I am getting following error to start Apache service after upgrading Apache httpd from 2.4.27 to 2.4.28. httpd: Syntax error on line 130 of /opt/SP/apache/httpd_current/conf/httpd.conf: Cannot load modules/mod_ssl.so into server: libssl.so.1.1: cannot open shared object file: No such file or directory Below dependency packages for Apache 2.4.28 are installed: OpenSSL 1.0.2j Apr-1.6.2 Apr-util-1.6.0 Pcre-8.41 It is unable to find libssl.so.1.1 and libcrypto.so.1.1. While in Apache httpd 2.4.27 this two library files were not required. [apache@ ~]$ ldd /opt/SP/apache/httpd_current/modules/mod_ssl.so linux-vdso.so.1 => (0x00007ffe9cf2e000) libssl.so.1.1 => not found libcrypto.so.1.1 => not found librt.so.1 => /lib64/librt.so.1 (0x00007faa35def000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007faa35bb8000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007faa3599b000) libdl.so.2 => /lib64/libdl.so.2 (0x00007faa35797000) libc.so.6 => /lib64/libc.so.6 (0x00007faa353d4000) libfreebl3.so => /lib64/libfreebl3.so (0x00007faa351d0000) /lib64/ld-linux-x86-64.so.2 (0x00007faa3624d000) Could you please check for this issue. Is this related to the recent changes related to mod_ssl, ab: Fix compatibility with LibreSSL. PR 61184. Thanks and Regards, Aakash Lodha
Where is your openssl installation? Have you added the /path/to/openssl/lib directory to LD_LIBRARY_PATH in envvars file or through other means before trying to start httpd?
Moreover, how did you configure/compile httpd? Can you attach the related config.log?
I have installed openssl on below path and same I have used to configure Apache https: /opt/SP/apache/dependency. No I haven't set LD_LIBRARY_PATH separately as it was not required in prior versions(httpd 2.4.27 and prior). Below are the steps used to configure Apache httpd: i. $ ./configure --prefix=/opt/SP/apache/httpd_current --with-apr=/opt/SP/apache/dependency/apr/bin/apr-1-config --with-apr-util=/opt/SP/apache/dependency/apr/bin/apu-1-config --with-pcre=/opt/SP/apache/dependency/pcre --with-ssl=/opt/SP/apache/dependency/openssl --enable-ssl ii. $make iii. $make –n install iv. $make install
> > No I haven't set LD_LIBRARY_PATH separately as it was not required in prior > versions(httpd 2.4.27 and prior). You are making incorrect assumptions, as if this was a new httpd thing, when what you describe is Linux/Unix operative system thing since, for ever. It is *not* necessary *if* you compile against the operative system libssl because those lib files are already in a path your binaries can find, but when you compiled against libssl from another source, your operative system, not just httpd need those SSL libs loaded somewhere if you want binaries to find them. Being that method: /etc/ld.so.conf.d/ or LD_LIBRARY_PATHS called from envvars file before you run httpd. > --with-ssl=/opt/SP/apache/dependency/openssl --enable-ssl According to this, you need at the very least /opt/SP/apache/dependency/openssl/lib in LD_LIBRARY_PATH for mod_ssl to find the ssl libs it was compiled against. And yes, mod_ssl have always needed to find ssl libs it was compiled against, unless compiled statically.
Thanks for the clarification. We haven't set this LD_Library_Path earlier for prior versions. It will be really helpful if you may clear this part why we need to set this now. Below is the current output of LD_Library_Path where Apache httpd 2.4.27 is working fine. [root@*** ~]# echo $LD_LIBRARY_PATH [root@*** ~]# Thanks and Best Regards, Aakash
(In reply to Aakash from comment #5) > Thanks for the clarification. > > We haven't set this LD_Library_Path earlier for prior versions. It will be > really helpful if you may clear this part why we need to set this now. Below > is the current output of LD_Library_Path where Apache httpd 2.4.27 is > working fine. > > [root@*** ~]# echo $LD_LIBRARY_PATH > > [root@*** ~]# > > > > Thanks and Best Regards, > Aakash What delivers ldd against the mod_ssl from your 2.4.27 Apache?
