From owner-freebsd-security@FreeBSD.ORG Wed Dec 14 15:02:37 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 50EC716A41F for ; Wed, 14 Dec 2005 15:02:37 +0000 (GMT) (envelope-from tony@crosswinds.net) Received: from out-mx1.crosswinds.net (out-mx1.crosswinds.net [216.18.117.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF21843D5E for ; Wed, 14 Dec 2005 15:02:34 +0000 (GMT) (envelope-from tony@crosswinds.net) Received: from admin.crosswinds.net (out-mx1.crosswinds.net [216.18.117.38]) by out-mx1.crosswinds.net (Postfix) with ESMTP id C0EB92BBFE for ; Wed, 14 Dec 2005 10:02:33 -0500 (EST) Received: by admin.crosswinds.net (Postfix, from userid 1001) id A19DE4056; Wed, 14 Dec 2005 10:02:33 -0500 (EST) Date: Wed, 14 Dec 2005 10:02:33 -0500 From: Tony Holmes To: freebsd-security@freebsd.org Message-ID: <20051214150233.GA36436@crosswinds.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: Not-So-Newbie Openssl Question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Dec 2005 15:02:37 -0000 Hi all and TIA for any help, I find myself in an imposed quandry. I am using cPanel on 4.11-RELEASE-p13 boxes. 99% of the system works well, but I've come across an issue with ssl. It's caused my certs to suddenly crap out and SSL connections from payment processors no longer work (making my customers a tad angry) The base system has openssl-0.9.7d and the ports are linked against openssl-0.9.8a (installed from ports). cPanel mostly uses the ports/packages system (good choice on their part) *EXCEPT* for apache. The cpanel apache/ssl build links against the base system, while everything else (including php which is built in the same procedure) is linked against the port openssl. This is frustrating to no end. Now, I first tried installing the openssl overwriting the base. I worked around the conflict error by definig the shlib version to 3, then sshd stops working with "I am linked against 0.9.7" (doh of course) so I back that out since I cannot determine how to get that and any other base system tools to link against 0.9.8a (after a week of first identifying this problem and attempting to fix it has made my brain slightly squishier than usual). Is there any way to safely bring the base system openssl up to 0.9.8a (do not mind making world/kernels) so the ports and base system match? -- Tony Holmes Ph: (416) 993-1219 Founder and Senior Systems Architect Crosswinds Internet Communications Inc.