Improper (?) OpenSSL version mismatch(was RE: OpenSSH_2.5.1p1 - RH 6.2)
Loomis, Rip
GILBERT.R.LOOMIS at saic.com
Fri Mar 23 06:30:20 EST 2001
Well, I've finally gotten around to compiling
and testing OpenSSH 2.5.2p1, in order to update
the contrib/solaris packaging scripts.
Somehow on my test system, I'm getting errors
that indicate that I've still got some old copy
of OpenSSL being found somewhere...but I can't
for the life of me tell where. The compile went
fine (it found the OpenSSL 0.9.5a libraries that
I had compiled and installed in /usr/local/ssl),
but I get the error below with text indicating
that I've still got some other random version.
The screwy thing is that I'm rather sure that I
don't...in fact, I even downloaded, compiled,
and installed OpenSSL 0.9.6 in hopes that it
would fix it (no joy). Then I did multiple
global finds looking for any crypto or ssl-related
libraries that might have been dangling (no joy).
Finally, I commented out the check in entropy.c
and re-compiled, and ssh/sshd run fine. This
implies to me that the check possibly doesn't work
properly?
Any other hints as to a filename to look for, or
an alternate installation location? It seems
particularly odd to me that the compile runs fine,
but on *the same box* it picks up a different
library version at run-time.
contrib/solaris updates to follow ASAP.
Rip Loomis Voice Number: (410) 953-6874
--------------------------------------------------------
Senior Security Engineer
Center for Information Security Technology
Science Applications International Corporation
http://www.cist.saic.com
> -----Original Message-----
> From: Damien Miller [mailto:djm at mindrot.org]
> Sent: Monday, February 26, 2001 4:38 PM
> To: mouring at etoh.eviladmin.org
> Cc: Christophe GRENIER; openssh-unix-dev at mindrot.org
> Subject: Re: OpenSSH_2.5.1p1 - RH 6.2
>
>
> On Tue, 27 Feb 2001, Damien Miller wrote:
>
> > How about we put something like:
> >
> > if (SSLeay() != OPENSSL_VERSION_NUMBER)
> > fatal("OpenSSL version mismatch. Built against %x, you have %x",
> > OPENSSL_VERSION_NUMBER, SSLeay());
> >
> > at the start of every executable to kill this thing once
> and for all.
>
> I might put this in init_rng() so we get it without any more
> disruption.
>
> -d
>
> --
> | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are
> the poor man's
> | http://www.mindrot.org / distributed
> filesystem'' - Dan Geer
>
>
More information about the openssh-unix-dev
mailing list