openssl-0.9.8a

sspt said:
Hello,
I've compiled it but apache crashes too, i've decided to install 0.9.7i and its up and stable but:
[root@xk ~]# openssl
OpenSSL> version
OpenSSL 0.9.7i 14 Oct 2005

and

Apache/2.0.55 (Unix) mod_perl/1.99_17-dev Perl/v5.8.5 mod_ssl/2.0.55 OpenSSL/0.9.7a PHP/4.4.0 Server at xk Port 80

I've recompiled modssl and apache, so, why it still appears as 0.9.7a?

Kind Regards,
Click to expand...
update openssl again..
go to /usr/local/directadmin/customeapache/
edit "build" change modssl version to 2.8.25,
wget http://www.modssl.org/source/mod_ssl-2.8.25-1.3.34.tar.gz
run "./build apache_mod_ssl"
after that build php again.
 
I found the problem,
/lib/libssl.so is /lib64/libssl.so in my case (64bit OS)

Now i have another problem:
make[2]: Entering directory `/usr/local/directadmin/customapache/curl-7.15.0/lib'
/bin/sh ../libtool --tag=CC --mode=link gcc -g -O2 -L/usr/kerberos/lib -L/usr/kerberos/lib64 -o libcurl.la -rpath /usr/local/lib -version-info 3:0:0 file.lo timeval.lo base64.lo hostip.lo progress.lo formdata.lo cookie.lo http.lo sendf.lo ftp.lo url.lo dict.lo if2ip.lo speedcheck.lo ldap.lo ssluse.lo version.lo getenv.lo escape.lo mprintf.lo telnet.lo netrc.lo getinfo.lo transfer.lo strequal.lo easy.lo security.lo krb4.lo memdebug.lo http_chunks.lo strtok.lo connect.lo llist.lo hash.lo multi.lo content_encoding.lo share.lo http_digest.lo md5.lo http_negotiate.lo http_ntlm.lo inet_pton.lo strtoofft.lo strerror.lo hostares.lo hostasyn.lo hostip4.lo hostip6.lo hostsyn.lo hostthre.lo inet_ntop.lo parsedate.lo select.lo gtls.lo sslgen.lo tftp.lo -lidn -lssl -lcrypto -ldl -lssl -lcrypto -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lresolv -ldl -lz -lz
gcc -shared .libs/file.o .libs/timeval.o .libs/base64.o .libs/hostip.o .libs/progress.o .libs/formdata.o .libs/cookie.o .libs/http.o .libs/sendf.o .libs/ftp.o .libs/url.o .libs/dict.o .libs/if2ip.o .libs/speedcheck.o .libs/ldap.o .libs/ssluse.o .libs/version.o .libs/getenv.o .libs/escape.o .libs/mprintf.o .libs/telnet.o .libs/netrc.o .libs/getinfo.o .libs/transfer.o .libs/strequal.o .libs/easy.o .libs/security.o .libs/krb4.o .libs/memdebug.o .libs/http_chunks.o .libs/strtok.o .libs/connect.o .libs/llist.o .libs/hash.o .libs/multi.o .libs/content_encoding.o .libs/share.o .libs/http_digest.o .libs/md5.o .libs/http_negotiate.o .libs/http_ntlm.o .libs/inet_pton.o .libs/strtoofft.o .libs/strerror.o .libs/hostares.o .libs/hostasyn.o .libs/hostip4.o .libs/hostip6.o .libs/hostsyn.o .libs/hostthre.o .libs/inet_ntop.o .libs/parsedate.o .libs/select.o .libs/gtls.o .libs/sslgen.o .libs/tftp.o -L/usr/kerberos/lib -L/usr/kerberos/lib64 -lidn -lssl -lcrypto -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lresolv -ldl -lz -Wl,-soname -Wl,libcurl.so.3 -o .libs/libcurl.so.3.0.0
/usr/bin/ld: /usr/lib/gcc/x86_64-redhat-linux/3.4.4/../../../../lib64/libcrypto.a(x86_64cpuid.o): relocation R_X86_64_PC32 against `OPENSSL_cpuid_setup' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Bad value
collect2: ld returned 1 exit status
make[2]: *** [libcurl.la] Error 1
make[2]: Leaving directory `/usr/local/directadmin/customapache/curl-7.15.0/lib'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/usr/local/directadmin/customapache/curl-7.15.0/lib'
make: *** [all-recursive] Error 1
Click to expand...

