Trouble upgrading OpenSSL 0.9.6x to 0.9.7d

• Previous message: Sensei: "Please! Kerberos ssh without password"
• Next in thread: Kim O. Madsen: "Re: Trouble upgrading OpenSSL 0.9.6x to 0.9.7d"
• Maybe reply: Kim O. Madsen: "Re: Trouble upgrading OpenSSL 0.9.6x to 0.9.7d"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 25 Aug 2004 17:10:39 +0200

Hello

I´ve having some trouble with sub. compiling OpenSSL goes fine, output is
cool:

$ openssl version
OpenSSL 0.9.7d 17 Mar 2004

but OpenSSh fails saying there´s a missmatch with the headers (0.9.7d) and
the libraries (0.9.6x) "Your OpenSSL headers do not match your library"

$ locate opensslv.h | xargs grep -H VERSION_TEXT[^$]
shows there´s only 0.9.7d files in the system (did an locate.updatedb before
trying that :-)

I´ve solved that by moving the ssl libraries:

$ mv /usr/lib/libcrypto.so /usr/lib/old-libcrypto.so;
$ mv /usr/lib/libcrypto.so.2 /usr/lib/old-libcrypto.so.2;

Then OpenSSH installs fine and output is cool:
$ ssh -V
OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004

I can log in just fine as an ordinary user, but when I try to be root?
$ su -
/usr/libexec/ld-elf.so.1: Shared object "libcrypto.so.2" not found

so I made a symlink:
$ ln -s /usr/local/lib/libcrypto.so.3 libcrypto.so.2

now I get the login prompt, but entering a password fails:
/usr/libexec/ld-elf.so.1: /usr/lib/libskey.so.2: Undefined symbol "crypt"

Anybody have an idea?

OpenSSL config:
./config --prefix=/usr--openssldir=/usr no-shared # tried shared aswell

OpenSSH config:
./configure --prefix=/usr--sysconfdir=/etc/ssh --with-ssl-dir=/usr --without
-zlib-version-check --with-ldflags=-lcrypt # tried without ldflags first

OS: FreeBSD 4.5, 4.6

sincerly
Kim Madsen

• Previous message: Sensei: "Please! Kerberos ssh without password"
• Next in thread: Kim O. Madsen: "Re: Trouble upgrading OpenSSL 0.9.6x to 0.9.7d"
• Maybe reply: Kim O. Madsen: "Re: Trouble upgrading OpenSSL 0.9.6x to 0.9.7d"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: On Open Source ... > make it possible to revoke either of the certificates ... You could just as easily delete the public key from your other box. ... > up using OpenSSL in a completely insecure way. ... > libraries instead of developing an application specific cryptographic ... (sci.crypt) Re: Apache, mod_ssl and openssl? ... One way to find out is to temporarily hide the shared OpenSSL libraries ... it's using the shared libraries. ... recompile your apache and life should be ... (comp.os.linux.security) Re: On Open Source ... > you could just as easily delete the public key from your other box (e.g. ... If OpenSSL only allowed 1 type ... >> be implemented by cryptographers. ... that isn't a reason to say "stop using open source libraries!". ... (sci.crypt) Re: Adding standalone RSA code ... Mark Murray said: ... when it comes to crypto libraries I'd ... rather stick with OpenSSL. ... however, as stated above, it has quite a few more eyes on it as well. ... (freebsd-arch) [CLA-2003:625] Conectiva Security Announcement - openssl ... SUMMARY: OpenSSL library vulnerabilities ... against OpenSSL and derived libraries. ... It is recommended that all users upgrade their openssl packages. ... Detailed instructions reagarding the use of apt and upgrade examples ... (Bugtraq)