[openssl-users] no version information available error

Jakob Bohm jb-openssl at wisemo.com
Thu Feb 11 15:50:39 UTC 2016


On 10/02/2016 22:46, cloud force wrote:
> Hi Everyone,
>
> I installed the FIPS capable openssl library (which was built by 
> myself) on my Ubuntu linux box.
>
> For some reason, I keep running into the following errors whenever I 
> run ssh related command:
>
>
>     ssh: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version
>     information available (required by ssh)
>
>
> The same error happens when I ran openssl command such as the following:
>
> linux-fips at ubuntu:/usr/local/ssl/lib$ openssl ciphers -v | wc -l
> openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version 
> information available (required by openssl)
> openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version 
> information available (required by openssl)
> openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version 
> information available (required by /lib/x86_64-linux-gnu/libssl.so.1.0.0)
> openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version 
> information available (required by /lib/x86_64-linux-gnu/libssl.so.1.0.0)
>
The Debian-family (includes Ubuntu) standard OpenSSL shared
libraries is built in a special way to include "version tags"
in the resulting .so files, and all the openssl-needing
binaries in Debian/Ubuntu/etc. produce the error message
above if you install copies of those libraries without those
extra "version tags".

There are two alternative ways to solve this:

A) Build your FIPS-cabable OpenSSL (not the FIPScanister)
   with all the extra steps and patches in the Ubuntu OpenSSL
   source package (.dsc etc.), just adding the FIPS canister.
    Note that some of the patches in the source package are
   backports of the security fixes included in the latest
   OpenSSL versions, you'll probably have to figure out the
   details yourself (unless Kurt Roeckz posts a recipe
   somewhere).

B) Patch your FIPS-capable OpenSSL makefile (not the
   FIPScanister makefile) to use a different .so-version, such
   as .so.1.0.2 .  Then your private openssl build will not be
   used by the prepackaged software while software explicitly
   compiled against your locally build OpenSSL will not
   accidentally pick up the standard non-FIPS OpenSSL.



Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



More information about the openssl-users mailing list