Compile opensslß1.1.1k on CentOS8

Hubert Kario hkario at
Tue Jun 8 12:05:18 UTC 2021

On Monday, 7 June 2021 20:26:28 CEST, Lothar Belle wrote:
> Hi,
> recently I compiled openssl-1.1.1k on CentOS-8
> but when I am using I get errors like:
> undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b
> Obviously RedHat added additional features into there own libraries,
> but using the same version/naming.
> See
> I tried also to apply the patches, but they don‘t work with the latest
> source code
> The suggested solution renaming the libraries didn‘t work neither for me.
> But we want to use the latest version, including all security fixes,
> therefore I can‘t use the build-in version.

Please note that packages in RHEL, and thus, later, in CentOS, include
security fixes:
even if their package version is older than the newest upstream release.

But that's not the only reason why those packages have additional patches,
they also have them to better integrate with the rest of the system:
or integrate with features like system-wide crypto policies:
or, as in the case of the openssl-1.1.1-evp-kdf.patch, to provide features
from newer releases (like 3.0.0) in an older ABI release.

So I'd strongly suggest against replacting the .so files of any low-level
library, in any distribution, not just RHEL or CentOS.
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

More information about the openssl-users mailing list