如何在不卸载现有OpenSSL的情况下源码安装配置新版OpenSSL+Apache

最近遇到一个问题，需要去安装OpenSSL1.0.1c，但是Ubuntu10.04和11.04都只支持0.9.8版本的OpenSSL包。本来想卸载OpenSSL再安装新版本的。我在Ubuntu11.04上引入了12.04的源，直接Upgrade旧版OpenSSL，并安装了几个新版本的依赖包，结果意想不到的事情发生了，我的virtualbox虚拟机软件不能运行了，提示错误，(failed to create virtualbox object!)死活都没法搞定。猜测是由于升级了一些依赖库后发生了故障，至此对预编译之软件包失望至极。

今天闲来无事，决定无论如何要试试源码编译OpenSSL，并和Apache协同工作。我参考了网上的一些文章后开始动手实践。

首先是编译OpenSSL，这个很简单。

./config prefix=/usr/local/openssl  &&  make install

本来我还想卸载旧版本的OpenSSL的，后来放弃了，因为：

sudo apt-get remove openssl
[sudo] password for **: 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libqimageblitz4 ijsgutenprint libotr2 language-pack-kde-en quassel-data
  libvncserver0 amarok-common libaccess-bridge-java-jni libflac++6
  language-pack-kde-zh-hans libaccess-bridge-java
  libplasma-geolocation-interface4 language-pack-kde-en-base
  plasma-widget-kimpanel-backend-ibus k3b-data libqtscript4-core
  python-qt4-dbus libqtscript4-gui libqtscript4-uitools libindicate-qt0
  libpoppler-qt4-3 libzip1 openoffice.org-l10n-zh-cn libqtscript4-sql
  ksysguardd libqtscript4-xml openoffice.org-l10n-en-gb libqca2-plugin-ossl
  libepub0 libtag-extras1 liblastfm0 libqtscript4-network
  language-pack-kde-zh-hans-base libmsn0.3
Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
  akonadi-server akregator amarok amarok-utils apport-kde apt-transport-https
  apturl apturl-kde ark bluez-cups ca-certificates ca-certificates-java
  couchdb-bin cups cups-driver-gutenprint default-jre default-jre-headless
  desktopcouch dolphin dragonplayer evolution-couchdb foo2zjs foomatic-db
  foomatic-db-engine foomatic-db-gutenprint freespacenotifier gdebi-kde
  ghostscript-cups gnupg-curl gwenview gwibber gwibber-service hpijs-ppds
  hplip icedtea-6-jre-cacao icedtea-netx install-package jockey-kde k3b
  kaddressbook kamera kate kbluetooth kcalc kcm-gtk kcm-touchpad kde-l10n-engb
  kde-l10n-zhcn kde-window-manager kde-zeroconf kdebase-bin kdebase-runtime
  kdebase-workspace kdebase-workspace-bin kdebase-workspace-data
  kdebase-workspace-kgreet-plugins kdegraphics-strigi-plugins kdelibs-bin
  kdelibs5 kdemultimedia-kio-plugins kdepasswd kdepim-groupware
  kdepim-kresources kdepim-runtime kdepim-strigi-plugins kdepim-wizards
  kdepimlibs5 kdesudo kdm kerneloops-daemon kfind khelpcenter4 klipper kmag
  kmail kmix kmousetool knm-runtime knotes konqueror konqueror-nsplugins
  konsole kontact kopete kopete-message-indicator korganizer kpackagekit kppp
  krdc krfb ksnapshot ksysguard ksystemlog ktimetracker
  kubuntu-debug-installer kubuntu-desktop kubuntu-konqueror-shortcuts
  kubuntu-notification-helper kvkbd kwalletmanager language-selector-qt
  libakonadiprivate1 libcurl3 libcurl3-gnutls libk3b6 libk3b6-extracodecs
  libkcddb4 libkdcraw8 libkdecorations4 libkdepim4 libkexiv2-8 libkfontinst4
  libkipi7 libkleo4 libkonq5 libkonqsidebarplugin4 libkopete4 libkpgp4
  libkscreensaver5 libksgrd4 libksieve4 libksignalplotter4 libkwineffects1
  libkworkspace4 libmimelib4 libokularcore1 libplasma-applet-system-monitor4
  libplasma3 libplasmaclock4 libplasmagenericshell4 libprocesscore4
  libprocessui4 libraptor1 librasqal2 librdf0 libsolidcontrol4 libsoprano4
  libtaskmanager4 libweather-ion4 network-manager-kde okular
  okular-extra-backends openjdk-6-jre openjdk-6-jre-headless openjdk-6-jre-lib
  openoffice.org-base-core openoffice.org-calc openoffice.org-core
  openoffice.org-draw openoffice.org-emailmerge openoffice.org-gnome
  openoffice.org-gtk openoffice.org-help-en-gb openoffice.org-help-en-us
  openoffice.org-help-zh-cn openoffice.org-impress openoffice.org-kde
  openoffice.org-math openoffice.org-style-oxygen openoffice.org-writer
  openprinting-ppds openssl packagekit packagekit-backend-apt
  plasma-dataengines-addons plasma-dataengines-workspace plasma-desktop
  plasma-scriptengine-javascript plasma-scriptengine-python
  plasma-widget-facebook plasma-widget-folderview plasma-widget-kimpanel
  plasma-widget-kubuntu-feedback plasma-widget-message-indicator
  plasma-widget-quickaccess plasma-widgets-addons plasma-widgets-workspace
  polkit-kde-1 printer-applet pxljr python-desktopcouch
  python-desktopcouch-records python-kde4 python-pycurl
  python-software-properties python-ubuntuone-client python-uno quassel
  software-properties-gtk software-properties-kde soprano-daemon splix
  ssl-cert system-config-printer-kde systemsettings ubuntu-desktop
  ubuntuone-client update-manager-kde usb-creator-kde userconfig
  xul-ext-ubufox
0 upgraded, 0 newly installed, 201 to remove and 0 not upgraded.
After this operation, 823MB disk space will be freed.
Do you want to continue [Y/n]? 

这么多软件包，不是逼老子把整个系统都卸载掉么！！！

我使用了几个技巧来处理这个问题

首先是把新版本OpenSSL的安装路径加入$PATH

sudo gvim ~/.bashrc

在文件末尾加上：

PATH="$PATH:/usr/local/openssl/bin:"
export PATH

然后保存

将/usr/bin/openssl改名

/usr/bin$ sudo mv openssl openssl0.9.8

这样的就可以在命令行中直接使用新版的OpenSSL了

$ openssl version -a
OpenSSL 1.0.1c 10 May 2012
built on: Sun Jul 22 20:43:26 CST 2012
platform: linux-elf
options:  bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) idea(int) blowfish(idx) 
compiler: gcc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/local/openssl/ssl"

变更include头文件:

/usr/include$ sudo mv openssl openssl0.9.8
/usr/include$ sudo cp -r /usr/local/openssl/include  ./

还需要重新编译Apache才能使用新版的OpenSSL

$ ./configure --prefix=/usr/local/apache2.4 --with-layout=Apache 
  --enable-modulues=most --enable-mods-shared=all --with-mpm=prefork
  --with-ssl=/usr/local/openssl

注意最后一句是启用新版OpenSSL的关键

然后就是套路了，make && make install

配置……

然后测试一下，证明已经可以用的一个证据是：

./ab -t 5 -c 100 -n 20000 https://127.0.0.1/index.html
This is ApacheBench, Version 2.4 (OpenSSL 1.0.1c 10 May 2012)

看来以后要多用源码安装，少用系统预编译的包，不然可更新软件可真是麻烦呀