在CentOS上用OpenSSL重新编译PHP

I have upgraded openssl version to 1.02l from 1.0.1e and PHP version from PHP 5.6 to PHP 7.1.8 (PHP is installed using yum)

The problem is, PHP still detects openssl version to 1.0.1e whereas I want it to be updated to latest openssl version installed i.e 1.0.2l

I want to know what are my options here, how do I go about telling PHP to use the latest installed openssl version?

My finding tells me that the only way to do it is by recompiling PHP? (will appreciate if someone can tell me if there is other way) If the only way is by recompiling, I need help on how to go about it? what are the steps involved. From my understanding, here is how I think I have to do.

  • Remove PHP version installed from YUM
  • Download latest version of PHP from source and unzip in tmp directory
  • Compile & Install PHP

Am I missing anything here?

** UPDATE **

Here are the list of php extensions installed using yum

 php-bcmath                        x86_64       7.1.8-1.el7.remi             @remi-php71        94 k
 php-common                        x86_64       7.1.8-1.el7.remi             @remi-php71       7.9 M
 php-fedora-autoloader             noarch       0.2.1-2.el7                  @epel              14 k
 php-gd                            x86_64       7.1.8-1.el7.remi             @remi-php71       204 k
 php-intl                          x86_64       7.1.8-1.el7.remi             @remi-php71       947 k
 php-json                          x86_64       7.1.8-1.el7.remi             @remi-php71        80 k
 php-mbstring                      x86_64       7.1.8-1.el7.remi             @remi-php71       2.8 M
 php-mysqlnd                       x86_64       7.1.8-1.el7.remi             @remi-php71       850 k
 php-pdo                           x86_64       7.1.8-1.el7.remi             @remi-php71       386 k
 php-pecl-zip                      x86_64       1.13.5-2.el7.remi.7.1        @remi-php71       175 k
 php-php-gettext                   noarch       1.0.12-1.el7                 @epel              57 k
 php-process                       x86_64       7.1.8-1.el7.remi             @remi-php71       180 k
 php-tcpdf                         noarch       6.2.13-1.el7                 @epel              11 M
 php-tcpdf-dejavu-sans-fonts       noarch       6.2.13-1.el7                 @epel             1.5 M
 php-tidy                          x86_64       7.1.8-1.el7.remi             @remi-php71       106 k
 php-xml                           x86_64       7.1.8-1.el7.remi             @remi-php71       851 k

I now want to configure PHP to use this extensions, so far I have comeup with following

./configure --with-openssl --with-openssl-dir=/usr/bin \
    --with-zlib \
    --enable-zip \
    --enable-xmlreader \
    --enable-xmlwriter \
    --enable-opcache \
    --enable-simplexml \
    --with-sqlite3 \
    --with-pdo-sqlite \
    --with-pdo-mysql=mysqlnd \
    --with-mysqli=mysqlnd \
    --with-mysql-sock=/var/lib/mysql/mysql.sock \
    --enable-mysqlnd \
    --with-mcrypt \
    --enable-mbstring \
    --enable-intl \
    --with-png-dir \
    --with-jpeg-dir \
    --enable-gd-native-ttf \
    --with-gd \
    --with-curl \
    --with-bz2 \
    --enable-bcmath

I just want to know now, If I need to enable any extension from above list do I use --enable or --with ? for example how do I enable php-xml. Do I only use --enable-php-xml ?

duanmen1887
duanmen1887 是。但后来我用yum升级了openssl。
接近 3 年之前 回复
duandaotui5633
duandaotui5633 请注意,默认情况下RHEL(以及CentOS)7.4都有openssl1.0.2,因此remi存储库中的PHP将使用它(必须等待几周才能看到这种情况发生)
接近 3 年之前 回复
douxuan3095
douxuan3095 我安装的repo已经给了我最新的PHP版本。问题是当我从yum安装它时,不知何故PHP只获得openssl1.0.1e,而我的应用程序与openssl1.2.5或更高版本有依赖关系。
接近 3 年之前 回复
dsbm49845
dsbm49845 也许可以有一个更新的回购?
接近 3 年之前 回复

2个回答

Yes, you need to download dev package of openssl (sources/headers), sources of PHP and configure it with following keys:

--with-openssl --with-openssl-dir=/usr/local/bin

as per PHP Manual > OpenSSL > Installing/Configuring

You also may want to use other keys like --with-curl=/usr/local or --with-gd -- check with documentation at PHP Manual > Appendices > Configure options and installation manuals for every module your want to compile it with like GD2 or Curl

NOTE: You will need to download dev-packages of every module you are going to compile - it consumes noticable amount of time, plan accordingly.

