installing OpenSSL 1.1.1 on RedHat 6.x

Viktor Dukhovni openssl-users at dukhovni.org
Thu Jul 8 19:48:55 UTC 2021


On Thu, Jul 08, 2021 at 05:55:42PM +0100, Tim Culhane wrote:

> We have a customer who is running our product on a RedHat 6.x server.
> Our product uses OpenSSL 1.1.1 to handle secure connections.
> 
> Initial testing by the customer is showing segmentation faults in OpenSSL
> during the handshake process.

You can build and bundle your own OpenSSL library (libssl and libcrypto), that is
dynamically linked, has a custom "SONAME", and custom symbol version names.

Such a dynamically linked SSL library can coexist in the same address
space with another (e.g. platform-vendor provided) OpenSSL version,
provided both use symbol versioning.

> I know that RedHat certainly doesn't ship recent versions of OpenSSL  for
> RedHat 6.x.  However it is still possible to install later OpenSSL versions
> to run side-by-side the system installation.
> 
> What I'm wondering is, would there be a  technical reason why OpenSSL 1.1.1
> would not work correctly on a RedHat 6.x system?

There are two potential problems:

    - Symbol name/version collisions.
    - Passing of incompatible SSL contexts/handles created in one
      library to an API linked with another incompatible library.

The second issue is quite rare, but though the first is common, it can
avoided by building the custom non-platform OpenSSL libraries with care.

Look for "shlib_variant" in the Configuration profiles for OpenSSL
1.1.1x.

-- 
    Viktor.


More information about the openssl-users mailing list