I was upgrading openssl 0.7 to 0.9.81 in my redhat 9 server. I've followed the guideline from here: [url]
Now everything is messed up There's no libcrypto.so in /usr/local/ssl/lib directory. Only libcrypto.a. Neither in /usr/lib or /lib directory. I can't even run scp or wget to download rpm of openssl. Getting libcrypto.so error. I've use locate command to find libcrypto.so. There's none. I've run ./config, make, make test and make install command again in the openssl 0.9.81 source directory. But no luck. No libcrypto.so. This is a production server and the httpd went down.
0509-036 Cannot load program /usr//bin/ssh because of the following errors: 0509-150 Dependent module /homepath/server/bin/libcrypto.a(libcrypto.so.0.9.8) could not be loaded. 0509-153 File /homepath/server/bin/libcrypto.a is not an archive or the file could not be read properly. 0509-026 System error: Cannot run a file that does not have a valid format.
I have a weird problem in which I try to use cryptodev in Openssl version 0.9.8g, but then if an error occurs or the system logs out, the version for Openssl rolls back to 0.9.8b.I have also tried reinstalling, but no dice. The version stays 0.9.8b. I am using Intel Tolapai with RedHat 5
I am a new administrator and am running SLES 11 on a VM. I have openssl installed, but when I attempt to compile an add-on module to Nginx I get the following list of errors:
I've been googling around and have had a bit of a hard time trying to find help with this little issue. Managed to install CouchDB on the server at work after doing some fiddling due to not having spidermonkey availableAnyways, rt of this involved updating openssl.fter doing this however all hell broke loose.It seems a lot of programs needed the old version- I keep getting: error while loading shared libraries: libssl.so.0.9.8: cannot open shared object file: No such file or directory
I did a search: >locate libssl.so.0.9.8 And it returned:
On F11 I very often used gftp. Now, after upgrading from F11 to F12 gftp gives the message that it needs libcrypto.so.8. When I try to install it by using yum, there's no such package available. Also, I find that I'm not the only one having this problem. Anyone an idea on how to solve this?
I need to install mysecureshell and when I try and do the rpm manager informs me that I need to install libcrypto.so.7. I cannot seem to find this file to download anywhere. How can I get it?
I haven't been able to determine what exactly Python OpenSSL and what it does. Google searching has not yielded me anything I can understand. In a terminal window (using RHEL 4.8 AS) typing
Code: rpm -qi pyOpenSSL yields information pertaining to the version of Python OpenSSL on my server. Can you explain what Python OpenSSL is in simple terms?
I'm currently running VB 3.0.10 on Fedora 12 64 bit.
When I attempt to upgrade my current install to 3.1 I get the following:
I am somewhat puzzled as this is a upgrade from a stable installed version. I have confirmed I have libcrypto.so.8 . . . from what I can tell its part of the openssl package but I've got the most current so I don't know how to obtain the libcrypto.so.10 file to correct this issue.
I recently just installed centos, but it appears that when I installed it v 0.9.8e was installed consequently, all the lib's etc. are /lib/libssl.so.0.9.8e instead of an ordinary /lib/libssl.so.0.9.8 etc. and this is causing some problems for me, as programs are looking for /lib/libssl.so.0.9.8, and even if i symlink/copy/move /lib/libssl.so.0.9.8e to /lib/libssl.so.0.9.8 there are still some errors occurring. I had been reading that supposedly yum is meant to have a "yum downgrade" option, however it doesn't appear to be recognised when I run it on my centos server.
this is my first post i have this error in ./configure for bind 9.7.3: checking for OpenSSL library... using OpenSSL from /usr/lib and /usr/includechecking whether linking with OpenSSL works... yeschecking whether linking with OpenSSL requires -ldl... unknown configure: error: OpenSSL has unsupported dynamic loading
I'm unable to compile ruby 1.9.X and I found out it was related to openssl, although it seems there's a patch available for ruby I don't know how to apply it so I was thinking on downgrading to openssl 0.9.8n
I'm using F13 btw, I'm still posting it here as openssl 1.0.0 was first introduced on F12, the other major distros are still using openssl 0.9.8k so there's no much information on the problem
I want to recompile Apache in order to be SNI supportive because I need to use ssl named based virtual host:
I referred to the following links:
[URL]
I installed the latest version of openssl which is now openssl-1.0.0 I ran the following commands:
./config enable-tlsext --prefix=/usr/local2 --openssldir=/usr/local2/openssl make make test make install
then to recompile apache with new SNI support I ran the following:
./configure --enable-so --enable-ssl --enable-rewrite --enable-unique-id --with-ssl=/usr/local2/openssl make make install
After that when I start Apache: /usr/local/apache2/bin/apachectl -k start I get the following error:
SSLStrictSNIVHostCheck failed; OpenSSL is not built with support for TLS extensions and SNI indication. Refer to the documentation, and build a compatible version of OpenSSL.
I am trying to get openssl to verify a certificate. I will walk you through what I have done so far.
1. openssl genrsa -des3 -out connect.mydomain.com.key 2048 2. openssl req -new -key connect.mydomain.com.key -out connect.mydomain.com.csr 3. Bought an SSL from GoDaddy. 4. Submitted my CSR 5. Downloaded sf_bundle.crt (CA File I presume) 6. Downloaded connect.mydomain.com.crt
Now I can do the following: [root@server tls]# openssl verify -CAfile sf_bundle.crt connect.mydomain.com.crt connect.mydomain.com.crt: OK This is specifying the CAfile.
in order to share profiles between a Mahara and a Moodle installation I need to get OpenSSL working.
