ius-coredev team mailing list archive
-
ius-coredev team
-
Mailing list archive
-
Message #03308
[Bug 1034961] Re: WL: OpenSSL 1.0.1 or greater
Hello Michael,
I was able to recreate the behavior you reported. I spun up a CentOS
6.4 server and switched it to use IUS's openssl10. Then I upgraded to
6.5:
# cat /etc/issue
CentOS release 6.4 (Final)
Kernel \r on an \m
# rpm -qa |grep openssl
openssl10-libs-1.0.1e-2.ius.centos6.x86_64
openssl10-1.0.1e-2.ius.centos6.x86_64
# yum upgrade
...
# ssh localhost
ssh: relocation error: ssh: symbol SSLeay_version, version OPENSSL_1.0.1 not defined in file libcrypto.so.10 with link time reference
and from a remote machine:
$ ssh root@test.server
ssh_exchange_identification: read: Connection reset by peer
After switching back to stock openssl, I was able to connect.
# yum replace openssl10 --replace-with openssl
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
* epel: mirror.steadfast.net
* ius: mirror.rackspace.hk
Replacing packages takes time, please be patient...
WARNING: Unable to resolve all providers: ['config(openssl10-libs)',
'openssl-libs', 'openssl-libs(x86-64)', 'openssl10-libs',
'openssl10-libs(x86-64)', 'openssl10', 'openssl10(x86-64)']
This may be normal depending on the package. Continue? [y/N] y
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-15.el6 will be installed
---> Package openssl10.x86_64 0:1.0.1e-2.ius.centos6 will be erased
---> Package openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================
Installing:
openssl x86_64 1.0.1e-15.el6 base 1.5 M
Removing:
openssl10 x86_64 1.0.1e-2.ius.centos6 @ius 1.5 M
openssl10-libs x86_64 1.0.1e-2.ius.centos6 @ius 2.2 M
Transaction Summary
=======================================================================================================================
Install 1 Package(s)
Remove 2 Package(s)
Total download size: 1.5 M
Is this ok [y/N]: y
Downloading Packages:
openssl-1.0.1e-15.el6.x86_64.rpm | 1.5 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : openssl-1.0.1e-15.el6.x86_64 1/3
Erasing : openssl10-1.0.1e-2.ius.centos6.x86_64 2/3
Erasing : openssl10-libs-1.0.1e-2.ius.centos6.x86_64 3/3
Verifying : openssl-1.0.1e-15.el6.x86_64 1/3
Verifying : openssl10-1.0.1e-2.ius.centos6.x86_64 2/3
Verifying : openssl10-libs-1.0.1e-2.ius.centos6.x86_64 3/3
Removed:
openssl10.x86_64 0:1.0.1e-2.ius.centos6 openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6
Installed:
openssl.x86_64 0:1.0.1e-15.el6
Complete!
# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is a7:f1:24:99:dd:e1:25:32:34:f7:ef:aa:19:71:9d:4d.
Are you sure you want to continue connecting (yes/no)?no
# rpm -qa |grep openssl
openssl-1.0.1e-15.el6.x86_64
I spun up another test server, switched to openssl10, updated to 6.5 and
got the follow when I attempted to restart sshd:
# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: /usr/sbin/sshd: relocation error: /usr/sbin/sshd: symbol SSLeay_version, version OPENSSL_1.0.1 not defined in file libcrypto.so.10 with link time reference
[FAILED]
My connection did not drop even though sshd was not running. Switching
back to stock openssl, I was able to start sshd:
# yum replace openssl10 --replace-with openssl
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
* epel: mirror.steadfast.net
* ius: ord.mirror.rackspace.com
Replacing packages takes time, please be patient...
WARNING: Unable to resolve all providers: ['config(openssl10-libs)',
'openssl-libs', 'openssl-libs(x86-64)', 'openssl10-libs',
'openssl10-libs(x86-64)', 'openssl10', 'openssl10(x86-64)']
This may be normal depending on the package. Continue? [y/N] y
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-15.el6 will be installed
---> Package openssl10.x86_64 0:1.0.1e-2.ius.centos6 will be erased
---> Package openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================
Installing:
openssl x86_64 1.0.1e-15.el6 base 1.5 M
Removing:
openssl10 x86_64 1.0.1e-2.ius.centos6 @ius 1.5 M
openssl10-libs x86_64 1.0.1e-2.ius.centos6 @ius 2.2 M
Transaction Summary
=======================================================================================================================
Install 1 Package(s)
Remove 2 Package(s)
Total download size: 1.5 M
Is this ok [y/N]: y
Downloading Packages:
openssl-1.0.1e-15.el6.x86_64.rpm | 1.5 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : openssl-1.0.1e-15.el6.x86_64 1/3
Erasing : openssl10-1.0.1e-2.ius.centos6.x86_64 2/3
Erasing : openssl10-libs-1.0.1e-2.ius.centos6.x86_64 3/3
Verifying : openssl-1.0.1e-15.el6.x86_64 1/3
Verifying : openssl10-1.0.1e-2.ius.centos6.x86_64 2/3
Verifying : openssl10-libs-1.0.1e-2.ius.centos6.x86_64 3/3
Removed:
openssl10.x86_64 0:1.0.1e-2.ius.centos6 openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6
Installed:
openssl.x86_64 0:1.0.1e-15.el6
Complete!
# /etc/init.d/sshd restart
Stopping sshd: [FAILED]
Starting sshd: [ OK ]
Seeing that Red Hat and CentOS now provides a current version of
openssl, and IUS's openssl10 is causing breakage. We are going to go
ahead and EOL openssl10. All openssl10 packages will still be available
in the archive repos for the time being. An official announcement will
be coming soon.
-Ben
--
You received this bug notification because you are a member of IUS Core
Development, which is subscribed to IUS Community Project.
https://bugs.launchpad.net/bugs/1034961
Title:
WL: OpenSSL 1.0.1 or greater
Status in IUS Community Project:
Fix Committed
Bug description:
Would be great to see OpenSSL 1.0.1 or greater added to the repo.
CentOS 6 shipped with 1.0, however 1.0.1 has some significant changes
that are needed by many things including SPDY in web servers (Next
Protocol Negotiation TLS). Over the course of CentOS 6's live it's
becoming increasingly important.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ius/+bug/1034961/+subscriptions
References