Alright -- having a bad couple days here compiling Apache 2.2.21 on CentOS 5.7 with the following configure commands:
./configure --enable-ssl=shared --with-ssl=/usr/local/openssl
I've compiled from source OpenSSL 1.0.0e from source:
./config --prefix=/usr/local --openssldir=/usr/local/openssl shared zlib-dynamic
I attempt to start Apache and it returns:
httpd: Syntax error on line 54 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/mod_ssl.so into server: /usr/local/apache2/modules/mod_ssl.so: undefined symbol: SSL_get_servername
If I look at how the libraries are linked, this is what I get:
[root@web1 modules]# ldd mod_ssl.so
libssl.so.6 => /lib64/libssl.so.6 (0x00002aaaaace4000)
libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002aaaaaf30000)
libdl.so.2 => /lib64/libdl.so.2 (0x00002aaaab281000)
libz.so.1 => /lib64/libz.so.1 (0x00002aaaab486000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00002aaaab69a000)
libc.so.6 => /lib64/libc.so.6 (0x00002aaaab8b5000)
libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00002aaaabc0e000)
libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002aaaabe3c000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002aaaac0d1000)
libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002aaaac2d4000)
/lib64/ld-linux-x86-64.so.2 (0x0000555555554000)
libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00002aaaac4f9000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002aaaac702000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00002aaaac904000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00002aaaacb19000)
libsepol.so.1 => /lib64/libsepol.so.1 (0x00002aaaacd32000)
Basically, I've tired compiling from source OpenSSL (both 0.9.8r and 1e), having yum reinstall from the repos, done a make clean and remade both OpenSSL and Apache numerous times -- but I can't get it to compile into the apache base or dynamically as a shared object file.
What am I doing wrong here?
Update 1:
After doing a make clean and make distclean, I've reconfigured with the same parameters as above without any effect.
The config.log is at Pastebin.
Update 2:
Modifying the LD_LIBRARY_PATH had no effect on the lib-deps of mod_ssl.so.
UPDATE 3:
I've compiled and recompiled many times, and verified with ldconfig that the OpenSSL libs dir is in my path, and included in ld.so.conf. Still cannot get httpd/mod_ssl to load the library at runtime.
When you compiled Apache you should have "--enable-so". I think you must have because the so module is trying to load.
Also after compiling openssl ensure the system can find the shared library with "/sbin/ldconfig -v /usr/local/openssl/lib"
and I also like to edit /etc/ld.so.conf.d/local.conf to add a line for /usr/local/openssl/lib
I recall that openssl doesn't make shared libraries by default. I do this:
./Configure --prefix=/usr/local/openssl linux-elf shared
Then you still have to do ldconfig as above. And tell apache where to find ssl libs.
Had the same problem few minutes again, so I add:
and the parameter for ./configure (Apache) modified from:
to
and no its ok.
would indicate that you're not linking against the openssl in /usr/local. do a "make clean && makedistclean" for both your apache/openssl builds, then rebuild/install openssl. ./configure [your options] apache, and check its config.log to make sure that it's linking against the correct openssl lib.
alternatively, please provide the output of your existing config.log
It is definitely linking to the wrong OpenSSL install as pointed out previously. You should have /usr/local/ssl/lib in ld.so.conf, but try it with the following Apache configure command:
Also, are you sure OpenSSL itself is compiling as intended? Could it be failing to make shared libraries itself and falling back to static but still compiling successfully?
Check the SELinux logs. You have to tag the binaries with the proper SELinux attribute.