dora12345678
dora12345678
2017-08-15 17:12
浏览 211
已采纳

在CentOS上用OpenSSL重新编译PHP

I have upgraded openssl version to 1.02l from 1.0.1e and PHP version from PHP 5.6 to PHP 7.1.8 (PHP is installed using yum)

The problem is, PHP still detects openssl version to 1.0.1e whereas I want it to be updated to latest openssl version installed i.e 1.0.2l

I want to know what are my options here, how do I go about telling PHP to use the latest installed openssl version?

My finding tells me that the only way to do it is by recompiling PHP? (will appreciate if someone can tell me if there is other way) If the only way is by recompiling, I need help on how to go about it? what are the steps involved. From my understanding, here is how I think I have to do.

  • Remove PHP version installed from YUM
  • Download latest version of PHP from source and unzip in tmp directory
  • Compile & Install PHP

Am I missing anything here?

** UPDATE **

Here are the list of php extensions installed using yum

 php-bcmath                        x86_64       7.1.8-1.el7.remi             @remi-php71        94 k
 php-common                        x86_64       7.1.8-1.el7.remi             @remi-php71       7.9 M
 php-fedora-autoloader             noarch       0.2.1-2.el7                  @epel              14 k
 php-gd                            x86_64       7.1.8-1.el7.remi             @remi-php71       204 k
 php-intl                          x86_64       7.1.8-1.el7.remi             @remi-php71       947 k
 php-json                          x86_64       7.1.8-1.el7.remi             @remi-php71        80 k
 php-mbstring                      x86_64       7.1.8-1.el7.remi             @remi-php71       2.8 M
 php-mysqlnd                       x86_64       7.1.8-1.el7.remi             @remi-php71       850 k
 php-pdo                           x86_64       7.1.8-1.el7.remi             @remi-php71       386 k
 php-pecl-zip                      x86_64       1.13.5-2.el7.remi.7.1        @remi-php71       175 k
 php-php-gettext                   noarch       1.0.12-1.el7                 @epel              57 k
 php-process                       x86_64       7.1.8-1.el7.remi             @remi-php71       180 k
 php-tcpdf                         noarch       6.2.13-1.el7                 @epel              11 M
 php-tcpdf-dejavu-sans-fonts       noarch       6.2.13-1.el7                 @epel             1.5 M
 php-tidy                          x86_64       7.1.8-1.el7.remi             @remi-php71       106 k
 php-xml                           x86_64       7.1.8-1.el7.remi             @remi-php71       851 k

I now want to configure PHP to use this extensions, so far I have comeup with following

./configure --with-openssl --with-openssl-dir=/usr/bin \
    --with-zlib \
    --enable-zip \
    --enable-xmlreader \
    --enable-xmlwriter \
    --enable-opcache \
    --enable-simplexml \
    --with-sqlite3 \
    --with-pdo-sqlite \
    --with-pdo-mysql=mysqlnd \
    --with-mysqli=mysqlnd \
    --with-mysql-sock=/var/lib/mysql/mysql.sock \
    --enable-mysqlnd \
    --with-mcrypt \
    --enable-mbstring \
    --enable-intl \
    --with-png-dir \
    --with-jpeg-dir \
    --enable-gd-native-ttf \
    --with-gd \
    --with-curl \
    --with-bz2 \
    --enable-bcmath

I just want to know now, If I need to enable any extension from above list do I use --enable or --with ? for example how do I enable php-xml. Do I only use --enable-php-xml ?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dongtan8122
    dongtan8122 2017-08-15 17:34
    已采纳

    Yes, you need to download dev package of openssl (sources/headers), sources of PHP and configure it with following keys:

    --with-openssl --with-openssl-dir=/usr/local/bin

    as per PHP Manual > OpenSSL > Installing/Configuring

    You also may want to use other keys like --with-curl=/usr/local or --with-gd -- check with documentation at PHP Manual > Appendices > Configure options and installation manuals for every module your want to compile it with like GD2 or Curl

    NOTE: You will need to download dev-packages of every module you are going to compile - it consumes noticable amount of time, plan accordingly.

    NOTE 2: Keep in mind that all modules you are going to compile into your own build of PHP will be accessible through its functions (like image manipulation, https/curl requests etc), so it is highly recommended to use only stable and proven versions of modules not to add a new vulnerability to your web-site.

    ** UPDATE **

    ./configure --with-openssl --with-openssl-dir=/usr/bin \
    --with-zlib=[DIR] \
    --enable-zip \
    --enable-opcache \
    --with-pdo-mysql=[DIR] \
    --with-mysqli=[DIR] \
    --with-mysql-sock=/var/lib/mysql/mysql.sock \
    --with-mcrypt=[DIR] \
    --enable-mbstring \
    --enable-intl \
    --with-png-dir=[DIR] \
    --with-jpeg-dir=[DIR] \
    --with-gd=[DIR] \
    --with-curl=[DIR] \
    --with-bz2=[DIR] \
    --enable-bcmath

    [DIR]'s can be discovered automatically, but I faced a lot of situations when they are different from what PHP expects.

    xmlreader, xmlwriter, simplexml are enabled by default starting with PHP 5.1.2

    sqlite3, pdo-sqlite are enabled by default starting with PHP 5.3.0

    --enable-gd-native-ttf is deprecated starting PHP 5.5.0, removed in PHP 7.2.0.

    点赞 评论
  • dongmu4591
    dongmu4591 2017-08-15 17:36

    You must re-configure the PHP building process. Instead of using the default configuration in the software obtained by yum, you must instruct your system to use an specific version of the SSL during the compilation.

    If you have installed the last version of OpenSSL, you can go to your PHP source code and configure the bulding before compile the PHP.

    ./configure --with-openssl --with-openssl-dir=/usr/local/bin
    点赞 评论
提交

相关推荐