[openssl-users] database openssl

Richard Levitte levitte at openssl.org
Sat Jun 2 06:53:17 UTC 2018 

In message <320E1FC3-AA47-456B-9C1B-9930992C9B40 at tiscali.it> on Sat, 2 Jun 2018 07:39:35 +0200, "sampei02 at tiscali.it" <sampei02 at tiscali.it> said:

sampei02> I think It’s installed 2 version OpenSSL; the former by rpm package while the latter by source tar infact I see following files into /usr/local/openssl-0.9.7e :
sampei02> 
sampei02> drwxr-xr-x  21 root root   4096 Feb  4  2005 .
sampei02> drwxr-xr-x  19 root root   4096 Jan 20  2011 ..
sampei02> drwxr-xr-x   4 root root   4096 May 31 11:51 apps
sampei02> drwxr-xr-x   2 root root   4096 Oct 25  2004 bugs
sampei02> drwxr-xr-x   3 root root   4096 Oct 25  2004 certs
sampei02> -rw-rw-r--   1 root root 287307 Oct 25  2004 CHANGES
sampei02> -rw-rw-r--   1 root root  42751 Dec 23  1998 CHANGES.SSLeay
...

This is not an *installation* per se, it's a source tree.  As far as I
can see from your listing, that's all it is, it hasn't even been built
(or you would see a libcrypto.a and a libssl.a)

In all likelyhood, you can ignore this directory tree, entirely.

sampei02> Here my cnf files list :
sampei02> 
sampei02> /usr/local/openssl-0.9.7e/apps/oid.cnf
sampei02> /usr/local/openssl-0.9.7e/apps/openssl.cnf
sampei02> /usr/local/openssl-0.9.7e/apps/openssl-vms.cnf
sampei02> /usr/local/openssl-0.9.7e/crypto/conf/ssleay.cnf
sampei02> /usr/local/openssl-0.9.7e/test/CAss.cnf
sampei02> /usr/local/openssl-0.9.7e/test/CAssdh.cnf
sampei02> /usr/local/openssl-0.9.7e/test/CAssdsa.cnf
sampei02> /usr/local/openssl-0.9.7e/test/CAssrsa.cnf
sampei02> /usr/local/openssl-0.9.7e/test/Sssdsa.cnf
sampei02> /usr/local/openssl-0.9.7e/test/Sssrsa.cnf
sampei02> /usr/local/openssl-0.9.7e/test/test.cnf
sampei02> /usr/local/openssl-0.9.7e/test/Uss.cnf

The above are standard distribution configuration files, most of them
used for testing.  Unless you can see that they are modified
(i.e. have been updated after Feb 4 2005, which is when
/usr/local/openssl-0.9.7e was created), you can ignore them.

sampei02> /usr/share/ssl/openssl.cnf

This one is part of your installation and is the most likely to
represent your database.

You might want to look if you have a index.txt somewhere within
/usr/share/ssl.  That's the index file for your cert database.  If you
don't have one, or if it's empty (it's a text file, you can display
it), then you have no database on that machine.

