Openssl 3.0.7 in Centos 7.9

Shawn Heisey openssl at elyograg.org
Sat Dec 17 22:43:20 UTC 2022 

On 12/16/22 08:11, Ariel R. wrote:
> ln -s /usr/local/lib64/libssl.so.3 /usr/lib64/libssl.so.3
> ln -s /usr/local/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3

<snip>

> *#About the problem*
> 
> In the console, if I run “openssl version“, I can see the version 
> installed is indeed 3.0.7, which is ok.
> 
> The problem is that Apache is still referencing the old version:
> 
> Server Version: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s

The symlinks you created put copies of the openssl 3 libraries into the 
general OS library path.

Apache wasn't compiled against openssl 3, though ... so it is going to 
be looking for a very different library files.

This is a generic CentOS 7 install on a VM:

[sheisey at centos7 ~]$ locate libssl
/usr/lib64/.libssl.so.1.0.2k.hmac
/usr/lib64/.libssl.so.10.hmac
/usr/lib64/libssl.so.1.0.2k
/usr/lib64/libssl.so.10
/usr/lib64/libssl3.so
[sheisey at centos7 ~]$ cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)

The library filenames for the system openssl are very different than the 
library filenames for the 3.0.7 version you installed.

I don't think you can replace the system's 1.1.1s libraries with the 
3.0.7 version, I expect that would break things.  You will probably need 
to compile Apache yourself and have it use the openssl that you 
installed into /usr/local.

I installed mod_ssl on that vm and checked what library files it is 
looking for:

[sheisey at centos7 ~]$ ldd /usr/lib64/httpd/modules/mod_ssl.so
	linux-vdso.so.1 =>  (0x00007ffd0bda5000)
	libssl.so.10 => /lib64/libssl.so.10 (0x00007f309ddd7000)
	libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f309d974000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f309d758000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007f309d554000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f309d186000)
	libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f309cf39000)
	libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f309cc50000)
	libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f309ca4c000)
	libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f309c819000)
	libz.so.1 => /lib64/libz.so.1 (0x00007f309c603000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f309e280000)
	libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f309c3f3000)
	libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f309c1ef000)
	libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f309bfd5000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f309bdae000)
	libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f309bb4c000)

The openssl library filenames that it is looking for are libssl.so.10 
and libcrypto.so.10, so it would not pick up the openssl version 3 symlinks.

I'm curious how you ended up with 1.1.1s on CentOS 7.  My VM is up to 
date and it has 1.0.2k.

Thanks,
Shawn

More information about the openssl-users mailing list