Menu
▾
▴
Re: [naviserver-devel] Connecting to OpenSSL
|
From: Gustaf N. <ne...@wu...> - 2022-11-06 16:34:00
|
Dear Thorpe, it looks like you have now two versions of openssl installed on your system, since the output "1.0.2k-fips" comes straight from the library. So, if you see this string, the library is still there. One can check the version used during linkage via ldd /usr/local/ns/bin/nsd When upgrading to OpenSSL 3.*, it is recommended to recompile NaviServer (make clean, configure ..., make, make install) such that NaviServer can use the newer library calls. When the path to the openssl libary is not specified explicitly, configure uses "pkg-config --libs openssl" to determine the path the the library. all the best -g PS Btw, OpenACS.org runs with OpenSSL 3.2.0-dev On 06.11.22 13:47, THORPE MAYES via naviserver-devel wrote: > Hi, > > I updated OpenSSL on my server to version 3.0.7. > > Prior to updating, openssl version -a showed: > > OpenSSL 1.0.2k-fips 26 Jan 2017 > built on: reproducible build, date unspecified > platform: linux-x86_64 > options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) > idea(int) blowfish(idx) > compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB > -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT > -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 > -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 > -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY > -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 > -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM > -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM > -DGHASH_ASM -DECP_NISTZ256_ASM > OPENSSLDIR: "/etc/pki/tls" > engines: rdrand dynamic > > After updating, openssl version -a showed: > > OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022) > built on: Sat Nov 5 14:56:48 2022 UTC > platform: linux-x86_64 > options: bn(64,64) > compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 > -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC > -DOPENSSL_BUILDING_OPENSSL -DZLIB -DNDEBUG > OPENSSLDIR: "/etc/ssl" > ENGINESDIR: "/etc/ssl/lib64/engines-3" > MODULESDIR: "/etc/ssl/lib64/ossl-modules" > Seeding source: os-specific > CPUINFO: OPENSSL_ia32cap=0xfffa3203478bffff:0x7a9 > > When I restart naviserver I see this in the log file: > > Notice: OpenSSL OpenSSL 1.0.2k-fips 26 Jan 2017 initialized > > > That is the previous version of OpenSSL on the server. > > What do I need to change in order for naviserver to use the current > version of OpenSSL? Or, does it matter? > > When I updated to naviserver version 4.99.24 my configuration was: > ./configure --prefix=/usr/local/ns --with-tcl=/usr/local/ns/lib > --enable-symbols > > > Thorpe |
