Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Version of OpenSSL being used
Operating Systems Solaris Version of OpenSSL being used Post 302770940 by CHoggarth on Tuesday 19th of February 2013 06:10:53 AM
Old 02-19-2013
Version of OpenSSL being used
Hello

I'm relatively new to technologies like Apache & ssl but have some years
experience with Unix. My question concerns the version of OpenSSL which is
genuinely being used on our server & how is that set.

The server is running Solaris 10. I'll show output from various commands:

Code:
:/usr/local/ssl # pkginfo -l SMCossl
   PKGINST:  SMCossl
      NAME:  openssl
  CATEGORY:  application
      ARCH:  sparc
   VERSION:  1.0.1c
   BASEDIR:  /usr/local
    VENDOR:  The OpenSSL Group
    PSTAMP:  Steve Christensen
  INSTDATE:  Aug 17 2012 07:27
     EMAIL:  steve@smc.vnet.net
    STATUS:  completely installed
     FILES:     1871 installed pathnames
                   1 shared pathnames
                  43 directories
                  32 executables
               30745 blocks used (approx)

:/usr/local/ssl #

Code:
:/usr/local/ssl # openssl version -a
OpenSSL 1.0.1c 10 May 2012
built on: Sun May 13 18:44:13 EDT 2012
platform: solaris-sparcv9-gcc
options:  bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -
DDSO_DLFCN -DHAVE_DLFCN_H -m32 -mcpu=ultrasparc -O3 -fomit-frame-
pointer -Wall -DB_ENDIAN -DBN_DIV2W -DOPENSSL_BN_ASM_MONT -DSHA1
_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/local/ssl"
:/usr/local/ssl #

But if I run telnet xxx.xxx.xxx.xxx 80 & OPTIONS / HTTP1.0 from our network it reports 0.9.8x:

Code:
HTTP/1.1 200 OK
Date: Tue, 19 Feb 2013 10:20:37 GMT
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8x DAV/2
Allow: POST,OPTIONS,GET,HEAD
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html



Connection to host lost.

W:\>

I've been advised to use OPTIONS / HTTP1.0 to determine which version is genuinely being used.

We have in the past installed SSL by package (the most recent being 1.0.1) & source (presumably the most recent being 0.9.8x).

I need to upgrade SSL on this server & I would like to use the 1.0.1 stream (I understand packages are more likely to be available for this & that's certainly easier to install). But I can't figure out why the system is really using 0.9.8x when the server itself is saying that 1.0.1 is being used.

I am assuming that the OPTIONS / HTTP1.0 command is giving me the true version.

Can anyone clarify what might be happening & advise how I can start using 1.0.1?

Thanks, Chris
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

openssl help

I ungraded my openssl on sun solaris 8 from openssl 0.9.6c to openssl 0.9.6g the ungrade went fine but when I tried to ssh in to server, I received the following error message "ld.so.1: ./sshd: fatal: relocation error: file /usr/local/ssl/lib/libcrypto.so.0.9.6: symbol main: referenced symbol... (2 Replies)
Discussion started by: hassan2
2 Replies

2. Solaris

Migrate unix version 8 to version 9

i have a program writing in PRO C which currently running in unix version 8 tie with oracle 8i, but in the future company gonna migrate this OS to version 9. Anything i have to prepare for my PRO C program to run in unix version 9? or anything would that impact my program couldn't run well? what... (2 Replies)
Discussion started by: lsy
2 Replies

3. Solaris

OpenSSL version and OpenSSH

Hi, I need an advise. Is it possible to compile binary of ssh that will work on more than one computer with installed different versions of openssl. I read it is not possible to compile static program over solaris but anyway? I am confused. (3 Replies)
Discussion started by: alekkz
3 Replies

4. UNIX for Advanced & Expert Users

Advanced Search * View * Edit JAVA version to WORK in GLASSFISH Forum topic JAVA version