NOTE 2: Keep in mind that all modules you are going to compile into your own build of PHP will be accessible through its functions (like image manipulation, https/curl requests etc), so it is highly recommended to use only stable and proven versions of modules not to add a new vulnerability to your web-site.

** UPDATE **

./configure --with-openssl --with-openssl-dir=/usr/bin \
    --with-zlib=[DIR] \
    --enable-zip \
    --enable-opcache \
    --with-pdo-mysql=[DIR] \
    --with-mysqli=[DIR] \
    --with-mysql-sock=/var/lib/mysql/mysql.sock \
    --with-mcrypt=[DIR] \
    --enable-mbstring \
    --enable-intl \
    --with-png-dir=[DIR] \
    --with-jpeg-dir=[DIR] \
    --with-gd=[DIR] \
    --with-curl=[DIR] \
    --with-bz2=[DIR] \
    --enable-bcmath

[DIR]'s can be discovered automatically, but I faced a lot of situations when they are different from what PHP expects.

xmlreader, xmlwriter, simplexml are enabled by default starting with PHP 5.1.2

sqlite3, pdo-sqlite are enabled by default starting with PHP 5.3.0

--enable-gd-native-ttf is deprecated starting PHP 5.5.0, removed in PHP 7.2.0.

dousong5492
dousong5492 好吧,配置器至少会提到这一点,并指导需要狐狸的地方
接近 3 年之前 回复
doujiekeyan0622
doujiekeyan0622 他可能需要-Wl,-rpath,..,SONAME和New Tags链接器选项,因为Linux库路径非常强大。 30年的Linux库路径问题并没有尽头......
接近 3 年之前 回复
duanli6834
duanli6834 更新的答案,检查。
接近 3 年之前 回复
doukuibi9631
doukuibi9631 我有最后一个问题。 我安装了几个模块,我需要使用./configure启用它。 你可以参考我的问题(我已经更新了)我需要帮助来确定我的命令启用模块是否正确。
接近 3 年之前 回复
dsoihsnz85757
dsoihsnz85757 应该工作 - 检查模块的安装手册。 您需要使用--with-gd进行编译才能使用gd2.so.
接近 3 年之前 回复
dongyi1441
dongyi1441 它是PHP的相同版本。 从yum安装的版本是PHP 7.1.8,下载的版本也是7.1.8。 如果PHP版本匹配,是否意味着我可以使用它?
接近 3 年之前 回复
doudiewen9435
doudiewen9435 最有可能你需要使用phpize重新编译它们,因为PHP的版本可能会有所不同
接近 3 年之前 回复
douchun2158
douchun2158 另一个问题:我已经在我的服务器上从yum安装了所有必需的PHP模块。 我只删除了PHP并没有删除任何模块。 那么在编译/安装时我可以告诉PHP使用从yum安装的所有模块吗?
接近 3 年之前 回复
doulue1949
doulue1949 正确。 如果路径中存在任何错误,请不要担心 - 配置会在您花时间进行编译之前告诉您。
接近 3 年之前 回复
dongyun9120
dongyun9120 只是为了确认。 当我运行哪个openssl它会显示我/ usr / bin / openssl所以我需要更新参数--with-openssl-dir = / usr / bin?
接近 3 年之前 回复



您必须重新配置PHP构建过程。 您必须指示系统在编译期间使用特定版本的SSL,而不是使用 yum </ code>获得的软件中的默认配置。</ p>

如果您 已安装最新版本的OpenSSL,您可以在编译PHP之前转到PHP源代码并配置bulding。</ p>

  ./ configure --with-openssl --with  -openssl-dir = / usr / local / bin 
</ code> </ pre>
</ div>

展开原文

原文

You must re-configure the PHP building process. Instead of using the default configuration in the software obtained by yum, you must instruct your system to use an specific version of the SSL during the compilation.

If you have installed the last version of OpenSSL, you can go to your PHP source code and configure the bulding before compile the PHP.

./configure --with-openssl --with-openssl-dir=/usr/local/bin 

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