I've now been able to use the latest OpenSSL for mod_ssl while keeping
the system OpenSSL thanks to Ivan Ristic's examples in his books and
tutorials. His method is to compile mod_ssl statically linked with the
latest openssl while compiling all other modules dynamically.
My slightly-modified configure in a bash script looks like this:
SSLDIR=/opt/openssl
export LDFLAGS="-L${SSLDIR}/lib"
.
./configure \
--prefix=/usr/local/apache2 \
--with-included-apr \
--enable-ssl \
--enable-ssl-staticlib-deps \
--enable-mods-static=ssl \
--with-ssl=${SSLDIR} \
--enable-mods-shared=reallyall \
--with-perl \
--with-python \
--enable-layout=Apache \
--with-pcre=/usr/local/bin/pcre-config \
--without-ldap \
--enable-session-crypto \
--with-crypto
Note the definition of LDFLAGS. During the build, apache uses the
local openssl with no unknown symbol problems. Then, after
installation, apache uses the system openssl, but the important part,
mod_ssl, is still using the local openssl since it was statically
compiled--again, no unknown symbol problems.
.
I have been successfully running Apache 2.4 for some time now with
several virtual https-only sites with no apparent problems.
.
Best regards,
-Tom
