John, On 4/18/14, 1:16 PM, John Iliffe wrote: > Further to my previous post, the log reports: > > [Sun Apr 13 03:20:08.591247 2014] [mpm_event:notice] [pid 11737:tid > 140478837470976] AH00489: Apache/2.4.9 (Unix) OpenSSL/1.0.1g configured -- > resuming normal operations > [Sun Apr 13 03:20:08.591283 2014] [core:notice] [pid 11737:tid > 140478837470976] AH00094: Command line: '/usr/apache-2.4.9/bin/httpd' > > BUT the libssl in use, and resulting from installing OpenSSL-1.0.1g, is > libssl-1.0.0 My setup is a little different: $ httpd -v Server version: Apache/2.2.23 (Unix) Server built: Oct 21 2012 20:35:47 $ ldd /usr/sbin/httpd linux-gate.so.1 => (0xb7761000) libm.so.6 => /lib/i686/nosegneg/libm.so.6 (0xb76c3000) libpcre.so.0 => /lib/libpcre.so.0 (0xb7668000) libselinux.so.1 => /lib/libselinux.so.1 (0xb7649000) libaprutil-1.so.0 => /usr/lib/libaprutil-1.so.0 (0xb7625000) libcrypt.so.1 => /lib/libcrypt.so.1 (0xb75f6000) libexpat.so.1 => /lib/libexpat.so.1 (0xb75d0000) libdb-4.7.so => /lib/libdb-4.7.so (0xb745e000) libapr-1.so.0 => /usr/lib/libapr-1.so.0 (0xb7430000) libpthread.so.0 => /lib/i686/nosegneg/libpthread.so.0 (0xb7415000) libc.so.6 => /lib/i686/nosegneg/libc.so.6 (0xb726f000) /lib/ld-linux.so.2 (0xb7762000) libdl.so.2 => /lib/libdl.so.2 (0xb726a000) libuuid.so.1 => /lib/libuuid.so.1 (0xb7265000) libfreebl3.so => /lib/libfreebl3.so (0xb7206000) $ ldd /usr/lib/libapr-1.so.0 linux-gate.so.1 => (0xb779a000) libuuid.so.1 => /lib/libuuid.so.1 (0xb7760000) libcrypt.so.1 => /lib/libcrypt.so.1 (0xb7731000) libpthread.so.0 => /lib/i686/nosegneg/libpthread.so.0 (0xb7717000) libc.so.6 => /lib/i686/nosegneg/libc.so.6 (0xb7570000) /lib/ld-linux.so.2 (0xb779b000) libfreebl3.so => /lib/libfreebl3.so (0xb7511000) libdl.so.2 => /lib/libdl.so.2 (0xb750c000) $ ldd /usr/lib/httpd/modules/mod_ssl.so linux-gate.so.1 => (0xb76f3000) libssl.so.10 => /usr/lib/libssl.so.10 (0xb765d000) libcrypto.so.10 => /lib/libcrypto.so.10 (0xb74a6000) libc.so.6 => /lib/i686/nosegneg/libc.so.6 (0xb7300000) libgssapi_krb5.so.2 => /lib/libgssapi_krb5.so.2 (0xb72c2000) libkrb5.so.3 => /lib/libkrb5.so.3 (0xb71f3000) libcom_err.so.2 => /lib/libcom_err.so.2 (0xb71ef000) libk5crypto.so.3 => /lib/libk5crypto.so.3 (0xb71c4000) libresolv.so.2 => /lib/libresolv.so.2 (0xb71ad000) libdl.so.2 => /lib/libdl.so.2 (0xb71a8000) libz.so.1 => /lib/libz.so.1 (0xb7192000) /lib/ld-linux.so.2 (0xb76f4000) libkrb5support.so.0 => /lib/libkrb5support.so.0 (0xb7187000) libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7183000) libpthread.so.0 => /lib/i686/nosegneg/libpthread.so.0 (0xb7169000) libselinux.so.1 => /lib/libselinux.so.1 (0xb714a000) $ ls -l /usr/lib/libssl.so.10 lrwxrwxrwx 1 root root 16 Apr 8 15:38 /usr/lib/libssl.so.10 -> libssl.so.1.0.1e $ openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 $ sudo grep "resuming" /var/log/httpd/error_log [Fri Apr 18 03:21:02 2014] [notice] Apache/2.2.23 (Unix) DAV/2 mod_jk/1.2.37 PHP/5.3.28 mod_ssl/2.2.23 OpenSSL/1.0.0-fips configured -- resuming normal operations So httpd is dynamically-linked to OpenSSL 1.0.1e (really 1.0.1g, with a very important patch ;) and yet it reports OpenSSL 1.0.0 on startup. I don't get it. Both setups (2.2.26 and 2.4.9) have 1.0.1.e and have an update available to 1.0.1g (I haven't read the changelogs but I'll bet the difference is mostly the version-bump since everyone is paranoid about 1.0.1e, now). I'll see if that changes anything. -chris
Attachment:
signature.asc
Description: OpenPGP digital signature
|