I want to test Heartbleed on Apache Server. I removed Apache and Openssl from my OS (Ubutu 12.04). I wonder how can I install Apache WITH the Openssl version 1.0.1 in order to be able to test this vulnerability on my own localhost (Apache Server) ?
Asked
Active
Viewed 8,733 times
1 Answers
5
Yes, you can compile it yourself.
Download OpenSSL 1.0.1f:
wget http://www.openssl.org/source/openssl-1.0.1f.tar.gzExtract
openssl-1.0.1f.tar.gz:tar -xvzf openssl-1.0.1f.tar.gzEnter the created directory:
cd openssl-1.0.1fConfigure OpenSSL:
./configCompile OpenSSL:
makeTest if everything went right:
make testInstall OpenSSL:
sudo make install
Now OpenSSL is installed on your PC and you can test it.
Louis Matthijssen
- 11,755
- 6
- 44
- 50
-
But if I install Apache Server it will use its own Openssl, or the one I install using your method ? – May 09 '14 at 11:07
-
1I'm not sure. The [Apache Docs](https://httpd.apache.org/docs/2.4/programs/configure.html#options) say that it'll search for an installed version of OpenSSL or you can specify the location yourself using `--with-ssl=/usr/bin` while compiling Apache2. I think that if you're using `apt-get` it'll install and use the latest OpenSSL as a dependency. So the solution would be to compile Apache2 by yourself as well. – Louis Matthijssen May 09 '14 at 11:14
-
1Afterwards you should create a symlink to the new binaries `sudo ln -sf /usr/local/ssl/bin/openssl ``which openssl``` – dukethrash Mar 09 '17 at 20:09
-
Just want to add that if the `make install` step fails because of some man page problem, use `make install_sw` instead: https://askubuntu.com/a/742712/257860 – Mitch Jun 28 '18 at 14:16