John, On 4/18/14, 1:16 PM, John Iliffe wrote: > Further to my previous post, the log reports: > > [Sun Apr 13 03:20:08.591247 2014] [mpm_event:notice] [pid 11737:tid > 140478837470976] AH00489: Apache/2.4.9 (Unix) OpenSSL/1.0.1g configured -- > resuming normal operations > [Sun Apr 13 03:20:08.591283 2014] [core:notice] [pid 11737:tid > 140478837470976] AH00094: Command line: '/usr/apache-2.4.9/bin/httpd' > > BUT the libssl in use, and resulting from installing OpenSSL-1.0.1g, is > libssl-1.0.0
My setup is a little different:
$ httpd -v
Server version: Apache/2.2.23 (Unix)
Server built: Oct 21 2012 20:35:47
$ ldd /usr/sbin/httpd
linux-gate.so.1 => (0xb7761000)
libm.so.6 => /lib/i686/nosegneg/libm.so.6 (0xb76c3000)
libpcre.so.0 => /lib/libpcre.so.0 (0xb7668000)
libselinux.so.1 => /lib/libselinux.so.1 (0xb7649000)
libaprutil-1.so.0 => /usr/lib/libaprutil-1.so.0 (0xb7625000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0xb75f6000)
libexpat.so.1 => /lib/libexpat.so.1 (0xb75d0000)
libdb-4.7.so => /lib/libdb-4.7.so (0xb745e000)
libapr-1.so.0 => /usr/lib/libapr-1.so.0 (0xb7430000)
libpthread.so.0 => /lib/i686/nosegneg/libpthread.so.0 (0xb7415000)
libc.so.6 => /lib/i686/nosegneg/libc.so.6 (0xb726f000)
/lib/ld-linux.so.2 (0xb7762000)
libdl.so.2 => /lib/libdl.so.2 (0xb726a000)
libuuid.so.1 => /lib/libuuid.so.1 (0xb7265000)
libfreebl3.so => /lib/libfreebl3.so (0xb7206000)
$ ldd /usr/lib/libapr-1.so.0
linux-gate.so.1 => (0xb779a000)
libuuid.so.1 => /lib/libuuid.so.1 (0xb7760000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0xb7731000)
libpthread.so.0 => /lib/i686/nosegneg/libpthread.so.0 (0xb7717000)
libc.so.6 => /lib/i686/nosegneg/libc.so.6 (0xb7570000)
/lib/ld-linux.so.2 (0xb779b000)
libfreebl3.so => /lib/libfreebl3.so (0xb7511000)
libdl.so.2 => /lib/libdl.so.2 (0xb750c000)
$ ldd /usr/lib/httpd/modules/mod_ssl.so
linux-gate.so.1 => (0xb76f3000)
libssl.so.10 => /usr/lib/libssl.so.10 (0xb765d000)
libcrypto.so.10 => /lib/libcrypto.so.10 (0xb74a6000)
libc.so.6 => /lib/i686/nosegneg/libc.so.6 (0xb7300000)
libgssapi_krb5.so.2 => /lib/libgssapi_krb5.so.2 (0xb72c2000)
libkrb5.so.3 => /lib/libkrb5.so.3 (0xb71f3000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0xb71ef000)
libk5crypto.so.3 => /lib/libk5crypto.so.3 (0xb71c4000)
libresolv.so.2 => /lib/libresolv.so.2 (0xb71ad000)
libdl.so.2 => /lib/libdl.so.2 (0xb71a8000)
libz.so.1 => /lib/libz.so.1 (0xb7192000)
/lib/ld-linux.so.2 (0xb76f4000)
libkrb5support.so.0 => /lib/libkrb5support.so.0 (0xb7187000)
libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7183000)
libpthread.so.0 => /lib/i686/nosegneg/libpthread.so.0 (0xb7169000)
libselinux.so.1 => /lib/libselinux.so.1 (0xb714a000)
$ ls -l /usr/lib/libssl.so.10
lrwxrwxrwx 1 root root 16 Apr 8 15:38 /usr/lib/libssl.so.10 ->
libssl.so.1.0.1e
$ openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
$ sudo grep "resuming" /var/log/httpd/error_log
[Fri Apr 18 03:21:02 2014] [notice] Apache/2.2.23 (Unix) DAV/2
mod_jk/1.2.37 PHP/5.3.28 mod_ssl/2.2.23 OpenSSL/1.0.0-fips configured --
resuming normal operations
So httpd is dynamically-linked to OpenSSL 1.0.1e (really 1.0.1g, with a
very important patch ;) and yet it reports OpenSSL 1.0.0 on startup.
I don't get it. Both setups (2.2.26 and 2.4.9) have 1.0.1.e and have an
update available to 1.0.1g (I haven't read the changelogs but I'll bet
the difference is mostly the version-bump since everyone is paranoid
about 1.0.1e, now). I'll see if that changes anything.
-chris
signature.asc
Description: OpenPGP digital signature