(In reply to Aakash from comment #5) > Thanks for the clarification. > > We haven't set this LD_Library_Path earlier for prior versions. It will be > really helpful if you may clear this part why we need to set this now. Below > is the current output of LD_Library_Path where Apache httpd 2.4.27 is > working fine. > > [root@*** ~]# echo $LD_LIBRARY_PATH > > [root@*** ~]# > > > > Thanks and Best Regards, > Aakash I guess you need to see how you managed to compile previous versions and if you used mod_ssl. Did you compile against external openssl? Then if so, either you were previously using an envvars file pointing to the openssl libraries or you were lucky enough the operative system openssl libs were found and were the same version. By default, httpd has a file called envvars in its bin directory, you will see it is already pointing to the lib directory of httpd itself, if you compiled httpd against other external libraries, other lib directories should go in there, otherwise when you run the binary it will look for the needed libs in system path, with mixed consequences, sometimes it may work and sometimes if the lib versions are too different there will be failures if the names match, or won't find them if the lib files in your system are not the same.
Highly unlikely this is related to httpd. libssl.so.1.1 indicates you have linked to OpenSSL 1.1.0, yet you claim OpenSSL 1.0.2 is in use. It was not. It seems you might have a 1.1 -dev/-devel package installed, while the base or resulting openssl 1.1 libraries are absent. We would need a whole lot more data to figure out where libssl.so.1.1 on your environment is residing, and that's an exercise for the reader, and for help from the users list.
Hi, We have rolled back the apache to version 2.4.27 and tried to do ldd. Following is the result: [apache@*** apache]$ ldd /opt/SP/apache/httpd_current/modules/mod_ssl.so linux-vdso.so.1 => (0x00007ffef4f05000) librt.so.1 => /lib64/librt.so.1 (0x00007fedaf0cf000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fedaee98000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fedaec7b000) libdl.so.2 => /lib64/libdl.so.2 (0x00007fedaea77000) libc.so.6 => /lib64/libc.so.6 (0x00007fedae6b4000) libfreebl3.so => /lib64/libfreebl3.so (0x00007fedae4b0000) /lib64/ld-linux-x86-64.so.2 (0x00007fedaf78f000) Kindly advice. Thanks and best regards, Aakash
Should probaly use something like "configure --enable-ssl-staticlib-deps ..." with 2.4.27.
(In reply to Aakash from comment #9) > Hi, > > We have rolled back the apache to version 2.4.27 and tried to do ldd. > Following is the result: > > [apache@*** apache]$ ldd /opt/SP/apache/httpd_current/modules/mod_ssl.so > linux-vdso.so.1 => (0x00007ffef4f05000) > librt.so.1 => /lib64/librt.so.1 (0x00007fedaf0cf000) > libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fedaee98000) > libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fedaec7b000) > libdl.so.2 => /lib64/libdl.so.2 (0x00007fedaea77000) > libc.so.6 => /lib64/libc.so.6 (0x00007fedae6b4000) > libfreebl3.so => /lib64/libfreebl3.so (0x00007fedae4b0000) > /lib64/ld-linux-x86-64.so.2 (0x00007fedaf78f000) > Kindly advice. > > Thanks and best regards, > Aakash This confirms what was suspected in comment 7: You have compiled httpd 2.4.27 against a self compiled Openssl, but this Openssl was of the same version as the system one. So when you started httpd it used the system one and not the Openssl you compiled on your own. Now that you use a newer version of Openssl for your self compiled Openssl and compile httpd against this, this does no longer work as httpd cannot fall back to the system provided Openssl. To solve this ensure that your self compiled version of Openssl is usable for httpd by either setting LD_LIBRARY_PATH or by making it available to the dynamic linker in general (adding path to linker configuration, installing it in a path the linker already is aware of).
Second warning to stop abusing bugzilla as a user support forum. Please see http://httpd.apache.org/lists.html#http-users