Improper (?) OpenSSL version mismatch(was RE: OpenSSH_2.5.1p1 - RH 6.2)

Loomis, Rip GILBERT.R.LOOMIS at saic.com
Fri Mar 23 06:30:20 EST 2001 

Well, I've finally gotten around to compiling
and testing OpenSSH 2.5.2p1, in order to update
the contrib/solaris packaging scripts.

Somehow on my test system, I'm getting errors
that indicate that I've still got some old copy
of OpenSSL being found somewhere...but I can't
for the life of me tell where.  The compile went
fine (it found the OpenSSL 0.9.5a libraries that
I had compiled and installed in /usr/local/ssl),
but I get the error below with text indicating
that I've still got some other random version.

The screwy thing is that I'm rather sure that I
don't...in fact, I even downloaded, compiled,
and installed OpenSSL 0.9.6 in hopes that it
would fix it (no joy).  Then I did multiple
global finds looking for any crypto or ssl-related
libraries that might have been dangling (no joy).
Finally, I commented out the check in entropy.c
and re-compiled, and ssh/sshd run fine.  This
implies to me that the check possibly doesn't work
properly?

Any other hints as to a filename to look for, or
an alternate installation location?  It seems
particularly odd to me that the compile runs fine,
but on *the same box* it picks up a different
library version at run-time.

contrib/solaris updates to follow ASAP.

Rip Loomis		Voice Number: (410) 953-6874
--------------------------------------------------------
Senior Security Engineer
Center for Information Security Technology
Science Applications International Corporation
http://www.cist.saic.com

  

> -----Original Message-----
> From: Damien Miller [mailto:djm at mindrot.org]
> Sent: Monday, February 26, 2001 4:38 PM
> To: mouring at etoh.eviladmin.org
> Cc: Christophe GRENIER; openssh-unix-dev at mindrot.org
> Subject: Re: OpenSSH_2.5.1p1 - RH 6.2
> 
> 
> On Tue, 27 Feb 2001, Damien Miller wrote:
> 
> > How about we put something like:
> >
> > if (SSLeay() != OPENSSL_VERSION_NUMBER)
> > 	fatal("OpenSSL version mismatch. Built against %x, you have %x",
> > 	    OPENSSL_VERSION_NUMBER, SSLeay());
> >
> > at the start of every executable to kill this thing once 
> and for all.
> 
> I might put this in init_rng() so we get it without any more 
> disruption.
> 
> -d
> 
> -- 
> | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are 
> the poor man's
> | http://www.mindrot.org          /   distributed 
> filesystem'' - Dan Geer
> 
>

More information about the openssh-unix-dev mailing list