Recompile PHP with OpenSSL on CentOS
I have upgraded openssl version to 1.02l from 1.0.1e and PHP version from PHP 5.6 to PHP 7.1.8 (PHP is installed using yum)
The problem is, PHP still detects openssl version to 1.0.1e whereas I want it to be updated to latest openssl version installed i.e 1.0.2l
I want to know what are my options here, how do I go about telling PHP to use the latest installed openssl version?
My finding tells me that the only way to do it is by recompiling PHP? (will appreciate if someone can tell me if there is other way) If the only way is by recompiling, I need help on how to go about it? what are the steps involved. From my understanding, here is how I think I have to do.
- Remove PHP version installed from YUM
- Download latest version of PHP from source and unzip in tmp directory
- Compile & Install PHP
Am I missing anything here?
** UPDATE **
Here are the list of php extensions installed using yum
php-bcmath x86_64 7.1.8-1.el7.remi @remi-php71 94 k
php-common x86_64 7.1.8-1.el7.remi @remi-php71 7.9 M
php-fedora-autoloader noarch 0.2.1-2.el7 @epel 14 k
php-gd x86_64 7.1.8-1.el7.remi @remi-php71 204 k
php-intl x86_64 7.1.8-1.el7.remi @remi-php71 947 k
php-json x86_64 7.1.8-1.el7.remi @remi-php71 80 k
php-mbstring x86_64 7.1.8-1.el7.remi @remi-php71 2.8 M
php-mysqlnd x86_64 7.1.8-1.el7.remi @remi-php71 850 k
php-pdo x86_64 7.1.8-1.el7.remi @remi-php71 386 k
php-pecl-zip x86_64 1.13.5-2.el7.remi.7.1 @remi-php71 175 k
php-php-gettext noarch 1.0.12-1.el7 @epel 57 k
php-process x86_64 7.1.8-1.el7.remi @remi-php71 180 k
php-tcpdf noarch 6.2.13-1.el7 @epel 11 M
php-tcpdf-dejavu-sans-fonts noarch 6.2.13-1.el7 @epel 1.5 M
php-tidy x86_64 7.1.8-1.el7.remi @remi-php71 106 k
php-xml x86_64 7.1.8-1.el7.remi @remi-php71 851 k
I now want to configure PHP to use this extensions, so far I have comeup with following
./configure --with-openssl --with-openssl-dir=/usr/bin \
--with-zlib \
--enable-zip \
--enable-xmlreader \
--enable-xmlwriter \
--enable-opcache \
--enable-simplexml \
--with-sqlite3 \
--with-pdo-sqlite \
--with-pdo-mysql=mysqlnd \
--with-mysqli=mysqlnd \
--with-mysql-sock=/var/lib/mysql/mysql.sock \
--enable-mysqlnd \
--with-mcrypt \
--enable-mbstring \
--enable-intl \
--with-png-dir \
--with-jpeg-dir \
--enable-gd-native-ttf \
--with-gd \
--with-curl \
--with-bz2 \
--enable-bcmath
I just want to know now, If I need to enable any extension from above list do I use --enable or --with ? for example how do I enable php-xml. Do I only use --enable-php-xml ?
Answer
Yes, you need to download dev package of openssl (sources/headers), sources of PHP and configure it with following keys:
--with-openssl --with-openssl-dir=/usr/local/bin
as per PHP Manual > OpenSSL > Installing/Configuring
You also may want to use other keys like --with-curl=/usr/local or --with-gd -- check with documentation at PHP Manual > Appendices > Configure options and installation manuals for every module your want to compile it with like GD2 or Curl
NOTE: You will need to download dev-packages of every module you are going to compile - it consumes noticable amount of time, plan accordingly.
NOTE 2: Keep in mind that all modules you are going to compile into your own build of PHP will be accessible through its functions (like image manipulation, https/curl requests etc), so it is highly recommended to use only stable and proven versions of modules not to add a new vulnerability to your web-site.
** UPDATE **
./configure --with-openssl --with-openssl-dir=/usr/bin \
--with-zlib=[DIR] \
--enable-zip \
--enable-opcache \
--with-pdo-mysql=[DIR] \
--with-mysqli=[DIR] \
--with-mysql-sock=/var/lib/mysql/mysql.sock \
--with-mcrypt=[DIR] \
--enable-mbstring \
--enable-intl \
--with-png-dir=[DIR] \
--with-jpeg-dir=[DIR] \
--with-gd=[DIR] \
--with-curl=[DIR] \
--with-bz2=[DIR] \
--enable-bcmath
[DIR]'s can be discovered automatically, but I faced a lot of situations when they are different from what PHP expects.
xmlreader, xmlwriter, simplexml are enabled by default starting with PHP 5.1.2
sqlite3, pdo-sqlite are enabled by default starting with PHP 5.3.0
--enable-gd-native-ttf is deprecated starting PHP 5.5.0, removed in PHP 7.2.0.