Not-So-Newbie Openssl Question

From: Tony Holmes <tony@xxxxxxxxxxxxxx>
Date: Wed, 14 Dec 2005 10:02:33 -0500

Hi all and TIA for any help,

I find myself in an imposed quandry. I am using cPanel on 4.11-RELEASE-p13
boxes. 99% of the system works well, but I've come across an issue with
ssl. It's caused my certs to suddenly crap out and SSL connections from
payment processors no longer work (making my customers a tad angry)

The base system has openssl-0.9.7d and the ports are linked against
openssl-0.9.8a (installed from ports). cPanel mostly uses the ports/packages
system (good choice on their part) *EXCEPT* for apache.

The cpanel apache/ssl build links against the base system, while everything
else (including php which is built in the same procedure) is linked against
the port openssl. This is frustrating to no end.

Now, I first tried installing the openssl overwriting the base. I worked
around the conflict error by definig the shlib version to 3, then sshd
stops working with "I am linked against 0.9.7" (doh of course) so I back
that out since I cannot determine how to get that and any other base system
tools to link against 0.9.8a (after a week of first identifying this problem
and attempting to fix it has made my brain slightly squishier than usual).

Is there any way to safely bring the base system openssl up to 0.9.8a
(do not mind making world/kernels) so the ports and base system match?

--
Tony Holmes

Ph: (416) 993-1219

Founder and Senior Systems Architect
Crosswinds Internet Communications Inc.
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Follow-Ups:
- Re: Not-So-Newbie Openssl Question
  - From: Simon Barner

Prev by Date: Re: Useful addition to ipfw
Next by Date: Re: Not-So-Newbie Openssl Question
Previous by thread: Useful addition to ipfw
Next by thread: Re: Not-So-Newbie Openssl Question
Index(es):
- Date
- Thread

Relevant Pages

Re: SSH Client - OpenSSH dependency problem
... As already mentioned you can just use the base system ssh. ... By default the base system contains openssl in /usr/bin and the openssl ... port installs to /usr/local/bin. ... have an updated version in base or ports then tell me where it is. ...
(freebsd-questions)
Re: openoffice-2 & openssl-beta-0.9.8a
... I suppose you're using the ports openssl instead of the base system. ... >> This is a kind of reposting, I got no response to this question (Why? ...
(freebsd-questions)
Re: NO_OPENSSL= true?
... i dont recall how it ever got there. ... but everything else is from the base system. ... maybe it was an artifact from the 5.x days when I did run openssl from the ports tree. ...
(freebsd-questions)
Re: broken openssl on freebsd60
... Is there some reason you're installing it from the ports? ... I didn't know it was part of the base system, ... went to install apache2, postgresql, etc, those ports wanted to install the ... openssl port or at least they used to. ...
(freebsd-questions)
Re: broken openssl on freebsd60
... >> install the openssl port or at least they used to. ... > Another user had a similar issue like this with OpenSSL, ... that openssl is per default within the base system, ...
(freebsd-questions)