openssl upgrade confusion

Ash Gokhale ash.gokhale at noaa.gov
Thu Mar 18 11:08:36 PST 2004 

	Backup, and overwrite the base library!  Build it with the same target 
options that the os uses. If you are after a new version of the library 
that is symbol compatible; it's probably not worth have the old lib to 
fall back to .  OpenSSL bugs are the kind of thing that get your system 
OwnZ3d; you want the later version unless your are testing exploits.

	On the other hand this approach doesn't play nice with the freebsd 
configuration management structure; where all the customizations live 
in /usr/local and don't get overwritten with make world.  If you are 
trying to get _all_ the angels on one pinhead you can try going after 
ld.so's  runtime configuration, specifically:
man ld.so (whack) /LD_LIB (whack) =
     LD_LIBRARY_PATH    A colon separated list of directories, 
overriding the
                         default search path for shared libraries.  This 
is
                         ignored for set-user-ID and set-group-ID 
programs.
and

       LD_PRELOAD         A list of shared libraries, separated by 
colons and/or
                         white space, to be linked in before any other 
shared
                         libraries.  If the directory is not specified 
then the
                         directories specified by LD_LIBRARY_PATH will be
                         searched first followed by the set of built-in 
stan-
                         dard directories.  This is ignored for 
set-user-ID and
                         set-group-ID programs.

You can use this to conceal the system's libcrypto from your app.

Parting shot:
DO check the MD5sum for the SSL package. It hasn't been trojaned; yet.

On Mar 18, 2004, at 11:58 AM, Jamie wrote:
>
>
>    I'm trying to upgrade my to openssl 0.9.7d from 0.9.7c and am 
> having a
> really rough time. I downloaded the 9.7d tarball and untarred it in
> /usr/src. I did a ./config, make, and make install. It seems to have
> placed the new openssl libraries in a different location than where the
> original ones were installed:
> # locate libcrypto.a
> /usr/lib/libcrypto.a
> /usr/local/ssl/lib/libcrypto.a
>   What is the best way to over-write the base install? I've considered
> adding /usr/local/ssl/lib to the /var/run/ld-elf.so.hints file but I 
> can't
> find a way to modify the order so that /usr/local/ssl/lib/ is checked
> before /usr/lib.
>
>      - Jamie
>
Ash.Gokhale at noaa.gov
System Administration Lead,
NOAA/MDL

More information about the freebsd-newbies mailing list