Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-07-2003, 08:53 AM
|
#1
|
Member
Registered: Dec 2002
Posts: 63
Rep:
|
openssl upgrade
Hi,
I've removed the openssl-0.9.6b rpm (default with redhat 7.2 install) and installed openssl-0.9.7.tar.gz by running:
# tar -zxvf openssl-0.9.7.tar.gz
# cd openssl-0.9.7
# /.configure
# make
# make test
# make install
Everything seems to go fine but when i try the command:
# openssl version (it tells me openssl isn't installed)
or
# man openssl
# no man pages for openssl exist
Does anyone know what i may have done wrong or what i have to do to activate openssl?
Thanks!
|
|
|
03-07-2003, 11:04 AM
|
#2
|
Moderator
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696
|
By default, OpenSSl is installed in /usr/local/ssl. You need to add it to PATH:
export PATH=$PATH:/usr/local/ssl/bin
(in /etc/profile)
and to ld.so.conf
/usr/local/ssl/lib
|
|
|
03-07-2003, 02:36 PM
|
#3
|
Member
Registered: Dec 2002
Posts: 63
Original Poster
Rep:
|
Do you mean edit /etc/profile? For example,
# /etc/profile
# vi profile
Then add the line:
export PATH=$PATH:/usr/local/ssl/bin
Do I add this line anywhere in profile? There are a bunch of 'if' and 'fi' statements as well as other stuff in there. Do i need any of that or simply stick the above line in there anywhere and write the new file?
Also, on redhat 7.2, ld.so.conf is in /etc (/etc/ld.so.conf). Do i just add /usr/local/ssl/lib in that file, or are there other tricks?
I installed openssl-devel earlier and thought that that may have been the problem (but i wasn't). i'll try your suggestions when i hear back and see what happens. Just out of curiosity, do you know why openssl doesn't do these above steps automatically during the install? I didn't read anywhere in the docs about taking these extra steps.
Thanks!
|
|
|
03-07-2003, 03:11 PM
|
#4
|
Moderator
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696
|
/etc/profile: at the end, that's the best idea (after all the ifs an so on..)
/etc/ld.so.conf:just the directory name, as separate line
You need those comands because you installed OpenSSL in a directory that's not in your PATH/ld.so.conf. When you run ./configure, you can specify the dir using --prefix. That's why in some systems you don't need the modifications. Also, you may configure your system not to use /etc/ld.so.conf, so it may be risky to make the modification with the installation script.
|
|
|
03-07-2003, 04:16 PM
|
#5
|
Member
Registered: May 2002
Location: AK - The last frontier.
Distribution: Red Hat 8.0, Slackware 8.1, Knoppix 3.7, Lunar 1.3, Sorcerer
Posts: 771
Rep:
|
What I usually do is overlay the older binaris/manpages with the newer one, so that there wont be 2 versions of the package in my system. In addition to the disk space that an older version occupies, most programs that use the components of this package might look for it in the wrong place. This is a crucial condition with openssl, as all the additional security that the newer package provides will not be made use of if the programs looking for it ( apache ssl, openssh etc ) uses the wrong libraries.
Fortunately, you can tune the installation layout with most packages by 'configuring' with the right options. In some cases, you may also have to edit the Makefile to put the man pages in /usr/share/man ( depends on distro ) instead /usr/local/man etc.
Here's the command I used to configure openssl. you can use
./configure --help in most cases to find out what option it supports.
./config --prefix=/usr --openssldir=/usr/share/ssl threads shared
|
|
|
03-10-2003, 12:53 PM
|
#6
|
Member
Registered: Dec 2002
Posts: 63
Original Poster
Rep:
|
Hey guys,
Thanks for the tips. It now tells me I have openssl 0.9.7a installed when i type 'openssl version' and i can read the man pages.
How do i start or make ssl active so that when i do a netstat i see port 443? Do i need a client on the server or my XP laptop?
Also, when i reboot the box i now get sshd, libcrypto, and sendmail startup failed errors. When i go into /usr/lib it looks like i have orphan files or something for libcrypto. Here are 2 of files outputted from 'ls -l'
------------------------------------------------------------------------------------
lrwxrwxrwx 1root root 29 Mar 7 11:29
libcrypto.so -> ../../lib/libcrypto.so.0.9.6b
lrwxrwxrwx 1root root 29 Mar 7 11:29
libssl.so -> ../../lib/libssl.so.0.9.7a
----------------------------------------------------------------------------------
Both of these entries are in red block with white lettering. The first entry points to the version of ssh which was deleted. Does anyone know how i can check if openssl is installed and working properly and how i get rid of my startup errors with sshd, libcrypto and sendmail?
