[openssl-users] no version information available error

cloud force cloud.force858 at gmail.com
Fri Feb 12 19:44:26 UTC 2016


Thanks Jakob for the detailed info.

On Thu, Feb 11, 2016 at 7:50 AM, Jakob Bohm <jb-openssl at wisemo.com> wrote:

> On 10/02/2016 22:46, cloud force wrote:
>
>> Hi Everyone,
>>
>> I installed the FIPS capable openssl library (which was built by myself)
>> on my Ubuntu linux box.
>>
>> For some reason, I keep running into the following errors whenever I run
>> ssh related command:
>>
>>
>>     ssh: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version
>>     information available (required by ssh)
>>
>>
>> The same error happens when I ran openssl command such as the following:
>>
>> linux-fips at ubuntu:/usr/local/ssl/lib$ openssl ciphers -v | wc -l
>> openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information
>> available (required by openssl)
>> openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information
>> available (required by openssl)
>> openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information
>> available (required by /lib/x86_64-linux-gnu/libssl.so.1.0.0)
>> openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information
>> available (required by /lib/x86_64-linux-gnu/libssl.so.1.0.0)
>>
>> The Debian-family (includes Ubuntu) standard OpenSSL shared
> libraries is built in a special way to include "version tags"
> in the resulting .so files, and all the openssl-needing
> binaries in Debian/Ubuntu/etc. produce the error message
> above if you install copies of those libraries without those
> extra "version tags".
>
> There are two alternative ways to solve this:
>
> A) Build your FIPS-cabable OpenSSL (not the FIPScanister)
>   with all the extra steps and patches in the Ubuntu OpenSSL
>   source package (.dsc etc.), just adding the FIPS canister.
>    Note that some of the patches in the source package are
>   backports of the security fixes included in the latest
>   OpenSSL versions, you'll probably have to figure out the
>   details yourself (unless Kurt Roeckz posts a recipe
>   somewhere).
>
> B) Patch your FIPS-capable OpenSSL makefile (not the
>   FIPScanister makefile) to use a different .so-version, such
>   as .so.1.0.2 .  Then your private openssl build will not be
>   used by the prepackaged software while software explicitly
>   compiled against your locally build OpenSSL will not
>   accidentally pick up the standard non-FIPS OpenSSL.
>
>
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>



-- 
Thanks,
Rich
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160212/8c4d1ad3/attachment.html>


More information about the openssl-users mailing list