If I had ever needed to use different versions of OpenSSL I would use the ./config --openssldir=/path/to/openssl-ver then for Apache to use that during installation. Example: ./configure --with-ssl=/path/to/openssl-ver --enable-ssl
That will at least verify your using the new patched version. On Mon, Apr 14, 2014 at 5:20 AM, Fedor Indutny <fe...@indutny.com> wrote: > Hello again! > > That depends on your setup. I'd suppose that OpenSSL's default installer > should > create symlinks itself. If it did and they doesn't match the previous > location - you > could try creating a new one: `ln -s /path/to/new/libcrypto.so.1 > /lib64/libcrypt.so.1` > > Cheers, > Fedor. > > > On Mon, Apr 14, 2014 at 3:13 PM, LOKESH JANGIR <lk.jangi...@gmail.com>wrote: > >> Hi Fedor, >> >> Yes i did not move this file out. and i can see the output of ls -la >> /lib64/libcrypt.so.1 >> >> libcrypt.so -> ../../lib64/libcrypt.so.1 >> >> >> I complied openssl and it created this library files, >> engines libcrypto.a libssl.a pkgconfig >> >> So now should i move this libcrypt.a file to /usr/lib64 folder and rename >> this as .so ? >> >> Regards, >> Lokesh Jangir >> >> >> On Mon, Apr 14, 2014 at 4:31 PM, Fedor Indutny <fe...@indutny.com> wrote: >> >>> So, considering that it fails to start now. Could you please verify that >>> `ls -la /lib64/libcrypt.so.1` is still valid? >>> >>> Fedor. >>> >>> >>> On Mon, Apr 14, 2014 at 2:53 PM, LOKESH JANGIR <lk.jangi...@gmail.com>wrote: >>> >>>> Hi Rainer, >>>> >>>> Yes, apache was running with the old library, i have moved this out, >>>> and copied new libssl library from new openssl installation folder. But it >>>> is not working and now i am unable to start apache. >>>> >>>> Now what to do with this ? >>>> >>>> Regards, >>>> Lokesh Jangir >>>> >>>> >>>> On Mon, Apr 14, 2014 at 2:52 PM, Rainer M. Canavan < >>>> rainer.cana...@sevenval.com> wrote: >>>> >>>>> >>>>> On Apr 14, 2014, at 10:17 , LOKESH JANGIR <lk.jangi...@gmail.com> >>>>> wrote: >>>>> >>>>> > Hi Team, >>>>> > >>>>> > I am using Ubuntu, Amazon ami with apache 2.0 and mod_ssl installed. >>>>> I found the same openssl vulnerability issue with my ssl certificate. I >>>>> have installed new openssl bugfixed version 1.0.1g and create csr and key >>>>> file from this. Also i have installed this on the server. I have restarted >>>>> apache service and server many times after installation. >>>>> > >>>>> > But still it is showing my website vulnerable. Can you please guide >>>>> me what am i missing now ? >>>>> >>>>> did you use "apachectl restart", or "apachectl stop" + "apachectl >>>>> start"? If you did >>>>> the former, the process may still be running with the old, deleted >>>>> library. Try >>>>> >>>>> sudo lsof -n | grep libssl | grep DEL >>>>> >>>>> to see if that is still the case. >>>>> >>>>> >>>>> >>>>> rainer______________________________________________________________________ >>>>> OpenSSL Project http://www.openssl.org >>>>> Development Mailing List openssl-dev@openssl.org >>>>> Automated List Manager majord...@openssl.org >>>>> >>>> >>>> >>> >> > -- Jason Gerfen http://github.com/jas- <http://www.github.com/jas-> <http://phpdhcpadmin.sourceforge.net>
