Pages

[shishir]

Hi,

I am trying to upgrade upgrade apache 2.2.22/openssl 0.9.8t to apache 2.2.22/openssl 1.0.1.
I have followed the below steps to do so,

1. downloaded the apache 2.2.22/openssl 0.9.8t from apache.org.
2. installed it on one box.
3. Copy the complete apache folder to my server box and replacing the older version of apache folder.
4. retain my old httpd.conf and httpd-ssl.conf files. (till this point apache was getting started)
5. downloaded the zip file "openssl-1.0.1-update-x86.zip" from apachehaus.com.
6. followed the instructions and replaced the files as mentioned in the readme.txt.
7. started the apache but it failed.

I have got the following error in error.log
Apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?

also, while doing the "openssl version", it shows the below warning on console,
WARNING: can't open config file: /apache22/conf/openssl.cnf

Can anybody suggest what is missing or what is going wrong here?

Thanks,
Shishir

[Gregg]

The problem with binaries from apache.org is they are built on Visual C++ 6.0 (VC6), we build our binaries with Visual C++ 2008 (VC9), they are not compatible. So our OpenSSL upgrade is not compatible with the Apache.org server. Your options are therefore use our 2.2.22 which is compatible, or try and find a VC6 build of OpenSSL 1.0.1 and as VC6 is from 1998, the chances are slim.

The config file error is because openssl.cnf file is not in c:\apache22\conf folder. This is where the Apache build process puts it, so that is where we set it to be. This can be overridden by setting an environment variable;
set OPENSSL_CONF=C:\path\to\openssl.cnf

Some day in the near future hopefully for those that prefer binaries from apache.org, they will start having 2.4.x binaries for Windows that will have OpenSSL 1.0.1. They will also be built with the current version of Visual C++. The person that supplies the binaries has spoken out on the subject and was waiting for OSSL 1.0.1 to come out. However, as with all binaries on apache.org, there is no rule internal to the project that states they must supply binaries, those are done on a per volunteer basis, if someone wishes to.