修改../apache2/conf/httpd.conf其中的，

# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf

注释去掉，然后再修改：.../conf/extra/httpd-ssl.conf文件，

<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "/var/www/html"
ServerName 12.34.56.78:443
ServerAdmin you@example.com
ErrorLog "/usr/local/apache2/logs/error_log"
TransferLog "/usr/local/apache2/logs/access_log"
...

设置证书文件路径SSLCertificateFile和SSLCertificateKeyFile文件路径，如果使用的证书SSLCertificateFile里已包含服务器私钥，则需把下面的设置项SSLCertificateKeyFile注释关闭。

SSLCertificateFile "/usr/local/apache2/conf/apache.pem"
#SSLCertificateFile "/usr/local/apache2/conf/server-dsa.crt"


#SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
#SSLCertificateKeyFile "/usr/local/apache2/conf/server-dsa.key"

特别感谢：