search

openresty / openresty-packaging

Official OpenResty packaging source and scripts for various Linux distributions and other systems
https://openresty.org/en/linux-packages.html
175 stars 87 forks source link

openssl version is not as expected #133

Open tweyseo opened 7 months ago

tweyseo commented 7 months ago

i use openresty -V, it gave:

nginx version: openresty/1.17.8.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/OR-1.17.8.2/nginx --with-cc-opt='-O2 -DNGX_LUA_ABORT_AT_PANIC -I./dependent_packages/zlib/include -I./dependent_packages/pcre/include -I./dependent_packages/openssl/include' --add-module=../ngx_devel_kit-0.3.1 --add-module=../echo-nginx-module-0.62 --add-module=../xss-nginx-module-0.06 --add-module=../ngx_coolkit-0.2 --add-module=../set-misc-nginx-module-0.32 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.08 --add-module=../srcache-nginx-module-0.32 --add-module=../ngx_lua-0.10.17 --add-module=../ngx_lua_upstream-0.07 --add-module=../headers-more-nginx-module-0.33 --add-module=../array-var-nginx-module-0.05 --add-module=../memc-nginx-module-0.19 --add-module=../redis2-nginx-module-0.15 --add-module=../redis-nginx-module-0.3.7 --add-module=../ngx_stream_lua-0.0.8 --with-ld-opt='-Wl,-rpath,/usr/local/OR-1.17.8.2/luajit/lib -L./dependent_packages/zlib/lib -L./dependent_packages/pcre/lib -L./dependent_packages/openssl/lib' --with-cc='ccache gcc -fdiagnostics-color=always' --with-pcre-jit --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_v2_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module --with-http_realip_module --with-http_addition_module --with-http_auth_request_module --with-http_secure_link_module --with-http_random_index_module --with-http_gzip_static_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-threads --with-compat --with-stream --with-stream_ssl_preread_module --with-http_ssl_module

the details show i specified the version of openssl:

--with-cc-opt='-O2 -DNGX_LUA_ABORT_AT_PANIC -I./dependent_packages/zlib/include -I./dependent_packages/pcre/include -I./dependent_packages/openssl/include'
--with-ld-opt='-Wl,-rpath,/usr/local/OR-1.17.8.2/luajit/lib -L./dependent_packages/zlib/lib -L./dependent_packages/pcre/lib -L./dependent_packages/openssl/lib'

but in fact, it "built with OpenSSL 1.0.2k-fips 26 Jan 2017" at line 3

zhuizhuhaomeng commented 7 months ago

https://github.com/openresty/openresty-packaging/blob/master/rpm/SPECS/openresty.spec#L197

  1. You can the openssl111 from openresty official repository.
  2. build openresty with openssl111 statically linked: --with-openssl=DIR --with-openssl-opt="-g -O2"