dora12345678 2017-08-15 17:12
浏览 238
已采纳

在CentOS上用OpenSSL重新编译PHP

I have upgraded openssl version to 1.02l from 1.0.1e and PHP version from PHP 5.6 to PHP 7.1.8 (PHP is installed using yum)

The problem is, PHP still detects openssl version to 1.0.1e whereas I want it to be updated to latest openssl version installed i.e 1.0.2l

I want to know what are my options here, how do I go about telling PHP to use the latest installed openssl version?

My finding tells me that the only way to do it is by recompiling PHP? (will appreciate if someone can tell me if there is other way) If the only way is by recompiling, I need help on how to go about it? what are the steps involved. From my understanding, here is how I think I have to do.

  • Remove PHP version installed from YUM
  • Download latest version of PHP from source and unzip in tmp directory
  • Compile & Install PHP

Am I missing anything here?

** UPDATE **

Here are the list of php extensions installed using yum

 php-bcmath                        x86_64       7.1.8-1.el7.remi             @remi-php71        94 k
 php-common                        x86_64       7.1.8-1.el7.remi             @remi-php71       7.9 M
 php-fedora-autoloader             noarch       0.2.1-2.el7                  @epel              14 k
 php-gd                            x86_64       7.1.8-1.el7.remi             @remi-php71       204 k
 php-intl                          x86_64       7.1.8-1.el7.remi             @remi-php71       947 k
 php-json                          x86_64       7.1.8-1.el7.remi             @remi-php71        80 k
 php-mbstring                      x86_64       7.1.8-1.el7.remi             @remi-php71       2.8 M
 php-mysqlnd                       x86_64       7.1.8-1.el7.remi             @remi-php71       850 k
 php-pdo                           x86_64       7.1.8-1.el7.remi             @remi-php71       386 k
 php-pecl-zip                      x86_64       1.13.5-2.el7.remi.7.1        @remi-php71       175 k
 php-php-gettext                   noarch       1.0.12-1.el7                 @epel              57 k
 php-process                       x86_64       7.1.8-1.el7.remi             @remi-php71       180 k
 php-tcpdf                         noarch       6.2.13-1.el7                 @epel              11 M
 php-tcpdf-dejavu-sans-fonts       noarch       6.2.13-1.el7                 @epel             1.5 M
 php-tidy                          x86_64       7.1.8-1.el7.remi             @remi-php71       106 k
 php-xml                           x86_64       7.1.8-1.el7.remi             @remi-php71       851 k

I now want to configure PHP to use this extensions, so far I have comeup with following

./configure --with-openssl --with-openssl-dir=/usr/bin \
    --with-zlib \
    --enable-zip \
    --enable-xmlreader \
    --enable-xmlwriter \
    --enable-opcache \
    --enable-simplexml \
    --with-sqlite3 \
    --with-pdo-sqlite \
    --with-pdo-mysql=mysqlnd \
    --with-mysqli=mysqlnd \
    --with-mysql-sock=/var/lib/mysql/mysql.sock \
    --enable-mysqlnd \
    --with-mcrypt \
    --enable-mbstring \
    --enable-intl \
    --with-png-dir \
    --with-jpeg-dir \
    --enable-gd-native-ttf \
    --with-gd \
    --with-curl \
    --with-bz2 \
    --enable-bcmath

I just want to know now, If I need to enable any extension from above list do I use --enable or --with ? for example how do I enable php-xml. Do I only use --enable-php-xml ?

  • 写回答

2条回答 默认 最新

  • dongtan8122 2017-08-15 17:34
    关注

    Yes, you need to download dev package of openssl (sources/headers), sources of PHP and configure it with following keys:

    --with-openssl --with-openssl-dir=/usr/local/bin
    

    as per PHP Manual > OpenSSL > Installing/Configuring

    You also may want to use other keys like --with-curl=/usr/local or --with-gd -- check with documentation at PHP Manual > Appendices > Configure options and installation manuals for every module your want to compile it with like GD2 or Curl

    NOTE: You will need to download dev-packages of every module you are going to compile - it consumes noticable amount of time, plan accordingly.

    NOTE 2: Keep in mind that all modules you are going to compile into your own build of PHP will be accessible through its functions (like image manipulation, https/curl requests etc), so it is highly recommended to use only stable and proven versions of modules not to add a new vulnerability to your web-site.

    ** UPDATE **

    ./configure --with-openssl --with-openssl-dir=/usr/bin \
        --with-zlib=[DIR] \
        --enable-zip \
        --enable-opcache \
        --with-pdo-mysql=[DIR] \
        --with-mysqli=[DIR] \
        --with-mysql-sock=/var/lib/mysql/mysql.sock \
        --with-mcrypt=[DIR] \
        --enable-mbstring \
        --enable-intl \
        --with-png-dir=[DIR] \
        --with-jpeg-dir=[DIR] \
        --with-gd=[DIR] \
        --with-curl=[DIR] \
        --with-bz2=[DIR] \
        --enable-bcmath
    

    [DIR]'s can be discovered automatically, but I faced a lot of situations when they are different from what PHP expects.

    xmlreader, xmlwriter, simplexml are enabled by default starting with PHP 5.1.2

    sqlite3, pdo-sqlite are enabled by default starting with PHP 5.3.0

    --enable-gd-native-ttf is deprecated starting PHP 5.5.0, removed in PHP 7.2.0.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 双目摄像头标定后的校准文件
  • ¥15 从键盘输入不管多少字符或者数组 输出的时候先提示输出再显示结果 输出的时候字符间间隔一个空格符
  • ¥15 powerbi举证增加度量值后出现对应关系错乱
  • ¥30 频率分析法分析绘制奈奎斯特图、波特图
  • ¥15 弹出来一万个系统找不到指定的文件框框,怎么解决
  • ¥15 ADS生成的微带线为什么是蓝色空心的
  • ¥15 求一下解题思路,完全不懂
  • ¥15 tensorflow
  • ¥15 densenet网络结构中,特征以cat方式复用后是怎么进行误差回传的
  • ¥15 STM32G471芯片spi设置了8位,总是发送16位