Re: Did RedHat's OpenSSL patch miss Apache?
From: Todd Vierling (tv_at_duh.org)
Date: Mon, 10 May 2004 16:13:32 -0400 (EDT) To: gf gf <firstname.lastname@example.org>
On Sun, 9 May 2004, gf gf wrote:
: It seems to me that Apache uses its own copy of
: libssl, which is not part of the openssl RPM and hence
: not updated by the RedHat RPM update. (And is still
: $ rpm -q -f /usr/lib/apache/libssl.so
Are you sure that's libssl the OpenSSL library and not libssl the Apache
module? Try the following:
$ ldd /usr/lib/apache/libssl.so
If you see /usr/lib/libssl.so.* in the list, then this is a red herring --
the /usr/lib/apache/libssl.so is just the Apache module glue and is properly
using OpenSSL from /usr/lib like everything else.
-- -- Todd Vierling <email@example.com> <firstname.lastname@example.org>