How to compile an old apache 1.3.x with suexec and mod_ssl on a recent server

Today i'm migrating an historical server with clients that use an old php version (php4) and an apache 1.3 version to a new server for security reasons. example on a Mandriva 2010.2 64 bits linux distribution :

urpmi make gcc libpng-devel libjpeg-devel freetype2-devel mysql-devel curl-devel munin munin-node munin-master flex bzip2-devel pure-ftpd python-devel gd-devel librsync-devel ntp-client vim-e

cd ../apache_1.3.41
./configure --prefix=/usr/local/apache --enable-module=so --enable-module=rewrite --enable-suexec --suexec-caller=nobody --suexec-userdir=www --suexec-docroot=/ --suexec-logfile=/var/log/httpd/cgi.log --suexec-uidmin=500 --suexec-gidmin=100 --suexec-safepath=/usr/local/bin:/usr/bin:/bin --enable-module=sslConfiguring for Apache, Version 1.3.41
+ using installation path layout: Apache (config.layout)
Creating Makefile
Creating Configuration.apaci in src
Creating Makefile in src
+ configured for Linux platform
+ setting C compiler to gcc
+ setting C pre-processor to gcc -E
+ using "tr [a-z] [A-Z]" to uppercase
+ checking for system header files
+ adding selected modules
o rewrite_module uses ConfigStart/End
disabling DBM support for mod_rewrite
(perhaps you need to add -ldbm, -lndbm or -lgdbm to EXTRA_LIBS)
o ssl_module uses ConfigStart/End
+ SSL interface: mod_ssl/2.8.31
+ SSL interface build type: OBJ
+ SSL interface compatibility: enabled
+ SSL interface experimental code: disabled
+ SSL interface conservative code: disabled
+ SSL interface vendor extensions: disabled
+ SSL interface plugin: Built-in SDBM
+ SSL library path: [SYSTEM]
Error: Cannot find SSL library files in any of the following dirs:
Error: . /lib /usr/lib /usr/local/lib
+ SSL library version: OpenSSL 1.0.0a 1 Jun 2010

ln -s /usr/lib64/libssl.so /usr/lib/libssl.so



./configure --prefix=/usr/local/apache --enable-module=so --enable-module=rewrite --enable-suexec --suexec-caller=nobody --suexec-userdir=www --suexec-docroot=/ --suexec-logfile=/var/log/httpd/cgi.log --suexec-uidmin=500 --suexec-gidmin=100 --suexec-safepath=/usr/local/bin:/usr/bin:/bin --enable-module=ssl
Configuring for Apache, Version 1.3.41
+ using installation path layout: Apache (config.layout)
Creating Makefile
Creating Configuration.apaci in src
Creating Makefile in src
+ configured for Linux platform
+ setting C compiler to gcc
+ setting C pre-processor to gcc -E
+ using "tr [a-z] [A-Z]" to uppercase
+ checking for system header files
+ adding selected modules
o rewrite_module uses ConfigStart/End
disabling DBM support for mod_rewrite
(perhaps you need to add -ldbm, -lndbm or -lgdbm to EXTRA_LIBS)
o ssl_module uses ConfigStart/End
+ SSL interface: mod_ssl/2.8.31
+ SSL interface build type: OBJ
+ SSL interface compatibility: enabled
+ SSL interface experimental code: disabled
+ SSL interface conservative code: disabled
+ SSL interface vendor extensions: disabled
+ SSL interface plugin: Built-in SDBM
+ SSL library path: [SYSTEM]
+ SSL library version: OpenSSL 1.0.0a 1 Jun 2010
+ SSL library type: installed package (system-wide)
+ enabling Extended API (EAPI)
+ using builtin Expat
+ using -ldl for vendor DSO support
+ checking sizeof various data types
+ doing sanity check on compiler and options
Creating Makefile in src/support
Creating Makefile in src/regex
Creating Makefile in src/os/unix
Creating Makefile in src/ap
Creating Makefile in src/main
Creating Makefile in src/lib/expat-lite
Creating Makefile in src/modules/standard
Creating Makefile in src/modules/ssl


- if ((sk = (STACK *)X509V3_EXT_d2i(ext)) != NULL) {
+ if ((sk = (_STACK *)X509V3_EXT_d2i(ext)) != NULL) {


make
/usr/include/stdio.h:651: note: previous declaration of 'getline' was here
make[2]: *** [htpasswd.o] Erreur 1
make[2]: quittant le répertoire " /home/dni/apache/apache_1.3.41/src/support "
make[1]: *** [build-support] Erreur 1
make[1]: quittant le répertoire " /home/dni/apache/apache_1.3.41 "
make: *** [build] Erreur 2


