怎样编译安装mod_gnutls

2016年9月20日 | 分类: 【技术】

【介绍】

mod_gnutls 是 RFC3546 中的 Server Name Indication (SNI)的一个解决方案,通过 TLS extension 达成 name-based 的 SSL 虚拟主机设定。

mod_gnutls 的开发目的类似于 mod_ssl,但它并不依赖 OpenSSL。 OpenSSL 0.9.8 已经内置这一功能,新版的Nginx也支持SNI。

【依赖】

需要安装GNUTLS:

参考:http://amon.org/gnutls

【安装】

参考:https://mod.gnutls.org/wiki/develop

下载:https://mod.gnutls.org/downloads/

最新版本:mod_gnutls-0.9.0
实证版本:mod_gnutls-0.9.0

wget https://mod.gnutls.org/downloads/mod_gnutls-0.9.0.tar.bz2 && tar -xjvf mod_gnutls-0.9.0.tar.bz2 && cd mod_gnutls-0.9.0
export LIBGNUTLS_CFLAGS="-I/usr/include/gnutls" LIBGNUTLS_LIBS="-L/usr/lib -lgnutls"
./configure --with-apxs=/usr/local/apache2/bin/apxs
make && make install

配置信息:

Configuration summary for mod_gnutls:

   * mod_gnutls version:        0.9.0
   * Apache Modules directory:  /usr/local/apache2/modules
   * GnuTLS Library version:
   * CFLAGS for GnuTLS:         -I/usr/include/gnutls
   * LDFLAGS for GnuTLS:        -L/usr/lib -lgnutls
   * SRP Authentication:        yes
   * MSVA Client Verification:  no
   * Build documentation:       no

输出:

...
Libraries have been installed in:
   /usr/local/apache2/modules

输出:

...
Libraries have been installed in:
   /usr/local/apache2/modules
...

编译安装完成。

【验证】

设置Apache,重启Apache之后,查看phpinfo:

...
Apache Environment
Variable	Value
HTTPS 	on
SSL_VERSION_LIBRARY 	GnuTLS/3.6.5
SSL_VERSION_INTERFACE 	mod_gnutls/0.9.0
SSL_PROTOCOL 	TLS1.3 
...

【排错】

make 时报错:gnutls_cache.c:55:24: fatal error: apr_escape.h: No such file or directory

参考:https://github.com/mikkolehtisalo/mod_gllog/issues/1
参考:https://issues.jboss.org/browse/MODCLUSTER-453?page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel&showAll=true&_sscc=t

先编译安装apr+apr-util:http://amon.org/apr

直接拷贝 /usr/local/apr/include/apr-1/apr_escape.h 到源码目录:

cp -R /usr/local/apr/include/apr-1/apr_escape.h /root/mod_gnutls/src/

问题解决!

make check时报错:/bin/sh: pem2openpgp: command not found

参考:https://lists.gt.net/gnupg/users/64409

yum install monkeysphere

问题解决!

重启Apache,报错:undefined symbol: apr_escape_hex

httpd: Syntax error on line 36 of /usr/local/apache2/conf/httpd.conf: Cannot load modules/mod_gnutls.so into server: /usr/local/apache2/modules/mod_gnutls.so: undefined symbol: apr_escape_hex

可能原因:系统载入的apr版本和apache编译时使用的apr版本不一致,但尝试保持一致之后,问题依然不能解决。

/usr/local/apache2/bin/httpd -V

输出:

Server version: Apache/2.4.23 (Unix)
Server built:   Dec 20 2016 03:07:00
Server's Module Magic Number: 20120211:61
Server loaded:  APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture:   64-bit
Server MPM:     worker
  threaded:     yes (fixed thread count)
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/usr/local/apache2"
 -D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

【参考】

参考:https://openrepos.net/content/inte/taskwarrior
参考:https://httpd.apache.org/docs/current/mod/mod_authn_dbm#authdbmuserfile
参考:https://www.linuxunbound.com/2011/07/using-gnutls-with-apache-httpd-2-2/
参考:https://qnalist.com/questions/6428858/users-httpd-dso-load-failed-when-using-mod-authn-dbm-for-berkeley-db
参考:https://www.experts-exchange.com/questions/21140440/mod-ssl-Cannot-open-SSLSessionCache-DBM-file
参考:https://qnalist.com/questions/986000/users-httpd-cannot-open-sslsessioncache-dbm-file
参考:http://addls.com/1%e4%b8%aaipn%e4%b8%aa%e5%9f%9f%e5%90%8dn%e4%b8%aa%e8%af%81%e4%b9%a6
参考:https://holmesian.org/linode-vps-centos-anyconnect
参考:https://ma.ttias.be/day-google-chrome-disables-http2-nearly-everyone-may-31st-2016/
参考:http://gnupg.10057.n7.nabble.com/GnuTLS-OpenSSL-support-for-TLS1-1-1-2-td26933
参考:https://www.linuxunbound.com/2011/07/using-gnutls-with-apache-httpd-2-2/
参考:https://sourceforge.net/p/mod-gnutls/mailman/mod-gnutls-support/
参考:http://www.outoforder.cc/projects/apache/mod_gnutls/docs/