/ Register

Learn about Centmin Mod LEMP Stack today
Register Now

PHP-FPM PHP

Discussion in 'Install & Upgrades or Pre-Install Questions' started by buik, May 22, 2022.

Tags:
Previous Thread Next Thread
Loading...
  1. May 22, 2022 #1
    buik

    buik “The best traveler is one without a camera.”

    2,033
    525
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,679
    Local Time:
    4:53 PM
    PHP seems to be compiled with the Red Hat's OpenSSL 1.0.2.
    However Nginx is compiled with upstream OpenSSL 1.1.1.

    Why is this?
    Can PHP be compiled with the same OpenSSL from Centminmod.
     
  2. May 22, 2022 #2
    rdan

    rdan Well-Known Member

    5,449
    1,410
    113
    May 25, 2014
    Ratings:
    +2,204
    Local Time:
    10:53 PM
    Mainline
    10.2
    Try with
    PHP_CUSTOMSSL='y' # compile php-fpm against openssl 1.0.2+ or libressl 2.3+ whichever nginx uses
     
  3. May 22, 2022 #3
    eva2000

    eva2000 Administrator Staff Member

    55,233
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    12:53 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Might not work that well. @buik in the past had issues getting PHP-FPM to work with OpenSSL 1.1.1 so l stuck with system OpenSSL 1.0.2.
     
  4. May 22, 2022 #4
    eva2000

    eva2000 Administrator Staff Member

    55,233
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    12:53 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  5. May 22, 2022 #5
    buik

    buik “The best traveler is one without a camera.”

    2,033
    525
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,679
    Local Time:
    4:53 PM
  6. Jul 7, 2022 #6
    buik

    buik “The best traveler is one without a camera.”

    2,033
    525
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,679
    Local Time:
    4:53 PM
    Seems as PHP is compiled with OpenSSL 1.1.1 via --with-openssl=/opt/openssl
    As openssl-1.1.1q is released, did some recompilation of PHP.

    Probleems seems that the PHP compile script did not check for the latest OpenSSL 1.1.1. Result. That latest PHP compiled with a vulnerable old OpenSSL version.

    Current workaround is to compile Nginx with the latest OpenSSL first as it did check for the latest available OpenSSL.

    Solution. @eva2000 Add the OpenSSL version check to the PHP compile script.
     
  7. Jul 7, 2022 #7
    eva2000

    eva2000 Administrator Staff Member

    55,233
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    12:53 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Ah yes thanks for the heads up!
     
  8. Jul 7, 2022 #8
    eva2000

    eva2000 Administrator Staff Member

    55,233
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    12:53 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Updated 130.00beta01 with such check and prompt in centmin.sh menu option 5 runs, if Nginx OpenSSL version set differs from the one that is installed, a prompt will show for users to update/recompile Nginx first via centmin.sh menu option 4 before running centmin.sh menu option 5
     
  9. Jul 7, 2022 #9
    buik

    buik “The best traveler is one without a camera.”

    2,033
    525
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,679
    Local Time:
    4:53 PM
    I didn't pay attention to that. Sorry. Is this intentional because otherwise you have to put the same check on multiple separate scripts? Tricky to keep it up to date etc.
     
  10. Jul 7, 2022 #10
    eva2000

    eva2000 Administrator Staff Member

    55,233
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    12:53 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  11. Jul 8, 2022 #11
    buik

    buik “The best traveler is one without a camera.”

    2,033
    525
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,679
    Local Time:
    4:53 PM
Previous Thread Next Thread
Loading...

.