Opened 3 years ago

Closed 3 years ago

#1327 closed enhancement (wontfix)

Pre-Build packages with static openssl (http2)

Reported by: dusan-ivanco@… Owned by:
Priority: trivial Milestone:
Component: nginx-package Version: 1.12.x
Keywords: Cc:
uname -a: Linux www.domain.tld 2.6.32-696.3.2.el6.x86_64 #1 SMP Tue Jun 20 01:26:55 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.12.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'

Description

Is it possible, that you make pre-build packages that is static linked against openssl 1.0.2? Because many servers have for example rhel 6. Yes, i know codeit.guru, but i don't know, if i can trust him.

Change History (1)

comment:1 by Sergey Budnevitch, 3 years ago

Resolution: wontfix
Status: newclosed

OpenSSL has too many security releases, so we ship nginx linked with the libs supported by linux vendor only.

BTW RH upgraded openssl to 1.0.2 in the RHEL7, so we will build nginx against 1.0.2 for RHEL7/CentOS7 soon. No plans for 6.*

Note: See TracTickets for help on using tickets.