LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 03-07-2003, 08:53 AM   #1
cuss
Member
 
Registered: Dec 2002
Posts: 63

Rep: Reputation: 15
openssl upgrade


Hi,

I've removed the openssl-0.9.6b rpm (default with redhat 7.2 install) and installed openssl-0.9.7.tar.gz by running:

# tar -zxvf openssl-0.9.7.tar.gz
# cd openssl-0.9.7
# /.configure
# make
# make test
# make install

Everything seems to go fine but when i try the command:

# openssl version (it tells me openssl isn't installed)

or

# man openssl
# no man pages for openssl exist

Does anyone know what i may have done wrong or what i have to do to activate openssl?

Thanks!
 
Old 03-07-2003, 11:04 AM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
By default, OpenSSl is installed in /usr/local/ssl. You need to add it to PATH:
export PATH=$PATH:/usr/local/ssl/bin
(in /etc/profile)
and to ld.so.conf
/usr/local/ssl/lib
 
Old 03-07-2003, 02:36 PM   #3
cuss
Member
 
Registered: Dec 2002
Posts: 63

Original Poster
Rep: Reputation: 15
Do you mean edit /etc/profile? For example,

# /etc/profile
# vi profile

Then add the line:

export PATH=$PATH:/usr/local/ssl/bin

Do I add this line anywhere in profile? There are a bunch of 'if' and 'fi' statements as well as other stuff in there. Do i need any of that or simply stick the above line in there anywhere and write the new file?

Also, on redhat 7.2, ld.so.conf is in /etc (/etc/ld.so.conf). Do i just add /usr/local/ssl/lib in that file, or are there other tricks?

I installed openssl-devel earlier and thought that that may have been the problem (but i wasn't). i'll try your suggestions when i hear back and see what happens. Just out of curiosity, do you know why openssl doesn't do these above steps automatically during the install? I didn't read anywhere in the docs about taking these extra steps.

Thanks!
 
Old 03-07-2003, 03:11 PM   #4
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
/etc/profile: at the end, that's the best idea (after all the ifs an so on..)
/etc/ld.so.conf:just the directory name, as separate line

You need those comands because you installed OpenSSL in a directory that's not in your PATH/ld.so.conf. When you run ./configure, you can specify the dir using --prefix. That's why in some systems you don't need the modifications. Also, you may configure your system not to use /etc/ld.so.conf, so it may be risky to make the modification with the installation script.
 
Old 03-07-2003, 04:16 PM   #5
nxny
Member
 
Registered: May 2002
Location: AK - The last frontier.
Distribution: Red Hat 8.0, Slackware 8.1, Knoppix 3.7, Lunar 1.3, Sorcerer
Posts: 771

Rep: Reputation: 30
What I usually do is overlay the older binaris/manpages with the newer one, so that there wont be 2 versions of the package in my system. In addition to the disk space that an older version occupies, most programs that use the components of this package might look for it in the wrong place. This is a crucial condition with openssl, as all the additional security that the newer package provides will not be made use of if the programs looking for it ( apache ssl, openssh etc ) uses the wrong libraries.

Fortunately, you can tune the installation layout with most packages by 'configuring' with the right options. In some cases, you may also have to edit the Makefile to put the man pages in /usr/share/man ( depends on distro ) instead /usr/local/man etc.

Here's the command I used to configure openssl. you can use
./configure --help in most cases to find out what option it supports.

./config --prefix=/usr --openssldir=/usr/share/ssl threads shared
 
Old 03-10-2003, 12:53 PM   #6
cuss
Member
 
Registered: Dec 2002
Posts: 63

Original Poster
Rep: Reputation: 15
Hey guys,

Thanks for the tips. It now tells me I have openssl 0.9.7a installed when i type 'openssl version' and i can read the man pages.

How do i start or make ssl active so that when i do a netstat i see port 443? Do i need a client on the server or my XP laptop?

Also, when i reboot the box i now get sshd, libcrypto, and sendmail startup failed errors. When i go into /usr/lib it looks like i have orphan files or something for libcrypto. Here are 2 of files outputted from 'ls -l'

------------------------------------------------------------------------------------
lrwxrwxrwx 1root root 29 Mar 7 11:29
libcrypto.so -> ../../lib/libcrypto.so.0.9.6b

lrwxrwxrwx 1root root 29 Mar 7 11:29
libssl.so -> ../../lib/libssl.so.0.9.7a
----------------------------------------------------------------------------------

Both of these entries are in red block with white lettering. The first entry points to the version of ssh which was deleted. Does anyone know how i can check if openssl is installed and working properly and how i get rid of my startup errors with sshd, libcrypto and sendmail?

