Re: Openssl 3.0.7 in Centos 7.9

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/16/22 08:11, Ariel R. wrote:
ln -s /usr/local/lib64/libssl.so.3 /usr/lib64/libssl.so.3
ln -s /usr/local/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3

<snip>

*#About the problem*

In the console, if I run “openssl version“, I can see the version installed is indeed 3.0.7, which is ok.

The problem is that Apache is still referencing the old version:

Server Version: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s

The symlinks you created put copies of the openssl 3 libraries into the general OS library path.

Apache wasn't compiled against openssl 3, though ... so it is going to be looking for a very different library files.

This is a generic CentOS 7 install on a VM:

[sheisey@centos7 ~]$ locate libssl
/usr/lib64/.libssl.so.1.0.2k.hmac
/usr/lib64/.libssl.so.10.hmac
/usr/lib64/libssl.so.1.0.2k
/usr/lib64/libssl.so.10
/usr/lib64/libssl3.so
[sheisey@centos7 ~]$ cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)

The library filenames for the system openssl are very different than the library filenames for the 3.0.7 version you installed.

I don't think you can replace the system's 1.1.1s libraries with the 3.0.7 version, I expect that would break things. You will probably need to compile Apache yourself and have it use the openssl that you installed into /usr/local.

I installed mod_ssl on that vm and checked what library files it is looking for:

[sheisey@centos7 ~]$ ldd /usr/lib64/httpd/modules/mod_ssl.so
	linux-vdso.so.1 =>  (0x00007ffd0bda5000)
	libssl.so.10 => /lib64/libssl.so.10 (0x00007f309ddd7000)
	libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f309d974000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f309d758000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007f309d554000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f309d186000)
	libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f309cf39000)
	libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f309cc50000)
	libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f309ca4c000)
	libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f309c819000)
	libz.so.1 => /lib64/libz.so.1 (0x00007f309c603000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f309e280000)
	libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f309c3f3000)
	libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f309c1ef000)
	libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f309bfd5000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f309bdae000)
	libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f309bb4c000)

The openssl library filenames that it is looking for are libssl.so.10 and libcrypto.so.10, so it would not pick up the openssl version 3 symlinks.

I'm curious how you ended up with 1.1.1s on CentOS 7. My VM is up to date and it has 1.0.2k.

Thanks,
Shawn



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux