>> You can check with ldd /usr/lib/dovecot/imap-login (or libexec) No, I cant because I'm compiling dovecot with openssl compiled as FPIC which means that its not getting dynamicly linked.
When I try to compile against non-fpic openssl I just got /usr/openssl-1.0.2l/lib/libssl.a(s23_srvr.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC 2017-10-27 8:33 GMT+02:00 Aki Tuomi <aki.tu...@dovecot.fi>: > > > On 27.10.2017 00:53, krz...@gmail.com wrote: >> I got multiple versions of openssl in my system. I compile dovecot with >> PKG_CONFIG_PATH=/usr/openssl-1.0.2l-fpic/lib/pkgconfig ./configure >> >> How do I check which version of openssl got compiled in? configure >> script does not show version. There seem to be no way to check it in >> compiled binary (?) >> >> My dovecot is still seen vulnerable by tls testing tools so I'm >> guessing wrong version of openssl got compiled it but there seem to be >> no way to check it. > You can check with ldd /usr/lib/dovecot/imap-login (or libexec) > > Just check which SSL library has been linked to it. > > Aki