Upgrading to OpenSSL 0.9.6g, server still reports 0.9.6a

Hi all,

After upgrading my OpenSSL version to 0.9.6g and recompiling apache
1.3.26, the servers log still reports OpenSSL 0.9.6a. I've searched my
system for traces of 0.9.6a to no avail. I am wondering if perhaps this
is just a reporting error, of if I actually do have an old library
somewhere that is getting compiled in?

Here is what my Apache configure looks like. You will see it reports it
is using OpenSSL 0.9.6g. Following that, is the snipit from my apache
error_log which claims it is still running 0.9.6a (after restarting the
server and verifying that it is the new binary).

Configuring for Apache, Version 1.3.26
+ using installation path layout: GNU (config.layout)
Creating Makefile
Creating Configuration.apaci in src
+ enabling mod_so for DSO support
Creating Makefile in src
+ configured for FreeBSD 4.6 platform
+ setting C compiler to gcc
+ setting C pre-processor to gcc -E
+ checking for system header files
+ using custom target name: httpsd
+ adding selected modules
o rewrite_module uses ConfigStart/End
enabling DBM support for mod_rewrite
o db_auth_module uses ConfigStart/End
using Berkeley-DB/1.x for mod_auth_db (-lc)
o ssl_module uses ConfigStart/End
+ SSL interface: mod_ssl/2.8.10
+ SSL interface build type: DSO
+ SSL interface compatibility: enabled
+ SSL interface experimental code: disabled
+ SSL interface conservative code: disabled
+ SSL interface vendor extensions: disabled
+ SSL interface plugin: Vendor DBM (libc)
+ SSL library path: [SYSTEM]
+ SSL library version: OpenSSL 0.9.6g 9 Aug 2002
+ SSL library type: installed package (system-wide)
+ enabling Extended API (EAPI)
+ using builtin Expat
+ checking sizeof various data types
+ doing sanity check on compiler and options
Creating Makefile in src/support
Creating Makefile in src/os/unix
Creating Makefile in src/ap
Creating Makefile in src/main
Creating Makefile in src/lib/expat-lite
Creating Makefile in src/modules/standard
Creating Makefile in src/modules/extra
Creating Makefile in src/modules/proxy
Creating Makefile in src/modules/ssl


Here is the error_log snipit with the versions listed:

[Sat Sep 14 15:27:43 2002] [notice] Apache/1.3.26 (Unix) mod_ssl/2.8.10
OpenSSL/0.9.6a configured -- resuming normal operations


With the new OpenSSL worm in the wild, I really need to verify that I am
running 0.9.6g instead of 0.9.6a. Any help with be appreciated.

Thanks,
Jim


35 nix /home/rif % strings /usr/lib/libssl.so | grep "9\.6"
SSLv2/3 compatibility part of OpenSSL 0.9.6g 9 Aug 2002
TLSv1 part of OpenSSL 0.9.6g 9 Aug 2002
OpenSSL 0.9.6g 9 Aug 2002
SSLv3 part of OpenSSL 0.9.6g 9 Aug 2002
SSLv2 part of OpenSSL 0.9.6g 9 Aug 2002

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Upgrading to OpenSSL 0.9.6g, server still reports 0.9.6a

On Sat, 14 Sep 2002, Jim Riffle wrote:

> After upgrading my OpenSSL version to 0.9.6g and recompiling apache
> 1.3.26, the servers log still reports OpenSSL 0.9.6a. I've searched my
> system for traces of 0.9.6a to no avail. I am wondering if perhaps this
> is just a reporting error, of if I actually do have an old library
> somewhere that is getting compiled in?

Probably an old library.

Try running ldd on the httpd binary. If that doesn't reveal anything, you
could always do:

find / -name "libssl*"
find / -name "libcrypto*"

Some possible locations:

/usr/local/ssl/lib
/usr/local/lib

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Upgrading to OpenSSL 0.9.6g, server still reports 0.9.6a

--------------060909070202060400020806
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit

When I look at your log I see:

o ssl_module uses ConfigStart/End
+ SSL interface: mod_ssl/2.8.10
+ SSL interface build type: DSO
+ SSL interface compatibility: enabled
+ SSL interface experimental code: disabled
+ SSL interface conservative code: disabled
+ SSL interface vendor extensions: disabled
+ SSL interface plugin: Vendor DBM (libc)
+ SSL library path: [SYSTEM]
+ SSL library version: OpenSSL 0.9.6g 9 Aug 2002 <<<<<<<<<<<<
+ SSL library type: installed package (system-wide)

Did I miss something?

Cliff Woolley wrote:

>On Sat, 14 Sep 2002, Jim Riffle wrote:
>
>
>
>>After upgrading my OpenSSL version to 0.9.6g and recompiling apache
>>1.3.26, the servers log still reports OpenSSL 0.9.6a. I've searched my
>>system for traces of 0.9.6a to no avail. I am wondering if perhaps this
>>is just a reporting error, of if I actually do have an old library
>>somewhere that is getting compiled in?
>>
>>
>
>Probably an old library.
>
>Try running ldd on the httpd binary. If that doesn't reveal anything, you
>could always do:
>
>find / -name "libssl*"
>find / -name "libcrypto*"
>
>Some possible locations:
>
>/usr/local/ssl/lib
>/usr/local/lib
>
>--Cliff
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>
>
>

--
..tom



--------------060909070202060400020806
Content-Type: text/html; charset=US-ASCII
Content-Transfer-Encoding: 7bit







When I look at your log I see:

o ssl_module uses ConfigStart/End

      + SSL interface: mod_ssl/2.8.10

      + SSL interface build type: DSO

      + SSL interface compatibility: enabled

      + SSL interface experimental code: disabled

      + SSL interface conservative code: disabled

      + SSL interface vendor extensions: disabled

      + SSL interface plugin: Vendor DBM (libc)

      + SSL library path: [SYSTEM]

      + SSL library version: OpenSSL 0.9.6g 9 Aug 2002 <<<<<<<<<<<<

      + SSL library type: installed package (system-wide)

cite="midPine.LNX.4.44.0209141858540.3472-100000@bistromath. cs.virginia.edu">

On Sat, 14 Sep 2002, Jim Riffle wrote:



  

After upgrading my OpenSSL version to 0.9.6g and recompiling apache

1.3.26, the servers log still reports OpenSSL 0.9.6a.  I've searched my

system for traces of 0.9.6a to no avail.  I am wondering if perhaps this

is just a reporting error, of if I actually do have an old library

somewhere that is getting compiled in?

    

Probably an old library.



Try running ldd on the httpd binary.  If that doesn't reveal anything, you

could always do:



find / -name "libssl*"

find / -name "libcrypto*"



Some possible locations:



/usr/local/ssl/lib

/usr/local/lib



--Cliff



 ____________________________________________________________ __________

Apache Interface to OpenSSL (mod_ssl)                   

User Support Mailing List                      

Automated List Manager                            



  

-- 

..tom

Re: Upgrading to OpenSSL 0.9.6g, server still reports 0.9.6a

On Sun, 15 Sep 2002, Thomas Gagne wrote:

> + SSL library version: OpenSSL 0.9.6g 9 Aug 2002 <<<<<<<<<<<<
>
> Did I miss something?

The version found by the script and the version linked in aren't
*necessarily* the same one. Which is bad, I know, but for one reason or
another it's never been a perfect 1-1 match.

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org