====== 32 CentOS5でTLS1.2 Apache PHP ======

OpenSSLのアップグレードは[[01_linux:02_www:31_centos5_tls]]


===== apr/apr-util =====
<code>
# wget http://ftp.kddilabs.jp/infosystems/apache/apr/apr-1.6.5.tar.gz
# ./configure --prefix=/opt/apr/apr-1.6.5

# wget http://ftp.kddilabs.jp/infosystems/apache/apr/apr-util-1.6.1.tar.gz
#./configure --prefix=/opt/apr-util/apr-util-1.6.1 --with-apr=/opt/apr/apr-1.6.5/
</code>

==== エラー ====

<code>
xml/apr_xml.c:35:19: error: expat.h: No such file or directory
xml/apr_xml.c:66: error: expected specifier-qualifier-list before ‘XML_Parser’
xml/apr_xml.c: In function ‘cleanup_parser’:
xml/apr_xml.c:364: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:365: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c: At top level:
xml/apr_xml.c:384: error: expected ‘;’, ‘,’ or ‘)’ before ‘*’ token
xml/apr_xml.c: In function ‘apr_xml_parser_create’:
xml/apr_xml.c:401: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:402: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:410: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:411: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:412: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:424: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:424: error: ‘default_handler’ undeclared (first use in this function)
xml/apr_xml.c:424: error: (Each undeclared identifier is reported only once
xml/apr_xml.c:424: error: for each function it appears in.)
xml/apr_xml.c: In function ‘do_parse’:
xml/apr_xml.c:434: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:438: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:442: error: ‘apr_xml_parser’ has no member named ‘xp_err’
xml/apr_xml.c:442: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c: In function ‘apr_xml_parser_geterror’:
xml/apr_xml.c:500: error: ‘apr_xml_parser’ has no member named ‘xp_err’
xml/apr_xml.c:500: error: ‘apr_xml_parser’ has no member named ‘xp_err’
make[1]: *** [xml/apr_xml.lo] Error 1
make[1]: Leaving directory `/usr/local/src/apr-util-1.6.1'
make: *** [all-recursive] Error 1
</code>

=== 対応 ===

<code>
# yum install expat-devel
</code>
===== Apache =====
<code>
# wget https://archive.apache.org/dist/httpd/httpd-2.2.24.tar.gz
./configure --prefix=/opt/httpd/httpd-2.2.24 \
--with-apr=/opt/apr/apr-1.6.5 \
--with-included-apr \
--with-apr-util=/opt/apr-util/apr-util-1.6.1 \
--enable-so \
--enable-rewrite \
--enable-ssl \
--enable-mods-shared=all \
--with-ssl=/opt/openssl-1.0.2r \
--enable-proxy \
--enable-setenvif \
--enable-authn-alias \
--enable-file-cache \
--enable-disk-cache \
--enable-mem-cache \
--enable-suexec \
--enable-cache
</code>


==== 起動ファイル・conf用意 ====

<code>
# cp  build/rpm/httpd.init  /etc/init.d/httpd-2.2.24
# diff build/rpm/httpd.init /etc/init.d/httpd-2.2.24 
60,62c60,62
< httpd=${HTTPD-/usr/sbin/httpd}
< pidfile=${PIDFILE-/var/log/httpd/${prog}.pid}
< lockfile=${LOCKFILE-/var/lock/subsys/${prog}}
---
> httpd=${HTTPD-/opt/httpd/httpd-2.2.24/bin/httpd}
> pidfile=${PIDFILE-/var/run/httpd-2.2.24.pid}
> lockfile=${LOCKFILE-/var/lock/subsys/httpd-2.2.24}
67c67
< 	CONFFILE=/etc/httpd/conf/httpd.conf
---
> 	CONFFILE=/opt/httpd/httpd-2.2.24/conf/httpd.conf

# chkconfig --add httpd-2.2.24
# chkconfig httpd off
# chkconfig httpd-2.2.24 on

# cp /opt/httpd/httpd-2.2.24/conf/httpd.conf /opt/httpd/httpd-2.2.24/conf/httpd.conf.org
# cp /etc/httpd/conf/httpd.conf  /opt/httpd/httpd-2.2.24/conf/httpd.conf
# cd /opt/httpd/httpd-2.2.24
# cp -rvf /etc/httpd/conf.d ./
# ln -s /var/log/httpd logs
# ln -s  /var/run run