Using mod_ssl-2.8.25-1.3.34 and already compiled openssl with -fPIC

...

Installed 0.9.7i and its working now
 
Last edited:
followed the instructions and get lots of errors in log

[26/Dec/2005 22:51:52 01347] [error] SSL handshake failed (server localhost:443, client xx.xxx.xx.xxx) (OpenSSL library error follows)
[26/Dec/2005 22:51:52 01347] [error] OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

this happen s randomly. sometimes it happens when i login to squirrelmail or click on navigation link within squirrelmail and/or logout from squirrelmail. it happens to cerberus too.

any idea?
 
I have the same problem. Anyone else?

I had to roll back exim to 4.60.
 
Last edited:
Hello,

I had done a quick google on this error and it looks like it might be a new exim bug with regards to ssl/tls.

The workaround is to edit yoru exim.conf, and change:
Code: 
remote_smtp:
  driver = smtp
to
Code: 
remote_smtp:
  driver = smtp
  hosts_avoid_tls=*
save,exit, then restart exim.

John
 
John,

Did you notify Dr Hazel of the bug? He's very proactive on fixing bugs; often he issues new releases the same day.

Jeff
 
Dr Hazel is an active reader of, and contributor to, the list.

The fix will certainly be in the next release.

Should I change the masters? Are you changing the masters?

Or should we wait to see if the bugfix resolves the problem without a change to exim.conf ???

What do you feel we should do?

Thanks.

Jeff
 
I'm going to hold off to see if the next release fixes it.
I've added a knowledgebase entry regarding the issue for now.

John
 
I was trying to upgrade to openssl-0.9.8a just a bit ago. when running this command:
Code: 
ldconfig -v
I got this error:
Code: 
bash: ldconfig: command not found
What do I need to do to install / setup ldconfig? OS is CentOS 4.3


Never mind, I figured it out. I had to su in a su - instead of just su
 
Last edited:
Upgrading openssl on FreeBSd 6.1 seems to work like so:

Code: 
vi /usr/local/etc/pkgtools.conf
[B]MAKE_ARGS = {
    'security/openssl' => '-DOPENSSL_OVERWRITE_BASE'
  }[/B]

portinstall openssl

Then recompile apache and php.

However, this doesn't fix the remote smtp error. It doesn't break exim either when the problem wasn't there to begin with.

I suspect this is because at least on freebsd exim ships in binary form and there's no clear way to recompile exim so that it makes use of the new openssl.

Any ideas?
 
Last edited:
Thanks. This looks promising. I went ahead like so:

Code: 
fetch [url]ftp://ftp.eu.uu.net/pub/unix/mail/exim/exim/exim4/exim-4.63.tar.gz[/url]
tar xvzf exim-4.63.tar.gz
cd exim-4.63/Local
fetch [url]http://www.directadmin.com/Makefile[/url]
cd ..
make

After a while an error pops up:

Code: 
awk '{ print ($1+1) }' cnumber.h > cnumber.temp
rm -f cnumber.h; mv cnumber.temp cnumber.h
gcc version.c
rm -f exim
gcc -o exim
/usr/bin/ld: cannot find -lperl
*** Error code 1

Stop in /root/exim-4.63/build-FreeBSD-i386.
*** Error code 1

Stop in /root/exim-4.63.

After some googling i found out that this may happen because libperl wasn't installed. So i did:

Code: 
cd /usr/ports/devel/libpperl
make install clean

And tried again. However, the same error comes up.

I suspect that the Makefile expects libperl at a different location than the default one, but i'm not sure.

By the way, i also noticed that the paths to openssl in your Makefile are not correct (in my case). I used 'overwrite_base' to replace the base openssl with the one in ports.
 
You must log in or register to reply here.
Back
Top