mod_ssl, Apache2 and Leopard with patch -- doesn't work

Tabitha McNerney tabithamc at gmail.com
Sun Jan 6 11:24:24 PST 2008 

Guido,

I just had an idea. Why not use Apple's libssl.so that comes with Leopard
Server, which can be found in:

/usr/libexec/httpd/libssl.so

Based on the output of otool, Apple has built libssl.so against OpenSSL
0.9.7 rather than the troublesome 0.9.8:

$ otool -L libssl.so

libssl.so:
    /usr/lib/libssl.0.9.7.dylib (compatibility version 0.9.7, current
version 0.9.7)
    /usr/lib/libcrypto.0.9.7.dylib (compatibility version 0.9.7, current
version 0.9.7)
    /usr/lib/libgcc_s.1.dylib (compatibility version 1.0.0, current version
1.0.0)
    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version
111.0.0)

Is there any reason why libssl could not be used in place of mod_ssl for
those running MacPorts on Leopard Server? I don't spend enough of my time in
the depths of Apache but I think I will try this out and see what happens.
Note: if this solution works, it would not solve the problem for people who
are running Leopard but not Leopard Server.

Thanks,

T.M.



On 1/6/08, Tabitha McNerney <tabithamc at gmail.com> wrote:
>
>
>
> On 1/5/08, Guido Soranzio <guido.soranzio at gmail.com> wrote:
> >
> >
> > On Jan 6, 2008, at 10:23 AM, Tabitha McNerney wrote:
> >
> > > It sounds as if stripping that would would mean that I would not be
> > > able to use OpenSSL 0.9.7. Hmmm ... that's a bummer.
> >
> > "-export-symbols-regex" is an option for libtool that limits the
> > symbols exported by a module.
> >
> > I don't have yet tested this workaround on apache2, but under Leopard
> > omitting this option from other troublesome makefiles makes accessible
> > again the symbols reported as not to find.
> >
> > Here is a positive report on the "Symbol not found:
> > _ssl_cmd_SSLCACertificateFile"
> > error which happens otherwise with the current apache2 port:
> >
> > <http://www.nabble.com/Re%3A-Apache2%3A-Default-configuration-does-not-work--p14563107.html
> > >
>
>
> Hi Guido,
>
> Thanks for extra pointer. This seems worth trying out. I would rather stay
> with OpenSSL 0.9.8g only (instead of having two versions of OpenSSL). I
> will give this a try and see what I can come up with and will post my
> findings to this email thread on the list.
>
> Best,
>
> T.M.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/macports-users/attachments/20080106/0a0df9d9/attachment.html

More information about the macports-users mailing list