Thanks!
|
|
|
03-10-2003, 01:21 PM
|
#7
|
Member
Registered: Dec 2002
Posts: 63
Original Poster
Rep:
|
To add to what i wrote earlier, when i manually try and restart sshd and sendmail here is my output:
---------------------------------------------------------------------------------
# /etc/rc.d/init.d/sshd restart
Stopping sshd: [FAILED]
Starting sshd:/usr/sbin/sshd:error while loading shared libraries: libcrypto.so.2: cannot open shared object file: No such file or directory
[FAILED]
# /etc/rc.d/init.d/sendmail restart
Stopping sendmail: [FAILED]
Starting sendmail:/usr/sbin/sendmail:error while loading shared libraries: libssl.so.2: cannot open shared object file: No such file or directory
[FAILED]
---------------------------------------------------------------------------------
This may have to do with the fact that libcrypto is an orphan or non-existent file. How can i fix this?
Thanks.
|
|
|
03-10-2003, 01:23 PM
|
#8
|
Moderator
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696
|
Try to make symlinks. /usr/lib/libcrypto.so.2 and /usr/lib/libssl.so.2 should be symlinks to newer version.
|
|
|
03-10-2003, 01:57 PM
|
#9
|
Member
Registered: Dec 2002
Posts: 63
Original Poster
Rep:
|
Do i do that from root or from /usr/lib? Would this be the correct format:
-----------------------------------------------------------------------
# ln -s ../../lib/libssl.so.0.9.7a libssl.so
or
# ln -s ../usr/lib/libssl.so.0.9.7a libssl.so
--------------------------------------------------------------------
I tried the first option earlier and it said libssl.so already exists. So then i renamed libssl.so to libssl.so.bak and tried it again. Unfortunately, i got the same result of:
-------------------------------------------------------------------------------
lrwxrwxrwx 1root root 29 Mar 7 11:29
libssl.so -> ../../lib/libssl.so.0.9.7a
----------------------------------------------------------------------------------
This was in red block with white lettering suggesting an orphan or non-existent file (i think).
|
|
|
03-10-2003, 02:54 PM
|
#10
|
Moderator
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696
|
Somthing like
ln -s /usr/local/ssl/lib/libssl.so.0.9.7a libssl.so
as root, from /usr/lib.
|
|
|
03-11-2003, 08:06 AM
|
#11
|
Member
Registered: Dec 2002
Posts: 63
Original Poster
Rep:
|
Unfortunately, nothing seems to work. In /usr/local/ssl/lib there is no such file called libssl.so.0.9.7a. There are 2 files called libssl.a and libcrypto.a (don't know what they are or do). So just for the hell of it I tried:
ln -s /usr/local/ssl/lib/libssl.a libssl.so.2
and
ln -s /usr/local/ssl/lib/libcrypto.a libcrypto.so.2
When i reboot, sshd and sendmail still fail and the error message now says invalid ELF header (instead of missing file or directory).
From your previous post, libssl.so is still in red block (i'm assuming because there is no libssl.so.0.9.7a anywhere....atleast from what i can tell). Is this a lost cause? Should I just uninstall or delete openssl 0.9.7a and reinstall the rpm that comes on the redhat 7.2 cd?
Thanks.
|
|
|
03-11-2003, 09:51 AM
|
#12
|
Moderator
Registered: May 2001
Posts: 29,415
|
No, the .a files are "ar" archives for static linking.
If you still got the unclean sourcedir you made openssl in, try "make -n install > installer.log", then "less installer.log".
It should show you *what* it thinks it should install and *where* it should install it, w/o actually installing. Great for checking.
Also check your ./configure directives, it should show something like "linux" and "shared".
I didn't go for 7a tho, I just installed RHN's openssl-0.9.6-14 cuz it incorporates the fixes as well.
If you're feeling adventurous you also could extract the .spec file from the .7a tarball, and do "rpm -ba </path/to/openssl.spec" to have your rpm build the tarball for you and install it...
|
|
|
03-11-2003, 12:32 PM
|
#13
|
Moderator
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696
|
There's an option to create shared libraries (so). Please run
./configure --help and find it (don't have a source to check now), it's something like --shared. Then use ./configure --shared;make;make test;make install
|
|
|
All times are GMT -5. The time now is 06:51 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|