[openssl-users] Deployment

Kyle Hamilton aerowolf at gmail.com
Mon Jul 16 09:25:47 UTC 2018

Generally, you *really* do not want to replace the vendor-provided
version.  Vendors often alter things to be more compatible with their
ABIs, which are the binary interfaces that other programs use to link
to the vendor-provided libraries.

If you find you actually do want to, it's best to figure out how to
get the source code of the vendor package you currently have
installed, determine what patches were applied by the vendor, then
apply those patches to the newer library version, and rebuild.  If you
have a command that can build a system installation package from
source code and maybe patches that you provide, that would be even
better.  If you can do that, you can then install the new package you
just compiled as an upgrade.

If you can't build a new system package, you have to figure out what
files were installed by the vendor's openssl package, and back them
up.  Then, you need to find the associated versions built by you, and
place them by hand.

And if you can't get the source code to the system version, you're
going to have to wing it.  On a machine that you can make mistakes on
without inconveniencing other users, do the same thing as if you
couldn't build a new system package.  Then, after placing everything,
you would generally (on most Linuxes, depending how recent their ld.so
package is) run 'ldconfig' to rebuild the symbolic links to what they
should be.  But here's the scary part: you then need to shut the
machine down, bring it back up, and attempt to connect to it via ssh
or something.  You will need to test *every* package that you use that
links to openssl,
in case there were any ABI incompatibilities introduced by the vendor.
If there are any problems, you'll need to contact the vendor for an
updated version.  This may require paying additional support fees.

Good luck!

-Kyle H

On Mon, Jul 16, 2018 at 1:36 AM, Dean Warren <Dean.Warren at scisys.co.uk> wrote:
> Built openssl 0.9.8za with no problems on SUSE Linux Enterprise Server.
> Just followed
> https://wiki.openssl.org/index.php/Compilation_and_Installation?
> Works a treat - thanks.
> However on sudo make install the new version doesn’t replace the system
> installed version (obviously this may be different per system).
> How to make sudo make install overwrite my system version?
> Is this a parameter within ./Configure?
> And/or is it also OK to just replace original bins with symbolic links to
> new built openssl binary and library (are there others?)?
> Thanks in advance
> Dean Warren
> Solutions Architect – Space Division
> SCISYS UK Limited
> T:  +44 (0)117 916 5182
> F:  +44 (0)117 916 5299
> E:  dean.warren at scisys.co.uk
> http://www.scisys.co.uk
> SCISYS UK Limited. Registered in England and Wales No. 4373530.
> Registered Office: Methuen Park, Chippenham, Wiltshire SN14 0GB, UK.
> Before printing, please think about the environment.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list