Cheers,
Richard

sampei02> 
sampei02> thanks
sampei02> 
sampei02> 
sampei02> 
sampei02> 
sampei02> 
sampei02> > On 31 May 2018, at 17:40, Jan Just Keijser <janjust at nikhef.nl> wrote:
sampei02> > 
sampei02> > Hi,
sampei02> > 
sampei02> > On 31/05/18 13:23, Sampei wrote:
sampei02> >> Oh, It's a good starter point.
sampei02> >> Openssl, installed in old server, is 0.9.7e version.
sampei02> > smells like RHEL 3 ?!?!?!?
sampei02> >> Openssl, installed in new server, is -0.9.8e verson.
sampei02> > smells like RHEL 5, which is out of support; you should upgrade to RHEL or CentOS 6 (which lasts until 2020) or preferably 7
sampei02> >> In old server I searched .cnf files and I found several files which are /usr/local/openssl-0.9.7e/xxx/yyyyy.cnf
sampei02> >> where
sampei02> >> xxx= is directory,
sampei02> >> yyyy = name of .cnf file
sampei02> >> I queried to /var/cache/yum/updates-released/packages/openssl-0.9.7a-33.10.i686.rpm in old server, I got:
sampei02> >> /lib/libcrypto.so.0.9.7a
sampei02> >> /lib/libssl.so.0.9.7a
sampei02> >> /usr/bin/openssl
sampei02> >> /usr/share/doc/openssl-0.9.7a
sampei02> >> /usr/share/doc/openssl-0.9.7a/CHANGES
sampei02> >> /usr/share/doc/openssl-0.9.7a/FAQ
sampei02> >> /usr/share/doc/openssl-0.9.7a/INSTALL
sampei02> >> /usr/share/doc/openssl-0.9.7a/LICENSE
sampei02> >> /usr/share/doc/openssl-0.9.7a/NEWS
sampei02> >> /usr/share/doc/openssl-0.9.7a/README
sampei02> >> /usr/share/doc/openssl-0.9.7a/c-indentation.el
sampei02> >> /usr/share/doc/openssl-0.9.7a/openssl.txt
sampei02> >> /usr/share/doc/openssl-0.9.7a/openssl_button.gif
sampei02> >> /usr/share/doc/openssl-0.9.7a/openssl_button.html
sampei02> >> /usr/share/doc/openssl-0.9.7a/ssleay.txt
sampei02> >> /usr/share/man/man1/asn1parse.1ssl.gz
sampei02> >> /usr/share/man/man1/ca.1ssl.gz
sampei02> >> /usr/share/man/man1/ciphers.1ssl.gz
sampei02> >> /usr/share/man/man1/crl.1ssl.gz
sampei02> >> /usr/share/man/man1/crl2pkcs7.1ssl.gz
sampei02> >> /usr/share/man/man1/dgst.1ssl.gz
sampei02> >> /usr/share/man/man1/dhparam.1ssl.gz
sampei02> >> /usr/share/man/man1/dsa.1ssl.gz
sampei02> >> /usr/share/man/man1/dsaparam.1ssl.gz
sampei02> >> /usr/share/man/man1/enc.1ssl.gz
sampei02> >> /usr/share/man/man1/gendsa.1ssl.gz
sampei02> >> /usr/share/man/man1/genrsa.1ssl.gz
sampei02> >> /usr/share/man/man1/md2.1ssl.gz
sampei02> >> /usr/share/man/man1/md4.1ssl.gz
sampei02> >> /usr/share/man/man1/md5.1ssl.gz
sampei02> >> /usr/share/man/man1/mdc2.1ssl.gz
sampei02> >> /usr/share/man/man1/nseq.1ssl.gz
sampei02> >> /usr/share/man/man1/ocsp.1ssl.gz
sampei02> >> /usr/share/man/man1/openssl.1ssl.gz
sampei02> >> /usr/share/man/man1/pkcs12.1ssl.gz
sampei02> >> /usr/share/man/man1/pkcs7.1ssl.gz
sampei02> >> /usr/share/man/man1/pkcs8.1ssl.gz
sampei02> >> /usr/share/man/man1/req.1ssl.gz
sampei02> >> /usr/share/man/man1/ripemd160.1ssl.gz
sampei02> >> /usr/share/man/man1/rsa.1ssl.gz
sampei02> >> /usr/share/man/man1/rsautl.1ssl.gz
sampei02> >> /usr/share/man/man1/s_client.1ssl.gz
sampei02> >> /usr/share/man/man1/s_server.1ssl.gz
sampei02> >> /usr/share/man/man1/sess_id.1ssl.gz
sampei02> >> /usr/share/man/man1/sha.1ssl.gz
sampei02> >> /usr/share/man/man1/sha1.1ssl.gz
sampei02> >> /usr/share/man/man1/smime.1ssl.gz
sampei02> >> /usr/share/man/man1/speed.1ssl.gz
sampei02> >> /usr/share/man/man1/spkac.1ssl.gz
sampei02> >> /usr/share/man/man1/sslpasswd.1ssl.gz
sampei02> >> /usr/share/man/man1/sslrand.1ssl.gz
sampei02> >> /usr/share/man/man1/verify.1ssl.gz
sampei02> >> /usr/share/man/man1/version.1ssl.gz
sampei02> >> /usr/share/man/man1/x509.1ssl.gz
sampei02> >> /usr/share/man/man5/config.5ssl.gz
sampei02> >> /usr/share/man/man7/DES.7ssl.gz
sampei02> >> /usr/share/man/man7/Modes.7ssl.gz
sampei02> >> /usr/share/man/man7/des_modes.7ssl.gz
sampei02> >> /usr/share/man/man7/of.7ssl.gz
sampei02> > 
sampei02> > ******
sampei02> >> /usr/share/ssl
sampei02> >> /usr/share/ssl/CA
sampei02> >> /usr/share/ssl/CA/private
sampei02> >> /usr/share/ssl/cert.pem
sampei02> >> /usr/share/ssl/certs
sampei02> >> /usr/share/ssl/certs/Makefile
sampei02> >> /usr/share/ssl/certs/ca-bundle.crt
sampei02> >> /usr/share/ssl/certs/make-dummy-cert
sampei02> >> /usr/share/ssl/lib
sampei02> >> /usr/share/ssl/misc
sampei02> >> /usr/share/ssl/misc/CA
sampei02> >> /usr/share/ssl/misc/c_hash
sampei02> >> /usr/share/ssl/misc/c_info
sampei02> >> /usr/share/ssl/misc/c_issuer
sampei02> >> /usr/share/ssl/misc/c_name
sampei02> >> /usr/share/ssl/openssl.cnf
sampei02> >> /usr/share/ssl/private
sampei02> > *******
sampei02> > that's the location to look for the openssl.cnf file and thus the old files; simply do a
sampei02> >   find /usr/share/ssl -mtime -200
sampei02> > to find any recent files - that should point you in the right direction.
sampei02> > 
sampei02> > 
sampei02> > HTH,
sampei02> > 
sampei02> > JJK
sampei02> > 
sampei02> 
sampei02>

More information about the openssl-users mailing list