- extern _IO_ssize_t getline (char **__restrict __lineptr,
+ extern _IO_ssize_t preline (char **__restrict __lineptr,


make
make[1]: entrant dans le répertoire " /home/dni/apache/apache_1.3.41 "
+---------------------------------------------------------------------+
| Before you install the package you now should prepare the SSL |
| certificate system by running the 'make certificate' command. |
| For different situations the following variants are provided: |
| |
| % make certificate TYPE=dummy (dummy self-signed Snake Oil cert) |
| % make certificate TYPE=test (test cert signed by Snake Oil CA) |
| % make certificate TYPE=custom (custom cert signed by own CA) |
| % make certificate TYPE=existing (existing cert) |
| CRT=/path/to/your.crt [KEY=/path/to/your.key] |
| |
| Use TYPE=dummy when you're a vendor package maintainer, |
| the TYPE=test when you're an admin but want to do tests only, |
| the TYPE=custom when you're an admin willing to run a real server |
| and TYPE=existing when you're an admin who upgrades a server. |
| (The default is TYPE=test) |
| |
| Additionally add ALGO=RSA (default) or ALGO=DSA to select |
| the signature algorithm used for the generated certificate. |
| |
| Use 'make certificate VIEW=1' to display the generated data. |
| |
| Thanks for using Apache & mod_ssl. Ralf S. Engelschall |
|[email protected] |
| www.engelschall.com |
+---------------------------------------------------------------------+
make[1]: quittant le répertoire " /home/dni/apache/apache_1.3.41 "

./configure --with-xml --with-domxml --enable-ftp --enable-bcmath --enable-calendar --with-jpeg-dir --with-png-dir --with-gd --enable-dba --enable-freetype-4bit-antialias-hack --enable-gd-native-ttf --with-freetype-dir --with-xslt --with-gettext --enable-magic-quotes --enable-force-cgi-redirect --enable-fastcgi --with-curl --with-mysql=/usr --with-zlib-dir --with-bz2 --enable-trans-sid --enable-sysvsem --enable-sysvshm

configure: error: libpng.(a|so) not found.

ln -s /usr/lib64/libpng.so /usr/lib/libpng.so
ln -s /usr/lib64/libjpeg.so /usr/lib/libjpeg.so
ln -s /usr/lib64/libmysqlclient.so /usr/lib/libmysqlclient.so


All is ok

./configure --with-xml --with-domxml --enable-ftp --enable-bcmath --enable-calendar --with-jpeg-dir --with-png-dir --with-gd --enable-dba --enable-freetype-4bit-antialias-hack --enable-gd-native-ttf --with-freetype-dir --with-xslt --with-gettext --enable-magic-quotes --enable-force-cgi-redirect --enable-fastcgi --with-curl --with-mysql=/usr --with-zlib-dir --with-bz2 --enable-trans-sid --enable-sysvsem --enable-sysvshmGenerating files
updating cache ./config.cache
creating ./config.status
creating php4.spec
creating main/build-defs.h
creating scripts/phpize
creating scripts/man1/phpize.1
creating scripts/php-config
creating scripts/man1/php-config.1
creating sapi/cli/php.1
creating main/php_config.h
creating main/internal_functions.c
creating main/internal_functions_cli.c
+--------------------------------------------------------------------+
| License: |
| This software is subject to the PHP License, available in this |
| distribution in the file LICENSE. By continuing this installation |
| process, you are bound by the terms of this license agreement. |
| If you do not agree with the terms of this license, you must abort |
| the installation process at this point. |
+--------------------------------------------------------------------+
| *** NOTE *** |
| The default for register_globals is now OFF! |
| |
| If your application relies on register_globals being ON, you |
| should explicitly set it to on in your php.ini file. |
| Note that you are strongly encouraged to read |
| http://www.php.net/manual/en/security.globals.php |
| about the implications of having register_globals set to on, and |
| avoid using it if possible. |
+--------------------------------------------------------------------+
Thank you for using PHP.
Then we launch the make command : make
Build complete.
(It is safe to ignore warnings about tempnam and tmpnam).


-
Christophe Casalegno
http://twitter.com/Brain0verride
http://www.facebook.com/brain.override