Update Openssl 0.9.x -> 0.9.8d on FreeBSD 5.4

[vingertop]

Hi all,

I browsed this forum and copy and pasted all info to get the OpenSSL port working on BSD 5.4 using DA 1.266 with this build :

APACHE_VER=1.3.37
MODSSL_VER=2.8.28
APACHE2_VER=2.0.59
PHP_VER=4.4.4
GD_VER=2.0.33
#CURL_VER=7.12.2
CURL_VER=7.15.5
ZLIB_VER=1.2.3
#PNG_VER=1.2.10 //lib64 check below
FRONTPAGE_VER=1.6.1
MCRYPT_VER=2.5.7
MODPERL_FILE=mod_perl-1.0-current.tar.gz
MODPERL2_FILE=mod_perl-2.0-current.tar.gz
MODPERL_DIR=mod_perl-1.29
MODPERL2_DIR=modperl-2.0
MHASH_VER=0.9.1
#MHASH_VER=0.9.4a
#MHASH_VER=0.9.2

___

Update OpenSSL on FreeBSD 5.4

Add the following lines to:
/etc/make.conf
WITH_OPENSSL_PORT=yes
WITH_OPENSSL_BETA=yes

Update ports tree.

Install openssl port:
cd /usr/ports/security/openssl
make install clean

Reinstall all ports that depend on openssl:
portupgrade -rf openssl-beta

Reinstall standalone apps including customapache that depend on ssl making sure they use the OpenSSL version in /usr/local not the base version from the distribution :

1st change configure.apache_mod_ssl to reflect new open ssl add /usr to
--with-ssl=/usr/local \

2nd install libltdl to prevent PHP compile error:
cd /usr/local/directadmin/customapache/libmcrypt-2.5.7/libltdl
./configure --enable-ltdl-install
make
make install
make clean

Recompile at least Apache & PHP & Curl or do :
./build clean
./build update
./build all

Restart httpd

Check log file after restart:

[notice] Apache/1.3.37 (Unix) mod_ssl/2.8.28 OpenSSL/0.9.8d PHP/4.4.2 FrontPage/5.0.2.2510 configured -- resuming normal operations

*edit* I had to roll back to php 4.4.2 for some reason yet to pick up.*edit*

**edit** When using Installatron you can get the error :
<< Socket Failed.
Can't create socket connection to ssl://127.0.0.1:2222.Error: No usable domains can be found for this account.>>.
According to Installatron support PHP was not rebuilded correctly.
This can be solved by building customapache with <./build all y>. Any partial builds will not solve the Installatron error somehow.
**edit**
___

Off course always check you rollback scenario. Good Luck !

 

[valentin]

exactly what I needed

Hello Vingertop,

that was basicallly exactly what I needed, however that doesnt work remotely does it ;-)

Best regards

Nils Valentin

 

[vingertop]

This has all been done over a Secure Shell.

 

[valentin]

Thanks for the update

Hi Vingertop,

You are right. For a moment I mistook Openssh and Openssl ;-o.

Never mind. Just realized that after I read your post again ;-)

Does the openssl 0.9.8d already exist for FreeBSD 6.1 ? I somehow get only 0.9.8a.

Thanks again.

Nils Valentin

 

[vingertop]

OpenSSL is "baked-in" the FreeBSD distribution , if you can call it a distribution.

I have not yet implemented FreeBSD 6.1 , but in fact it should be the same , install the port like described and recompile DA like described, in essence this should not be very different from 5.4.

I got a some tests on 6.0 , will try it on that and let you know.

 

[valentin]

Installong OpenBSD

Hi Vingertop,

I came a step forward and went two steps back ;-)

What I mean is I got 0.9.8d compiled and installed somehow, but

1) I get only a libssl.a and libcrypto.a - isnt that supposed to be libssl.so.X and libcrypto.so.X

2) when compiling apache, etc there are now 2 versions of OpenSSL which creates problems when compiling.

I am now carefully reviewing also other instructions in the directadmin forums f.e. like

http://www.directadmin.com/forum/sh...page=20&highlight=update openssl&pagenumber=1

to be able to finally gracefully install a new OpenSSL version without messing up the rest ;-)
Note that the above link info is for Linux, while we are talking about FreeBSD, so certain settings might be different.

Best regards

Nils Valentin

 

[valentin]

Vingertop,

I got now openssl0.9.8d installed and pointed Apache to it.

The machine has now openssl0.97e and openssl0.98d installed which is not really what I wanted, but it seems that I leave it that way (otherwise its killing of my SSH session if I mistake the compiling for openSSL ;-)

So to summarize

openssl0.97e is used for sshd and any other application is using openssl0.9.8d.

Best regards

Nils Valentin