From: giovanni@paclan.it
Subject: Re: Trying to install Apache 2.4 with OpenSSL 1.1 instead of LibreSSL
To: ports@openbsd.org
Date: Mon, 29 Jan 2024 09:51:14 +0100

On 1/26/24 23:11, Tim wrote:
> I'm trying to troubleshoot an issue where Chrome/Chromium browsers
> randomly fail to correctly use SSL against my web server.
>
This is a known issue, see https://marc.info/?l=openbsd-ports&m=167449054903277&w=2

  
> So I am trying to compile and install an apache-http port with OpenSSL 1.1
> library instead of LibreSSL.
> 
> I have managed to compile and install this customer port, however, I
> don't know if I ultimately succeeded because when it starts it still
> says this in the log file:
> 
> [Fri Jan 26 14:02:57.131803 2024] [mpm_prefork:notice] [pid 67010] AH00163: Apache/2.4.58 (Unix) LibreSSL/3.8.2 configured -- resuming normal operations
> 
> Is this message wrong?  Or am I still ending up with an Apache2
> compiled against LibreSSL instead of OpenSSL?
> 
you can find it by running "ldd /usr/local/lib/apache2/mod_ssl.so".
  Regards
   Giovanni


> This is the Makefile diff I am using:
> 
> --- Makefile.orig       Thu Jan 25 10:26:20 2024
> +++ Makefile    Fri Jan 26 13:44:57 2024
> @@ -3,7 +3,7 @@
>   V=                     2.4.58
>   DISTNAME=              httpd-${V}
>   PKGNAME=               apache-httpd-${V}
> -REVISION=              0
> +REVISION=              1
>   
>   CATEGORIES=            www net
>   
> @@ -17,9 +17,10 @@
>   COMPILER=              base-clang ports-gcc
>   COMPILER_LANGS=                c
>   
> -WANTLIB += apr-1 aprutil-1 brotlicommon brotlienc c crypto curl
> -WANTLIB += db expat iconv jansson lzma m nghttp2 pcre2-8 pthread ssl
> +WANTLIB += apr-1 aprutil-1 brotlicommon brotlienc c curl
> +WANTLIB += db expat iconv jansson lzma m nghttp2 pcre2-8 pthread
>   WANTLIB += xml2 z
> +WANTLIB += lib/eopenssl11/crypto lib/eopenssl11/ssl
>   
>   SITES=                 ${SITE_APACHE:=httpd/}
>   
> @@ -31,7 +32,8 @@
>                          devel/pcre2 \
>                          net/curl \
>                          textproc/libxml \
> -                       www/nghttp2
> +                       www/nghttp2 \
> +                       security/openssl/1.1
>   
>   HTTPD_DIR=             /var/www
>   CONFDIR=               ${SYSCONFDIR}/apache2
> @@ -68,8 +70,10 @@
>                          --with-suexec-caller=www \
>                          --with-suexec-logfile=${LOCALSTATEDIR}/log/suexec2_log
>   
> -CONFIGURE_ENV=         CPPFLAGS="-I${LOCALBASE}/include" \
> -                       LDFLAGS="-L${LOCALBASE}/lib" \
> +#CONFIGURE_ENV=                CPPFLAGS="-I${LOCALBASE}/include" \
> +#                      LDFLAGS="-L${LOCALBASE}/lib" \
> +CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include/eopenssl11/openssl" \
> +               LDFLAGS="-L${LOCALBASE}/lib/eopenssl11 -Wl,-rpath,${LOCALBASE}/lib/eopenssl11" \
>                          AWK=awk \
>                          GREP=grep \
>                          ac_cv_func_ENGINE_init=no \
>