Would like to confirm the ff. I got confused actually with the version I needed to download that will work on glassfish 3.0.1 a. Debian Squeeze (HP DL360). Need to use java version6 On Debian, I did apt-get install sun-java6-jdk. So when I check it's java version "1.6.0_22" Java(TM) SE... (1 Reply)
Discussion started by: lhareigh890
1 Replies

5. UNIX for Advanced & Expert Users

Using openssl

All, I am new to openssl and I have not been able to figure out exactly how to use it. What I need to do is to create a shell script which FTPS's (SFTP is not allowed on my project) a file to a mainframe. The mainframe will not initiate a session with my server. Question. Are the packages... (7 Replies)
Discussion started by: MichaelInDC
7 Replies

6. Solaris

Openssl 0.9.8r

Hi Peeps, Having trouble compiling openssl 0.9.8r on Solaris 10 x86. The make test fails when running the shatests (segmentation faults). There is a PROBLEM file that references a file called values.c. Anyone know whereabouts in the source tree you put this file as the file doesn't tell you... (2 Replies)
Discussion started by: callmebob
2 Replies

7. Shell Programming and Scripting

Copy a file from directroy/ prior version to the directory/ new version

How to copy a file from directroy/ prior version to the directory/ new version automatically. (4 Replies)
Discussion started by: roy1912
4 Replies

8. Cybersecurity

OpenSSL

I just started playing around with Unix's OpenSSL utility. I can't seem to get the hang of it, and the man page isn't helping much. I wanted to experiment with file encryption, so I created a dummy text file with one line of text and tried to encrypt it using DES. I used the following command: ... (2 Replies)
Discussion started by: Ultrix
2 Replies

9. HP-UX

Uninstall OpenSSL

We have a legacy HP-UX 11.11 server that has a number of security vulnerabilities associated with OpenSSL. We have a project in the works to replace this server but until then I need to deal with the vulnerabilities. No applications on the server utilize SSL, so my plan was to simply remove it. ... (8 Replies)
Discussion started by: jduehmig
8 Replies

LEARN ABOUT OPENSOLARIS

ssl_set_ex_data

SSL_get_ex_new_index(3openssl)					      OpenSSL					    SSL_get_ex_new_index(3openssl)

NAME

       SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data - internal application specific data functions

SYNOPSIS

	#include <openssl/ssl.h>

	int SSL_get_ex_new_index(long argl, void *argp,
		       CRYPTO_EX_new *new_func,
		       CRYPTO_EX_dup *dup_func,
		       CRYPTO_EX_free *free_func);

	int SSL_set_ex_data(SSL *ssl, int idx, void *arg);

	void *SSL_get_ex_data(const SSL *ssl, int idx);

	typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
		       int idx, long argl, void *argp);
	typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
		       int idx, long argl, void *argp);
	typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
		       int idx, long argl, void *argp);

DESCRIPTION

       Several OpenSSL structures can have application specific data attached to them.	These functions are used internally by OpenSSL to manipu-
       late application specific data attached to a specific structure.

       SSL_get_ex_new_index() is used to register a new index for application specific data.

       SSL_set_ex_data() is used to store application data at arg for idx into the ssl object.

       SSL_get_ex_data() is used to retrieve the information for idx from ssl.

       A detailed description for the *_get_ex_new_index() functionality can be found in RSA_get_ex_new_index(3).  The *_get_ex_data() and
       *_set_ex_data() functionality is described in CRYPTO_set_ex_data(3).

EXAMPLES

       An example on how to use the functionality is included in the example verify_callback() in SSL_CTX_set_verify(3).

SEE ALSO

       ssl(3), RSA_get_ex_new_index(3), CRYPTO_set_ex_data(3), SSL_CTX_set_verify(3)

OpenSSL-0.9.8							    Oct 11 2005 				    SSL_get_ex_new_index(3openssl)
All times are GMT -4. The time now is 08:45 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy