← Back to team overview

ius-coredev team mailing list archive

[Bug 1034961] Re: WL: OpenSSL 1.0.1 or greater

 

Hello Michael,

I was able to recreate the behavior you reported.  I spun up a CentOS
6.4 server and switched it to use IUS's openssl10.  Then I upgraded to
6.5:

# cat /etc/issue
CentOS release 6.4 (Final)
Kernel \r on an \m

# rpm -qa |grep openssl
openssl10-libs-1.0.1e-2.ius.centos6.x86_64
openssl10-1.0.1e-2.ius.centos6.x86_64


# yum upgrade
...

# ssh localhost
ssh: relocation error: ssh: symbol SSLeay_version, version OPENSSL_1.0.1 not defined in file libcrypto.so.10 with link time reference

and from a remote machine:

$ ssh root@test.server
ssh_exchange_identification: read: Connection reset by peer


After switching back to stock openssl, I was able to connect.  

# yum replace openssl10 --replace-with openssl
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
 * epel: mirror.steadfast.net
 * ius: mirror.rackspace.hk
Replacing packages takes time, please be patient...

WARNING: Unable to resolve all providers: ['config(openssl10-libs)',
'openssl-libs', 'openssl-libs(x86-64)', 'openssl10-libs',
'openssl10-libs(x86-64)', 'openssl10', 'openssl10(x86-64)']

This may be normal depending on the package.  Continue? [y/N] y
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-15.el6 will be installed
---> Package openssl10.x86_64 0:1.0.1e-2.ius.centos6 will be erased
---> Package openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================
 Package                        Arch                   Version                              Repository            Size
=======================================================================================================================
Installing:
 openssl                        x86_64                 1.0.1e-15.el6                        base                 1.5 M
Removing:
 openssl10                      x86_64                 1.0.1e-2.ius.centos6                 @ius                 1.5 M
 openssl10-libs                 x86_64                 1.0.1e-2.ius.centos6                 @ius                 2.2 M

Transaction Summary
=======================================================================================================================
Install       1 Package(s)
Remove        2 Package(s)

Total download size: 1.5 M
Is this ok [y/N]: y
Downloading Packages:
openssl-1.0.1e-15.el6.x86_64.rpm                                                                | 1.5 MB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : openssl-1.0.1e-15.el6.x86_64                                                                        1/3 
  Erasing    : openssl10-1.0.1e-2.ius.centos6.x86_64                                                               2/3 
  Erasing    : openssl10-libs-1.0.1e-2.ius.centos6.x86_64                                                          3/3 
  Verifying  : openssl-1.0.1e-15.el6.x86_64                                                                        1/3 
  Verifying  : openssl10-1.0.1e-2.ius.centos6.x86_64                                                               2/3 
  Verifying  : openssl10-libs-1.0.1e-2.ius.centos6.x86_64                                                          3/3 

Removed:
  openssl10.x86_64 0:1.0.1e-2.ius.centos6                 openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6                

Installed:
  openssl.x86_64 0:1.0.1e-15.el6                                                                                       

Complete!
# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is a7:f1:24:99:dd:e1:25:32:34:f7:ef:aa:19:71:9d:4d.
Are you sure you want to continue connecting (yes/no)?no
# rpm -qa |grep openssl
openssl-1.0.1e-15.el6.x86_64

I spun up another test server, switched to openssl10, updated to 6.5 and
got the follow when I attempted to restart sshd:

# /etc/init.d/sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd: /usr/sbin/sshd: relocation error: /usr/sbin/sshd: symbol SSLeay_version, version OPENSSL_1.0.1 not defined in file libcrypto.so.10 with link time reference
                                                           [FAILED]

My connection did not drop even though sshd was not running.  Switching
back to stock openssl, I was able to start sshd:


# yum replace openssl10 --replace-with openssl
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
 * epel: mirror.steadfast.net
 * ius: ord.mirror.rackspace.com
Replacing packages takes time, please be patient...

WARNING: Unable to resolve all providers: ['config(openssl10-libs)',
'openssl-libs', 'openssl-libs(x86-64)', 'openssl10-libs',
'openssl10-libs(x86-64)', 'openssl10', 'openssl10(x86-64)']

This may be normal depending on the package.  Continue? [y/N] y
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-15.el6 will be installed
---> Package openssl10.x86_64 0:1.0.1e-2.ius.centos6 will be erased
---> Package openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================
 Package                        Arch                   Version                              Repository            Size
=======================================================================================================================
Installing:
 openssl                        x86_64                 1.0.1e-15.el6                        base                 1.5 M
Removing:
 openssl10                      x86_64                 1.0.1e-2.ius.centos6                 @ius                 1.5 M
 openssl10-libs                 x86_64                 1.0.1e-2.ius.centos6                 @ius                 2.2 M

Transaction Summary
=======================================================================================================================
Install       1 Package(s)
Remove        2 Package(s)

Total download size: 1.5 M
Is this ok [y/N]: y
Downloading Packages:
openssl-1.0.1e-15.el6.x86_64.rpm                                                                | 1.5 MB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : openssl-1.0.1e-15.el6.x86_64                                                                        1/3 
  Erasing    : openssl10-1.0.1e-2.ius.centos6.x86_64                                                               2/3 
  Erasing    : openssl10-libs-1.0.1e-2.ius.centos6.x86_64                                                          3/3 
  Verifying  : openssl-1.0.1e-15.el6.x86_64                                                                        1/3 
  Verifying  : openssl10-1.0.1e-2.ius.centos6.x86_64                                                               2/3 
  Verifying  : openssl10-libs-1.0.1e-2.ius.centos6.x86_64                                                          3/3 

Removed:
  openssl10.x86_64 0:1.0.1e-2.ius.centos6                 openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6                

Installed:
  openssl.x86_64 0:1.0.1e-15.el6                                                                                       

Complete!

# /etc/init.d/sshd restart
Stopping sshd:                                             [FAILED]
Starting sshd:                                             [  OK  ]

Seeing that Red Hat and CentOS now provides a current version of
openssl, and IUS's openssl10 is causing breakage.  We are going to go
ahead and EOL openssl10.  All openssl10 packages will still be available
in the archive repos for the time being.  An official announcement will
be coming soon.

-Ben

-- 
You received this bug notification because you are a member of IUS Core
Development, which is subscribed to IUS Community Project.
https://bugs.launchpad.net/bugs/1034961

Title:
  WL: OpenSSL 1.0.1 or greater

Status in IUS Community Project:
  Fix Committed

Bug description:
  Would be great to see OpenSSL 1.0.1 or greater added to the repo.

  CentOS 6 shipped with 1.0, however 1.0.1 has some significant changes
  that are needed by many things including SPDY in web servers (Next
  Protocol Negotiation TLS).  Over the course of CentOS 6's live it's
  becoming increasingly important.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ius/+bug/1034961/+subscriptions


References