Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

enable OpenSSL #1

Closed
terrafrost opened this issue Oct 6, 2019 · 2 comments
Closed

enable OpenSSL #1

terrafrost opened this issue Oct 6, 2019 · 2 comments

Comments

@terrafrost
Copy link
Owner

terrafrost commented Oct 6, 2019

I was able to get PHP to compile with OpenSSL support as can be seen with this commit:

5379da9

...but attempting to use any OpenSSL functions results in a segfault.

Here's what gdb says:

Program terminated with signal 11, Segmentation fault.
#0  0x00007fd3381c5a48 in RSA_public_encrypt () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0

It seems strange that it's trying to use /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 instead of /usr/local/openssl-0.9.8/libcrypto.so.0.9.8. It appears that libcrypto.so.1.0.0 is actually hard-coded in the compiled PHP binary (despite the config options):

strings /usr/local/bin/php | grep "libcrypto.so.1.0.0"

https://museum.php.net/php4/php-4.4.9-Win32.zip has OpenSSL 0.9.8e included. I did try it with that version and the result is the same:

RUN cd /tmp \
    && wget --no-check-certificate http://www.openssl.org/source/openssl-0.9.8e.tar.gz \
    && tar xvfz openssl-0.9.8e.tar.gz \
    && cd openssl-0.9.8e \
    && CFLAGS=-fPIC ./config shared --prefix=/usr/local/openssl-0.9.8 --openssldir=/usr/local/openssl-0.9.8 no-asm \
    && make \
    && make install

I opted to use 0.9.8x (instead of 0.9.8e) because that's what https://www.howtoforge.com/how-to-use-php-4.4.9-fastcgi-with-apache-and-ispconfig-3-debian-wheezy used and 0.9.8x doesn't require the no-asm option, which it seems like could blunt some of the speed of OpenSSL.

@terrafrost
Copy link
Owner Author

I also tried this with debian:squeeze (as opposed to debian:wheezy):

https://pastebin.com/8rUvygZi

That gave the following:

Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 build-essential : Depends: libc6-dev but it is not going to be installed or
                            libc-dev
                   Depends: g++ (>= 4:4.4.3) but it is not going to be installed
E: Broken packages

@terrafrost
Copy link
Owner Author

Thanks to https://stackoverflow.com/a/58280319/569976 OpenSSL now works!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant