dora12345678 2017-08-15 17:12
浏览 237
已采纳

在CentOS上用OpenSSL重新编译PHP

I have upgraded openssl version to 1.02l from 1.0.1e and PHP version from PHP 5.6 to PHP 7.1.8 (PHP is installed using yum)

The problem is, PHP still detects openssl version to 1.0.1e whereas I want it to be updated to latest openssl version installed i.e 1.0.2l

I want to know what are my options here, how do I go about telling PHP to use the latest installed openssl version?

My finding tells me that the only way to do it is by recompiling PHP? (will appreciate if someone can tell me if there is other way) If the only way is by recompiling, I need help on how to go about it? what are the steps involved. From my understanding, here is how I think I have to do.

  • Remove PHP version installed from YUM
  • Download latest version of PHP from source and unzip in tmp directory
  • Compile & Install PHP

Am I missing anything here?

** UPDATE **

Here are the list of php extensions installed using yum

 php-bcmath                        x86_64       7.1.8-1.el7.remi             @remi-php71        94 k
 php-common                        x86_64       7.1.8-1.el7.remi             @remi-php71       7.9 M
 php-fedora-autoloader             noarch       0.2.1-2.el7                  @epel              14 k
 php-gd                            x86_64       7.1.8-1.el7.remi             @remi-php71       204 k
 php-intl                          x86_64       7.1.8-1.el7.remi             @remi-php71       947 k
 php-json                          x86_64       7.1.8-1.el7.remi             @remi-php71        80 k
 php-mbstring                      x86_64       7.1.8-1.el7.remi             @remi-php71       2.8 M
 php-mysqlnd                       x86_64       7.1.8-1.el7.remi             @remi-php71       850 k
 php-pdo                           x86_64       7.1.8-1.el7.remi             @remi-php71       386 k
 php-pecl-zip                      x86_64       1.13.5-2.el7.remi.7.1        @remi-php71       175 k
 php-php-gettext                   noarch       1.0.12-1.el7                 @epel              57 k
 php-process                       x86_64       7.1.8-1.el7.remi             @remi-php71       180 k
 php-tcpdf                         noarch       6.2.13-1.el7                 @epel              11 M
 php-tcpdf-dejavu-sans-fonts       noarch       6.2.13-1.el7                 @epel             1.5 M
 php-tidy                          x86_64       7.1.8-1.el7.remi             @remi-php71       106 k
 php-xml                           x86_64       7.1.8-1.el7.remi             @remi-php71       851 k

I now want to configure PHP to use this extensions, so far I have comeup with following

./configure --with-openssl --with-openssl-dir=/usr/bin \
    --with-zlib \
    --enable-zip \
    --enable-xmlreader \
    --enable-xmlwriter \
    --enable-opcache \
    --enable-simplexml \
    --with-sqlite3 \
    --with-pdo-sqlite \
    --with-pdo-mysql=mysqlnd \
    --with-mysqli=mysqlnd \
    --with-mysql-sock=/var/lib/mysql/mysql.sock \
    --enable-mysqlnd \
    --with-mcrypt \
    --enable-mbstring \
    --enable-intl \
    --with-png-dir \
    --with-jpeg-dir \
    --enable-gd-native-ttf \
    --with-gd \
    --with-curl \
    --with-bz2 \
    --enable-bcmath

I just want to know now, If I need to enable any extension from above list do I use --enable or --with ? for example how do I enable php-xml. Do I only use --enable-php-xml ?

  • 写回答

2条回答 默认 最新

  • dongtan8122 2017-08-15 17:34
    关注

    Yes, you need to download dev package of openssl (sources/headers), sources of PHP and configure it with following keys:

    --with-openssl --with-openssl-dir=/usr/local/bin
    

    as per PHP Manual > OpenSSL > Installing/Configuring

    You also may want to use other keys like --with-curl=/usr/local or --with-gd -- check with documentation at PHP Manual > Appendices > Configure options and installation manuals for every module your want to compile it with like GD2 or Curl

    NOTE: You will need to download dev-packages of every module you are going to compile - it consumes noticable amount of time, plan accordingly.

    NOTE 2: Keep in mind that all modules you are going to compile into your own build of PHP will be accessible through its functions (like image manipulation, https/curl requests etc), so it is highly recommended to use only stable and proven versions of modules not to add a new vulnerability to your web-site.

    ** UPDATE **

    ./configure --with-openssl --with-openssl-dir=/usr/bin \
        --with-zlib=[DIR] \
        --enable-zip \
        --enable-opcache \
        --with-pdo-mysql=[DIR] \
        --with-mysqli=[DIR] \
        --with-mysql-sock=/var/lib/mysql/mysql.sock \
        --with-mcrypt=[DIR] \
        --enable-mbstring \
        --enable-intl \
        --with-png-dir=[DIR] \
        --with-jpeg-dir=[DIR] \
        --with-gd=[DIR] \
        --with-curl=[DIR] \
        --with-bz2=[DIR] \
        --enable-bcmath
    

    [DIR]'s can be discovered automatically, but I faced a lot of situations when they are different from what PHP expects.

    xmlreader, xmlwriter, simplexml are enabled by default starting with PHP 5.1.2

    sqlite3, pdo-sqlite are enabled by default starting with PHP 5.3.0

    --enable-gd-native-ttf is deprecated starting PHP 5.5.0, removed in PHP 7.2.0.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
  • dongmu4591 2017-08-15 17:36
    关注

    You must re-configure the PHP building process. Instead of using the default configuration in the software obtained by yum, you must instruct your system to use an specific version of the SSL during the compilation.

    If you have installed the last version of OpenSSL, you can go to your PHP source code and configure the bulding before compile the PHP.

    ./configure --with-openssl --with-openssl-dir=/usr/local/bin 
    
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 ECharts 增加Zoom,整行包括右边的Text一起滑动
  • ¥15 关于网上一个easyx制作的见缝插针小游戏(c++)
  • ¥15 开地址法双散列函数处理碰撞
  • ¥15 想问一下这个是什么情况 虚拟机Linux打不开了
  • ¥15 联通光猫掉注册了怎么重新注册上去
  • ¥15 关于unity开发steamvr程序遇到的问题
  • ¥60 求tc downloader的下载方式
  • ¥15 华为 快捷方式 手电筒 接口
  • ¥15 Qt6.5支不支持Android13开发啊
  • ¥20 网络只能跑一半,应该如何设置