Hi, Red Hat patches its OpenSSL implementation with some additional API calls. That means you cannot use builds from an unpatched upstream OpenSSL tarball in place of the system libcrypto and libssl libraries. The proper way is to always obtain updated system packages from your vendor, i.e., Red Hat. Otherwise you would have to try to update the source rpm package from RHEL with new openssl version keeping the patches that Red Hat adds to it. That is definitely not a trivial endeavour. If, for some reason, you need newer OpenSSL package for some particular application that you install to the system, it should be possible to keep the system openssl package untouched, install the upstream OpenSSL package somewhere into /opt or /usr/local, and link that application against this installation of OpenSSL. The primary question to ask is - why do you need to install openssl 1.1.1l on RHEL-8.6? Tomas Mraz, OpenSSL On Tue, 2022-11-08 at 07:17 +0100, Matthias Apitz wrote: > > Hello, > > We compile openssl 1.1.1l from the sources and run on RedHat 8.6 into > the > problem that the system shared lib /usr/lib64/libk5crypto.so.3 misses > a > symbol from openssl: > > # objdump -TC /usr/lib64/libk5crypto.so.3 | grep EVP_KDF > 0000000000000000 DF *UND* 0000000000000000 OPENSSL_1_1_1b > EVP_KDF_ctrl > 0000000000000000 DF *UND* 0000000000000000 OPENSSL_1_1_1b > EVP_KDF_CTX_new_id > 0000000000000000 DF *UND* 0000000000000000 OPENSSL_1_1_1b > EVP_KDF_CTX_free > 0000000000000000 DF *UND* 0000000000000000 OPENSSL_1_1_1b > EVP_KDF_derive > > # objdump -TC libssl.so.1.1 | grep EVP_KDF > (nix) > > I checked also the sources 1.1.1l and 1.1.1s, there are a lot of > 'EVP_*' > symbols, but not EVP_KDF_ctrl. > > What is the correct way to fix this. Thanks in advance. > > matthias > -- Tomáš Mráz, OpenSSL
