openssl upgrade confusion
Ash Gokhale
ash.gokhale at noaa.gov
Thu Mar 18 11:08:36 PST 2004
Backup, and overwrite the base library! Build it with the same target
options that the os uses. If you are after a new version of the library
that is symbol compatible; it's probably not worth have the old lib to
fall back to . OpenSSL bugs are the kind of thing that get your system
OwnZ3d; you want the later version unless your are testing exploits.
On the other hand this approach doesn't play nice with the freebsd
configuration management structure; where all the customizations live
in /usr/local and don't get overwritten with make world. If you are
trying to get _all_ the angels on one pinhead you can try going after
ld.so's runtime configuration, specifically:
man ld.so (whack) /LD_LIB (whack) =
LD_LIBRARY_PATH A colon separated list of directories,
overriding the
default search path for shared libraries. This
is
ignored for set-user-ID and set-group-ID
programs.
and
LD_PRELOAD A list of shared libraries, separated by
colons and/or
white space, to be linked in before any other
shared
libraries. If the directory is not specified
then the
directories specified by LD_LIBRARY_PATH will be
searched first followed by the set of built-in
stan-
dard directories. This is ignored for
set-user-ID and
set-group-ID programs.
You can use this to conceal the system's libcrypto from your app.
Parting shot:
DO check the MD5sum for the SSL package. It hasn't been trojaned; yet.
On Mar 18, 2004, at 11:58 AM, Jamie wrote:
>
>
> I'm trying to upgrade my to openssl 0.9.7d from 0.9.7c and am
> having a
> really rough time. I downloaded the 9.7d tarball and untarred it in
> /usr/src. I did a ./config, make, and make install. It seems to have
> placed the new openssl libraries in a different location than where the
> original ones were installed:
> # locate libcrypto.a
> /usr/lib/libcrypto.a
> /usr/local/ssl/lib/libcrypto.a
> What is the best way to over-write the base install? I've considered
> adding /usr/local/ssl/lib to the /var/run/ld-elf.so.hints file but I
> can't
> find a way to modify the order so that /usr/local/ssl/lib/ is checked
> before /usr/lib.
>
> - Jamie
>
Ash.Gokhale at noaa.gov
System Administration Lead,
NOAA/MDL
More information about the freebsd-newbies
mailing list