On 12/16/22 08:11, Ariel R. wrote:
ln -s /usr/local/lib64/libssl.so.3 /usr/lib64/libssl.so.3
ln -s /usr/local/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3
<snip>
*#About the problem*
In the console, if I run “openssl version“, I can see the version
installed is indeed 3.0.7, which is ok.
The problem is that Apache is still referencing the old version:
Server Version: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s
The symlinks you created put copies of the openssl 3 libraries into the
general OS library path.
Apache wasn't compiled against openssl 3, though ... so it is going to
be looking for a very different library files.
This is a generic CentOS 7 install on a VM:
[sheisey@centos7 ~]$ locate libssl
/usr/lib64/.libssl.so.1.0.2k.hmac
/usr/lib64/.libssl.so.10.hmac
/usr/lib64/libssl.so.1.0.2k
/usr/lib64/libssl.so.10
/usr/lib64/libssl3.so
[sheisey@centos7 ~]$ cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
The library filenames for the system openssl are very different than the
library filenames for the 3.0.7 version you installed.
I don't think you can replace the system's 1.1.1s libraries with the
3.0.7 version, I expect that would break things. You will probably need
to compile Apache yourself and have it use the openssl that you
installed into /usr/local.
I installed mod_ssl on that vm and checked what library files it is
looking for:
[sheisey@centos7 ~]$ ldd /usr/lib64/httpd/modules/mod_ssl.so
linux-vdso.so.1 => (0x00007ffd0bda5000)
libssl.so.10 => /lib64/libssl.so.10 (0x00007f309ddd7000)
libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f309d974000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f309d758000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f309d554000)
libc.so.6 => /lib64/libc.so.6 (0x00007f309d186000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f309cf39000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f309cc50000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f309ca4c000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f309c819000)
libz.so.1 => /lib64/libz.so.1 (0x00007f309c603000)
/lib64/ld-linux-x86-64.so.2 (0x00007f309e280000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f309c3f3000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f309c1ef000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f309bfd5000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f309bdae000)
libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f309bb4c000)
The openssl library filenames that it is looking for are libssl.so.10
and libcrypto.so.10, so it would not pick up the openssl version 3 symlinks.
I'm curious how you ended up with 1.1.1s on CentOS 7. My VM is up to
date and it has 1.0.2k.
Thanks,
Shawn