installing OpenSSL 1.1.1 on RedHat 6.x
Jan Just Keijser
janjust at nikhef.nl
Fri Jul 9 07:27:12 UTC 2021
On 08/07/21 18:55, Tim Culhane wrote:
> Hi,
>
> We have a customer who is running our product on a RedHat 6.x server.
> Our product uses OpenSSL 1.1.1 to handle secure connections.
>
> Initial testing by the customer is showing segmentation faults in OpenSSL
> during the handshake process.
>
> We have successfully tested our product on CentOS 7.x servers.
>
> I know that RedHat certainly doesn't ship recent versions of OpenSSL for
> RedHat 6.x. However it is still possible to install later OpenSSL versions
> to run side-by-side the system installation.
>
> What I'm wondering is, would there be a technical reason why OpenSSL 1.1.1
> would not work correctly on a RedHat 6.x system?
>
> For the record the customer has tried with OpenSSL 1.1.1g and 1.1.1k with
> similar results.
Note that RH 6 is out of support and it will be hard to find support for
it anywhere. It uses openssl 1.0.1e by default which is *not* API
compatible with 1.1.1k; please ensure that the RH openssl header files
and development libraries are NOT installed when compiling your
application against 1.1.1k (try removing the RPM openssl-devel).
I compiled and used OpenSSL up to version 1.1.1d on RH 6 without any
issues; I just revived an old VM and built openssl 1.1.1k on it without
problems. However, the command
make test
failed as I am missing certain dependencies.
Without knowing how you build your appilcation it is impossible to tell
where and how it is failing.
A long shot, but one thing to try is to install a newer gcc compiler;
you can find one in the "sclo" repositories, e.g
https://vault.centos.org/6.10/sclo/x86_64/rh/Packages/d/
and install 'devtoolset-9' to get gcc 9 on RH 6. Perhaps a rebuild using
a new compiler fixes the segfaults you are seeing. Most likely,
however, you are mixing headers files from different versions of OpenSSL.
HTH,
JJK
More information about the openssl-users
mailing list