Re: OpenSSL - what have I actually done!?

To: NetBSD/Alpha Discussion List <port-alpha%NetBSD.org@localhost>
Subject: Re: OpenSSL - what have I actually done!?
From: Bernd Ernesti <netbsd%lists.veego.de@localhost>
Date: Thu, 18 Sep 2008 08:32:41 +0200

On Wed, Sep 17, 2008 at 11:25:46PM +0100, Jeff Tupholme wrote:
> Hi,
> 
> I've been updating an install of NetBSD 3.1 to get the Web server as  
> current as possible. Apache itself was no problem as I had installed  
> it from pkgsrc, so I simply downloaded the latest version.
> 
> However, I noticed from the Apache signature that my OpenSSL was an  
> old version. I hadn't installed this from pkgsrc so I realised it had  
> come with the base system. Looking at the security advisories, where  
> a couple of patches for it are advised, I saw how to update it. In  
> short, I downloaded the source tarballs for lib/ and crypto/,  
> unpacked them into /usr/src and followed the instructions for  
> patching OpenSSL. The install seemed to work and I now have new  
> versions of /usr/lib/libcrypto* and /usr/lib/libssl*.
> 
> However, when I look again at the signature being given by Apache  
> (and yes, I have stopped and started it) I still see the old version  
> number for OpenSSL - it hasn't changed. I'm wondering now what I've  
> actually done as I expected OpenSSL to be rebuilt when building the  
> libs with 'dependall' specified. A newer version exists in pkgsrc.

You also installed the new include files (where the openssl version
is)?

IMHO you have to rebuild apache again. The 'old' binaries are using
the old openssl libraries.

The major version of the libararies are recorded in the binaries.
And so it would still use the old version if there is a new library
which has a new major version.

And no, do NOT remove the old openssl libraries from your system now.
That would not solve your problem and you have a system which is broken
due too the missing libraries.

It may be better to ask on current-users about your problem, but there
are some information missing from your mail:
- which source tarfiles did you download
- is there now more then one major version for libcrypto and libssl on
  your system (in /usr/lib and /lib).

Bernd

Follow-Ups:
- Re: OpenSSL - what have I actually done!?
  - From: Jeff Tupholme

References:
- OpenSSL - what have I actually done!?
  - From: Jeff Tupholme

Prev by Date: OpenSSL - what have I actually done!?
Next by Date: Re: OpenSSL - what have I actually done!?
Previous by Thread: OpenSSL - what have I actually done!?
Next by Thread: Re: OpenSSL - what have I actually done!?
Indexes:

Home | Main Index | Thread Index | Old Index