I've got OpenSSL installed on the server and followed this tutorial. However, I still get an error message saying that either OpenSSL or PHPs support for OpenSSL are missing: Could not generate a new SSL key. Are you sure that both openssl and the PHP module for openssl are installed on this machine?
What would be the next steps to actually set up the Apache server and PHP so they can use OpenSSL? (I've already specified the path to my caconfig.cnf file in Maharas config.php)
I got an task assigned to me, i have to create new ssl key, csr & crt files using openssl. But the file name must be of this kind (*.aaa.xx.aa). When I tried the file name starting with * its not accepting the file name. But when I tried with the file name starting with . its getting generated.
I want to use FIPS mode under linux. With openssl-0.9.8o, I typed "./config fipscanisterbuild" and then typed "make". The compile successful. Then I did a test about fips, below is my test code (main.cpp):
I'm using Apache as a web server and mod_ssl to handle my certs. Everything was working fine on Fedora 11 running 0.9.8x of openssl until I updated to 12. Version 1.0.0beta4 of open ssl is full of bugs. It is basically incompatible with .net and php's implementation of SSL. Running wireshark actually shows it fails at handshake stages...
I'm not here to report the bugs relating to openssl but can somebody please explain why there is an unstable version of openssl in Fedora 12 as standard?
I'm getting a segv when trying to run CA.pl/.sh to create a rootCA: Please enter the following 'extra' attributes to be sent with your certificate request. A challenge password []: An optional company name []: unknown option -create_serial usage: ca args
-verbose - Talk alot while doing things -config file - A config file -name arg - The particular CA definition to use -gencrl - Generate a new CRL -crldays days - Days is when the next CRL is due -crlhours hours - Hours is when the next CRL is due -startdate YYMMDDHHMMSSZ - certificate validity notBefore -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days) -days arg - number of days to certify the certificate for -md arg - md to use, one of md2, md5, sha or sha1 -policy arg - The CA 'policy' to support -keyfile arg - private key file -keyform arg - private key file format (PEM or ENGINE) -key arg - key to decode the private key if it is encrypted -cert file - The CA certificate -in file - The input PEM encoded certificate request(s) -out file - Where to put the output file(s) -outdir dir - Where to put output certificates -infiles .... - The last argument, requests to process -spkac file - File contains DN and signed public key and challenge -ss_cert file - File contains a self signed cert to sign -preserveDN - Don't re-order the DN -noemailDN - Don't add the EMAIL field into certificate' subject -batch - Don't ask questions -msie_hack - msie modifications to handle all those universal strings -revoke file - Revoke a certificate (given in file) -subj arg - Use arg instead of request's subject -extensions .. - Extension section (override value in config file) -extfile file - Configuration file with X509v3 extentions to add -crlexts .. - CRL extension section (override value in config file) -engine e - use engine e, possibly a hardware device. -status serial - Shows certificate status given the serial number -updatedb - Updates db for expired certificates ./CA.sh: line 197: 10495 Segmentation fault $CA -create_serial -out ${CATOP}/$CACERT $CADAYS -batch -keyfile ${CATOP}/private/$CAKEY -selfsign -extensions v3_ca -infiles ${CATOP}/$CAREQ
I tried removing the -create_serial option and then it complains about the -selfsign option. Removed that too - but it just errors out, never creating my root ca cert. Happens with openssl 0.9.8m/1.0.0 on suse linux 9.
I saw, there is a new OpenSSL v 1.0.0 and I wanna ask how to install it. I have this server now Apache/2.2.14 (Ubuntu) PHP/5.2.10-2ubuntu6.4 with Suhosin-Patch mod_ssl/2.2.14 OpenSSL/0.9.8k
And I try to install by reading the Install file in the package but I still have 0.9.8k.
I'd like to upgrade libssl to 0.9.8l version on my Lucid-based server, because of CVE-2009-3555 - they say that 0.9.8l disables SSL renegotiation, fixing the security issue. But there is no 0.9.8l in Ubuntu repositories - only 0.9.8k-7 is available. how can I upgrade this library? BTW. it is really strange why such significant security fix is not available in Ubuntu repositories. why it is not available?
I asked on irc, and received a sad 'not unless the version in synaptics is with ssl'. Is it not possible to change this ? - or is the only way out to compile/build it yourself?
I'm try to connect to pop.gmail.com via openssl usingopenssl s_client -connect pop.gmail.com:995and i always have one error socket: Connection refusedconnect:errno=29what can i do to make it work?
I'm on F13 and I'm trying to compile a package from the source. The package is delasa (www.dalesa.lk) and when I ./configure. I get 'configure: error: openssl development libraries not found'. This is the output of 'yum search openssl | grep dev'
openssl-devel.i686 : Files for development of applications which will use globus-gsi-openssl-error-devel.i686 : Globus Toolkit - Globus OpenSSL Error globus-openssl-devel.i686 : Globus Toolkit - Openssl Library Development Files globus-openssl-module-devel.i686 : Globus Toolkit - Globus OpenSSL Module