Thanks!
 
Old 03-10-2003, 01:21 PM   #7
cuss
Member
 
Registered: Dec 2002
Posts: 63

Original Poster
Rep: Reputation: 15
To add to what i wrote earlier, when i manually try and restart sshd and sendmail here is my output:

---------------------------------------------------------------------------------
# /etc/rc.d/init.d/sshd restart
Stopping sshd: [FAILED]
Starting sshd:/usr/sbin/sshd:error while loading shared libraries: libcrypto.so.2: cannot open shared object file: No such file or directory
[FAILED]

# /etc/rc.d/init.d/sendmail restart
Stopping sendmail: [FAILED]
Starting sendmail:/usr/sbin/sendmail:error while loading shared libraries: libssl.so.2: cannot open shared object file: No such file or directory
[FAILED]
---------------------------------------------------------------------------------

This may have to do with the fact that libcrypto is an orphan or non-existent file. How can i fix this?

Thanks.
 
Old 03-10-2003, 01:23 PM   #8
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
Try to make symlinks. /usr/lib/libcrypto.so.2 and /usr/lib/libssl.so.2 should be symlinks to newer version.
 
Old 03-10-2003, 01:57 PM   #9
cuss
Member
 
Registered: Dec 2002
Posts: 63

Original Poster
Rep: Reputation: 15
Do i do that from root or from /usr/lib? Would this be the correct format:

-----------------------------------------------------------------------
# ln -s ../../lib/libssl.so.0.9.7a libssl.so

or

# ln -s ../usr/lib/libssl.so.0.9.7a libssl.so
--------------------------------------------------------------------

I tried the first option earlier and it said libssl.so already exists. So then i renamed libssl.so to libssl.so.bak and tried it again. Unfortunately, i got the same result of:

-------------------------------------------------------------------------------
lrwxrwxrwx 1root root 29 Mar 7 11:29
libssl.so -> ../../lib/libssl.so.0.9.7a
----------------------------------------------------------------------------------

This was in red block with white lettering suggesting an orphan or non-existent file (i think).
 
Old 03-10-2003, 02:54 PM   #10
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
Somthing like
ln -s /usr/local/ssl/lib/libssl.so.0.9.7a libssl.so
as root, from /usr/lib.
 
Old 03-11-2003, 08:06 AM   #11
cuss
Member
 
Registered: Dec 2002
Posts: 63

Original Poster
Rep: Reputation: 15
Unfortunately, nothing seems to work. In /usr/local/ssl/lib there is no such file called libssl.so.0.9.7a. There are 2 files called libssl.a and libcrypto.a (don't know what they are or do). So just for the hell of it I tried:

ln -s /usr/local/ssl/lib/libssl.a libssl.so.2

and

ln -s /usr/local/ssl/lib/libcrypto.a libcrypto.so.2

When i reboot, sshd and sendmail still fail and the error message now says invalid ELF header (instead of missing file or directory).

From your previous post, libssl.so is still in red block (i'm assuming because there is no libssl.so.0.9.7a anywhere....atleast from what i can tell). Is this a lost cause? Should I just uninstall or delete openssl 0.9.7a and reinstall the rpm that comes on the redhat 7.2 cd?

Thanks.
 
Old 03-11-2003, 09:51 AM   #12
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
No, the .a files are "ar" archives for static linking.

If you still got the unclean sourcedir you made openssl in, try "make -n install > installer.log", then "less installer.log".
It should show you *what* it thinks it should install and *where* it should install it, w/o actually installing. Great for checking.
Also check your ./configure directives, it should show something like "linux" and "shared".

I didn't go for 7a tho, I just installed RHN's openssl-0.9.6-14 cuz it incorporates the fixes as well.

If you're feeling adventurous you also could extract the .spec file from the .7a tarball, and do "rpm -ba </path/to/openssl.spec" to have your rpm build the tarball for you and install it...
 
Old 03-11-2003, 12:32 PM   #13
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
There's an option to create shared libraries (so). Please run
./configure --help and find it (don't have a source to check now), it's something like --shared. Then use ./configure --shared;make;make test;make install
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenSSL and its wonder Swakoo Linux - Newbie 9 03-22-2006 07:41 AM
OpenSSL Upgrade neodaemon Linux - Security 2 10-14-2005 01:40 PM
OpenSSL Chiel Linux - Newbie 1 09-03-2004 04:52 PM
Problem openssl rpm upgrade simquest Linux - Software 1 03-03-2004 02:58 PM
How do you upgrade openssl via rpm...? tarballed Linux - Software 6 10-02-2003 08:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 06:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration