openssl alert when 9.8i installed?
Andy Shellam
andy-lists at networkmail.eu
Sat Jan 3 20:12:00 UTC 2009
Hi,
> ns1# find / -name 'openssl' -print
> /usr/bin/openssl
> /usr/include/openssl
> /usr/local/bin/openssl
> /usr/local/include/openssl
> /usr/local/include/openssl.old/openssl
> /usr/local/share/doc/openssl
> /usr/local/openssl
> /usr/local/ssl/bin/openssl
> /usr/local/ssl/include/openssl
> /usr/share/openssl
> /usr/src/crypto/openssl
> /usr/src/secure/usr.bin/openssl
> /usr/ports/security/openssl
> /usr/home/andrew/openssl-0.9.8i/apps/openssl
> /usr/home/andrew/openssl-0.9.8i/include/openssl
You have MANY installations of OpenSSL; as a helpful observation, you
might want to clear those up as you'll have applications that could be
running against outdated versions of OpenSSL, and causing problems like
the one you're seeing with Bind.
>
> ns1# /usr/local/bin/openssl version
> OpenSSL 0.9.8i 15 Sep 2008
> ns1# /usr/bin/openssl version
> OpenSSL 0.9.8i 15 Sep 2008
>
> and my configure statement is:
> ./configure --prefix=/usr --sysconfdir=/etc/namedb
> --mandir=/usr/share/man --localstatedir=/var --disable-threads
> --with-openssl=/usr/local/openssl
This is not an accurate/fair test. You're pointing Bind to the OpenSSL
installed under /usr/local/openssl, but you're running the version check
on the OpenSSL installed in /usr/local and /usr.
What do you get when you run "/usr/local/openssl/bin/openssl version"
(which is the OpenSSL executable you're pointing Bind to.)
You could also try to change --with-openssl=/usr/local/openssl to
--with-openssl=/usr or --with-openssl=/usr/local (remember to "make
distclean" between configure command-line changes.)
Regards,
Andy
More information about the bind-users
mailing list