Re: [exim] exim's OpenSSL "compile-time" & "runtime" version…

Pàgina inicial
Delete this message
Reply to this message
Autor: Chris Wilson
Data:  
A: Ben DJ
CC: exim-users
Assumpte: Re: [exim] exim's OpenSSL "compile-time" & "runtime" versions differ. How do I make them consistent?
Hi Ben,

On Wed, 10 Mar 2010, Ben DJ wrote:

> ->    OpenSSL compile-time version: OpenSSL 0.9.8k 25 Mar 2009
> ->    OpenSSL runtime version: OpenSSL 0.9.8m 25 Feb 2010

>
> I notice that the OpenSSL compile-time & runtime versions differ.
>
> Is that a problem?


Probably not, they should be ABI compatible.

> How do I make it consistent?


Remove these parts of these variables:

>     INCLUDE=-I/usr/local/ssl/openssl
>     LDFLAGS=-L/usr/local/ssl/lib -Wl,-rpath,/usr/local/ssl/lib
>     TLS_INCLUDE=-I/usr/local/ssl/openssl
>     TLS_LIBS=-L/usr/local/ssl/lib   -Wl,-rpath,/usr/local/ssl/lib


and recompile. But that's probably not the answer you want, as you
probably put those there.

I'm guessing you "upgraded" OpenSSL because of a security vulnerability,
and you want everything on your distro to use it. If so, then you may not
need to do so, as the vulnerability should have been patched by your
distro anyway, without necessarily increasing the apparent version number.

But if you insist, then installing another copy of OpenSSL is not the best
way to ensure that. Better to build a new RPM with OpenSSL 0.9.8m and use
it to replace the current 0.9.8k RPM on your system.

Cheers, Chris.
-- 
_ ___ __     _
  / __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |