|
Get the source from opensll, inside the tarball is a spec file, build the rpm and do an install/forced upgrade test. in nothing breaks* then try to install with the --repackage flag (IIRC), then rpm will automagically rebuild the old installed package back to rpm. at least then you have a roll back right there.
* from the openssl-0.9.6g/FAQ:
What is special about OpenSSL on Redhat?
Red Hat Linux (release 7.0 and later) include a preinstalled limited
version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
is disabled in this version. The same may apply to other Linux distributions.
Users may therefore wish to install more or all of the features left out.
To do this you MUST ensure that you do not overwrite the openssl that is in
/usr/bin on your Red Hat machine. Several packages depend on this file,
including sendmail and ssh. /usr/local/bin is a good alternative choice. The
libraries that come with Red Hat 7.0 onwards have different names and so are
not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
/lib/libcrypto.so.2 respectively).
Please note that we have been advised by Red Hat attempting to recompile the
openssl rpm with all the cryptography enabled will not work. All other
packages depend on the original Red Hat supplied openssl package. It is also
worth noting that due to the way Red Hat supplies its packages, updates to
openssl on each distribution never change the package version, only the
build number. For example, on Red Hat 7.1, the latest openssl package has
version number 0.9.6 and build number 9 even though it contains all the
relevant updates in packages up to and including 0.9.6b.
A possible way around this is to persuade Red Hat to produce a non-US
version of Red Hat Linux.
|
Upgrading Openssl and mod_ssl
