Upgrade mod_ssl version on Solaris 10

November 4, 2010 · Posted in Apache, Solaris · Comments Off on Upgrade mod_ssl version on Solaris 10 

Due to some vulnerabilities in the mod_ssl modules compiled with OpenSSL prior to 0.9.8n I have to upgrade it in my systems.  I have web servers running Apache 2.0.59 and 2.2.15, but there are not mod_ssl.so binaries available to download for this versions, so I decided to compile my own modules.

The first of all is upgrade the OpenSSL, my systems are Solaris 10 with OpenSSL 0.9.7d. In Sunfreeware there are 0.9.8o and 1.0.0a versions but Apache 2.0/2.2 is not compatible with OpenSSL 1.0.0 then we should use 0.9.8o.

# wget ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/openssl-0.9.8o-sol10-sparc-local.gz
# gunzip openssl-0.9.8o-sol10-sparc-local.gz
# pkgadd -d openssl-0.9.8o-sol10-sparc-local

Now we have OpenSSL 0.9.8o installed and we need the source of our Apache version (for me it’s 2.0.59 and 2.2.15), you can download it from here, and if you have a modern version here.

# wget http://archive.apache.org/dist/httpd/httpd-2.0.59.tar.gz

Unpacking and configuring:
# gunzip httpd-2.0.59.tar.gz
# cd httpd-2.0.59
# ./configure --prefix=/usr/local/apache2 --enable-mods-shared=all --enable-ssl=shared --enable-ssl --with-ssl=/usr/local/ssl --enable-proxy --enable-proxy-connect --enable-proxy-ftp --enable-proxy-http

Where --prefix=/usr/local/apache2 is the apache installation directory and --with-ssl=/usr/local/ssl is the OpenSSL 0.9.8o directory.

# make

Now we already have the mod_ssl.so in httpd-2.0.59/modules/ssl/.libs/mod_ssl.so, copy it to /usr/local/apache2/modules/ (or your installation directory) and restart the apache server.