Ability to Override CurlSSL and OpenSSL Libraries
After spending nearly a week in contact with SoftLayer, CloudLinux, and cPanel Support for what would amount to wasted effort it was suggested that I propose this feature request: allow the ability to override where EasyApache pulls CurlSSL and OpenSSL Libraries. Put all the red warnings you all like about how cPanel won't support such configurations and that it is for advanced users only but when one needs these libraries for very specific purposes there is currently no way to override EasyApache. All previously suggested ways on the cPanel forums don't work and quite frankly: I shouldn't have to declare proverbial war on EasyApache to try and get the system to use our custom built packages.
Fortunately, the needs for which we required OpenSSL1.0.2a-fips were met by the fact the Shell and everything other than cPanel based services are using our libraries but cPanel uses the originally "yum installed" libraries.
I don't ever recall it being this difficult many years ago (or rather now, impossible) but the reality is there are use-cases and experienced administrators who would like to use their own version of the SSL libraries and fully understand that it is their responsibility to maintain such a setup.
Perhaps a feature for EasyApache 4? I get hand-holding for those who really have no business messing with those settings but there are others like myself who do need the ability to override EasyApache's library selection which at the moment only uses the yum packages.
So now, at least in my case, I have a side-by-side install of the two libraries; a very unusual case but no doubt would be less unusual if we could actually use our own built libraries.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
Compile your own ssl with ./config shared -fPIC --prefix=/opt/ssl
Then create the file: /var/cpanel/easy/apache/rawopts/Apache2_4
And add the line
--with-ssl=/opt/ssl
Pretty easy to do. It's in the documentation.
Compile your own ssl with ./config shared -fPIC --prefix=/opt/ssl
Then create the file: /var/cpanel/easy/apache/rawopts/Apache2_4
And add the line
--with-ssl=/opt/ssl
Pretty easy to do. It's in the documentation.
The following has been working properly for me:
cd /usr/local/src/
wget http://www.openssl.org/source/openssl-1.0.1r.tar.gz
tar -zxf openssl-1.0.1r.tar.gz
cd openssl-1.0.1r
./config shared -fPIC --prefix=/opt/openssl
make && make install
cd /usr/local/src/
mv /opt/curlssl.orig /opt/curlssl.orig2
wget http://curl.haxx.se/download/curl-7.45.0.tar.gz --no-check-certificate
tar -zxf curl-7.45.0.tar.gz
cd curl-7.45.0
env LDFLAGS=-R/opt/openssl/lib CPPFLAGS=-I/opt/openssl/include ./configure --prefix=/opt/curlssl --with-ssl=/opt/openssl --enable-http --enable-ftp
make
mv /opt/curlssl /opt/curlssl.orig.`date +%F`
make install
LDFLAGS="-L/opt/openssl/lib" CPPFLAGS="-I/opt/openssl/include" nice -n 18 /scripts/easyapache --build
The following has been working properly for me:
cd /usr/local/src/
wget http://www.openssl.org/source/openssl-1.0.1r.tar.gz
tar -zxf openssl-1.0.1r.tar.gz
cd openssl-1.0.1r
./config shared -fPIC --prefix=/opt/openssl
make && make install
cd /usr/local/src/
mv /opt/curlssl.orig /opt/curlssl.orig2
wget http://curl.haxx.se/download/curl-7.45.0.tar.gz --no-check-certificate
tar -zxf curl-7.45.0.tar.gz
cd curl-7.45.0
env LDFLAGS=-R/opt/openssl/lib CPPFLAGS=-I/opt/openssl/include ./configure --prefix=/opt/curlssl --with-ssl=/opt/openssl --enable-http --enable-ftp
make
mv /opt/curlssl /opt/curlssl.orig.`date +%F`
make install
LDFLAGS="-L/opt/openssl/lib" CPPFLAGS="-I/opt/openssl/include" nice -n 18 /scripts/easyapache --build
Centos 6's curl version isn't compatible with sni servers however Centos 7's is. It would be very nice if there was a supported way to make centos 6 compatible with SNI.
This is currently required for Owncloud and the latest update of Paypal's library.
Centos 6's curl version isn't compatible with sni servers however Centos 7's is. It would be very nice if there was a supported way to make centos 6 compatible with SNI.
This is currently required for Owncloud and the latest update of Paypal's library.
Honestly. If you're still worrying about SNI, all you're worrying about is operating systems that are no longer updated or maintained. I personally ignore those people. I don't need customers with a ton of infections blaming my stuff for not working when it's 100% their end.
Honestly. If you're still worrying about SNI, all you're worrying about is operating systems that are no longer updated or maintained. I personally ignore those people. I don't need customers with a ton of infections blaming my stuff for not working when it's 100% their end.
Replies have been locked on this page!