So, considering that it fails to start now. Could you please verify that `ls -la /lib64/libcrypt.so.1` is still valid?
Fedor. On Mon, Apr 14, 2014 at 2:53 PM, LOKESH JANGIR <lk.jangi...@gmail.com>wrote: > Hi Rainer, > > Yes, apache was running with the old library, i have moved this out, and > copied new libssl library from new openssl installation folder. But it is > not working and now i am unable to start apache. > > Now what to do with this ? > > Regards, > Lokesh Jangir > > > On Mon, Apr 14, 2014 at 2:52 PM, Rainer M. Canavan < > rainer.cana...@sevenval.com> wrote: > >> >> On Apr 14, 2014, at 10:17 , LOKESH JANGIR <lk.jangi...@gmail.com> wrote: >> >> > Hi Team, >> > >> > I am using Ubuntu, Amazon ami with apache 2.0 and mod_ssl installed. I >> found the same openssl vulnerability issue with my ssl certificate. I have >> installed new openssl bugfixed version 1.0.1g and create csr and key file >> from this. Also i have installed this on the server. I have restarted >> apache service and server many times after installation. >> > >> > But still it is showing my website vulnerable. Can you please guide me >> what am i missing now ? >> >> did you use "apachectl restart", or "apachectl stop" + "apachectl start"? >> If you did >> the former, the process may still be running with the old, deleted >> library. Try >> >> sudo lsof -n | grep libssl | grep DEL >> >> to see if that is still the case. >> >> >> >> rainer______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> Development Mailing List openssl-dev@openssl.org >> Automated List Manager majord...@openssl.org >> > >
