Need Help with Adding mod_ssl to Apache

From: Bernard Lineham (b.lineham_at_adfa.edu.au)
Date: 09/27/04 

Date: Mon, 27 Sep 2004 10:51:53 +1000

Hi

I have been following the instructions for adding mod_ssl to the
integrated httpd server in Solaris that was posted here last year (a
copy is included below). I am attempting to install mod_ssl onto a
Solaris 9 system and I am using the relevant version of mod_ssl. It is
my preferance to do it this way, retaining the included version of
httpd, rather than to install the web server from another source.

Anyway, after following the instructions below I have attepted to launch
the htppd server and receive the following error message:

Syntax error on line 252 of /etc/apache/httpd.conf:
Cannot load /usr/apache/libexec/libssl.so into server: ld.so.1:
/usr/apache/bin/httpd: fatal: relocation error: file
/usr/apache/libexec/libssl.so: symbol __umoddi3: referenced symbol not found
./apachectl start: httpd could not be started

Can anyone tell me how I might resolve this problem?

Regards,

Bernard Lineham

---Previous Message---
Well, first of all, why are you using the Sun Freeware apache? Solaris 8
ships with apache as well, and if you're up-to-date with your patches,
you will have 1.3.26 and Sun will take care of backporting any security
issues.

Here is my procedure for adding SSL support to the Sun Apache:

1. Make sure you have the the SUNWapchr and SUNWapchu packages installed.

2. Make sure you have the latest Apache patch from Sun installed. For
Solaris 8, that would be patch number 109234 (get the highest revision).

3. You need to have OpenSSl installed.

4. Now unpack the modssl-distribution (you will need the one that goes
with your apache-version, in this case 2.8.9)

5. ./configure --with-apxs=/usr/apache/bin/apxs --with-ssl=SYSTEM

6. You should patch line 23 of pkg.sslmod/Makefile to read:
         SSL_LDFLAGS=-L$(SSL_LIBDIR) -R$(SSL_LIBDIR)
This ensures that your modssl will be able to find openssl later on.

7. make

You could now take the file pkg.sslmod/libssl.so and dump it in
/usr/apache/libexec, then add the appropriate statements to your
httpd.conf. But for extra bonus points, we're going to make a package
instead.

Create a file called 'prototype' in the mod-ssl directory, with these
contents:
f none /usr/apache/libexec/libssl.so=pkg.sslmod/libssl.so 755 root other
i ./pkginfo

Create a file called 'pkginfo' in the mod-ssl directory with these contents:
PKG=Apmodssl
NAME=Apache modssl
ARCH=sparc
VERSION=2.8.9
CATEGORY=system
VENDOR=none
EMAIL=satyen2a@yahoo.com
CLASSES=none

(you might want to change the 'email' setting ;-)

Now run 'pkgmk -o' and you will find your new package in /var/spool/pkg.

To install (only now do we need root permissions):
pkgadd Apmodssl

If you were to install mod-ssl the 'regular' way (recompiling all of
apache etc) it would modify the httpd.conf for you, quite extensively.
This procedure (on purpose) does not modify the httpd.conf at all.

Some of the changes you will need to activate your modssl are:

Add a 'LoadModule ssl_module libexec/libssl.so'

If your httpd.conf has a ClearModule statement, and then a bunch of
AddModule statements, do as the Romans do and add:
'Addmodule mod_ssl.c'

Add to the type-specifications:
'AddType application/x-x509-ca-cert .crt'
'AddType application/x-pkcs7-crl .crl'

'Listen 80 443'

And a -lot- of SSL specific statments that is a bit much to reproduce
here. Mail me if you get this far. Or run a diff between a pristine
httpd.conf and one mangled by modssl.

Now this all works because Sun explicitly compiled their Apache to work
this way. If you want to know all the flags they used, install the Sun
package SUNWapchS (and reinstall the Apache patch so your sources are up
to date, too). Then look in /usr/src/apache/README.sfw which tells how
they compiled their apache. The procedure above might just as well work
for the SunFreeware version, -if- they compiled with EAPI and
--enable-shared.

Hope this helps a bit.

Regards, Paul Boven.

Relevant Pages

  • Re: [SLE] solaris 10 free download
    ... > They try the hard sell, I've even had a phone call from Sun. ... We use Solaris a lot at work and I thought it would be ... > is Linux and most of their x86 corporate sales are Linux. ... I can install Solaris and do the things ...
    (SuSE)
  • Re: [SLE] solaris 10 free download
    ... >> They try the hard sell, I've even had a phone call from Sun. ... We use Solaris a lot at work and I thought it would be ... >> there is Linux and most of their x86 corporate sales are Linux. ... I can install Solaris and do the things ...
    (SuSE)
  • Re: New Solaris 10 install
    ... >the sshd package doesn't generate the system keys nor does it provide ... At least in Solaris 10 the dependencies between "rpc" and the ... of them being reenabled due to upgrades or patch install. ... to opinions held by my employer, Sun Microsystems. ...
    (comp.unix.solaris)
  • Re: How is S10 doing?
    ... promising themselves they'll install it Real Soon ... looking for some numerical basis of convincing skeptics. ... wrote Sun a check to get Solaris 10, or to get support for same. ...
    (comp.unix.solaris)
  • Strange problem with Sun Blade 100 CD drive
    ... original Sun CD-ROM drive in my Sun Blade 100. ... I buttoned the machine up and started a Solaris ... I rebooted when the first part of the install was ... Upon booting I inserted the 2of2 disk and got an error trying ...
    (comp.unix.solaris)