-PIDファイルを変更確認
# grep ^Pid httpd.conf
PidFile run/httpd-2.2.24.pid

-ServerRootも変更確認
# grep ^ServerRoot conf/httpd.conf
ServerRoot "/opt/httpd/httpd-2.2.24"
</code>
===== PHP5.6 =====
<code>
# yum install python-devel gd-devel libmcrypt-devel mysql-devel

# wget ftp://xmlsoft.org/libxml2/libxml2-2.9.2.tar.gz
# ./configure --prefix=/opt/libxml2-2.9.2

# wget http://nih.at/libzip/libzip-0.10.1.tar.gz
# ./configure --prefix=/opt/libzip-0.10.1

# これをやらないと古いopensslのpkgconfigを読んでしまう
# export PKG_CONFIG_PATH=/opt/openssl-1.0.2r/lib/pkgconfig/

# wget http://jp2.php.net/get/php-5.6.13.tar.gz/from/this/mirror/ -O php-5.6.13.tar.gz
./configure  \
--with-apxs2=/opt/httpd/httpd-2.2.24/bin/apxs \
--with-libxml-dir=/opt/libxml2-2.9.2 \
--prefix=/opt/php-5.6.13 \
--with-zlib-dir=/usr  \
--with-mysql=/usr \
--with-libdir=lib64 \
--enable-mbstring \
--with-openssl \
--with-openssl-dir=/opt/openssl-1.0.2r \
--with-libzip=/opt/libzip-0.10.1 \
--with-pdo-mysql=shared \
--with-mysql-sock=/var/lib/mysql/mysql.sock \
--with-gd \
--with-gettext \
--with-curl=/opt/curl-7.58.0 \
--with-config-file-path=/opt/php-5.6.13/etc/ \
--with-config-file-scan-dir=/opt/php-5.6.13/etc/php.d \
--with-mcrypt

# wget https://pecl.php.net/get/zip-1.13.5.tgz
# /opt/php-5.6.13/bin/pear install zip-1.13.5.tgz


# cp /etc/php.ini /opt/php-5.6.13/etc/php.ini
# cp -rvf /etc/php.d /opt/php-5.6.13/etc/
</code>


==== PHPモジュール ====

=== Crack ===

<code>
# svn export http://svn.php.net/repository/pecl/crack/trunk crack
# cd crack
# /opt/php-5.6.13/bin/phpize
# ./configure --with-php-config=/opt/php-5.6.13/bin/php-config
# make
# make install
# echo "extension=crack.so" > /opt/php-5.6.13/etc/php.d/crack.ini
</code>


=== MSSQL ===
<code>
# MSSQLモジュール追加の場合
wget https://museum.php.net/php5/php-5.6.40.tar.gz
tar xvf php-5.6.40.tar.gz
cd php-5.6.40/ext/mssql/
/opt/php-5.6.13/bin/phpize
yum install freetds freetds-devel freetds-libs freetds
ln -s /usr/lib64/libsybdb.so /usr/lib/libsybdb.so
./configure --with-php-config=/opt/php-5.6.13/bin/php-config
make
cp modules/mssql.so /opt/php-5.6.13/lib/php/extensions/no-debug-non-zts-20131226/
echo 'extension=mssql.so' > /opt/php-5.6.13/etc/php.d/mssql.ini

# /opt/php-5.6.13/bin/php -m| grep mssql
mssql
</code>

===== CA証明書のパス確認 =====

default_cert_fileに証明書を用意しておく。
<code>
# ln -s /etc/pki/tls/certs/ca-bundle.crt /opt/openssl-1.0.2r/ssl/cert.pem
</code>

<code>
# /opt/php-5.6.13/bin/php -r "print_r(openssl_get_cert_locations());"
Array
(
    [default_cert_file] => /opt/openssl-1.0.2r/ssl/cert.pem
    [default_cert_file_env] => SSL_CERT_FILE
    [default_cert_dir] => /opt/openssl-1.0.2r/ssl/certs
    [default_cert_dir_env] => SSL_CERT_DIR
    [default_private_dir] => /opt/openssl-1.0.2r/ssl/private
    [default_default_cert_area] => /opt/openssl-1.0.2r/ssl
    [ini_cafile] => 
    [ini_capath] => 
)
</code>


===== MySQLもソースから入れる場合 =====

[[https://downloads.mysql.com/archives/community/]]からダウンロード

<code>
# tar zxvf mysql-5.1.56.tar.gz
# cd mysql-5.1.56
# ./configure --prefix=/opt/mysql-5.1.56
# make && make install
</code>

=== PHPのconfigreを下記に変更 ===
<code>
--with-mysql=/opt/mysql-5.1.56
</code>


{{tag>TLS1.2}}