On Apr 8, 2014, at 12:34 PM, Paul Heinlein <[email protected]> wrote:
> On Tue, 8 Apr 2014, [email protected] wrote: > >> This might not be enough as there are two versions of openssl installed… One >> in /usr/bin/openssl and one in /usr/local/bin/openssl >> >> Both should be ok. > > Not on 2.1: > > [2.1-RELEASE]/root(9): /usr/local/bin/openssl version > OpenSSL 1.0.1e 11 Feb 2013 > > Worse, that's the version used by OpenVPN and lighttpd: Your use of “worse” here merely pours gasoline on an already burning fire. > [2.1-RELEASE]/root(8): ldd /usr/local/sbin/openvpn > /usr/local/sbin/openvpn: > libssl.so.8 => /usr/local/lib/libssl.so.8 (0x8007e9000) > libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x80094f000) > > [2.1-RELEASE]/root(14): ldd /usr/local/sbin/lighttpd > /usr/local/sbin/lighttpd: > libssl.so.8 => /usr/local/lib/libssl.so.8 (0x8007d3000) > libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x800939000) The situation is no different with pfSense version 2.1.1, even though the ports version of openssl is 1.0.1f. (1.0.1g is required to be clear of the Heartbleed issue.) [2.1.1-RELEASE][[email protected]]/root(3): /usr/local/bin/openssl version OpenSSL 1.0.1f 6 Jan 2014 [2.1.1-RELEASE][[email protected]]/root(4): /usr/bin/openssl version OpenSSL 0.9.8y 5 Feb 2013 [2.1.1-RELEASE][[email protected]]/root(5): [2.1.1-RELEASE][[email protected]]/root(15): ldd /usr/local/sbin/openvpn /usr/local/sbin/openvpn: liblzo2.so.2 => /usr/local/lib/liblzo2.so.2 (0x8006ca000) libssl.so.8 => /usr/local/lib/libssl.so.8 (0x8007e9000) libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x80094f000) libc.so.7 => /lib/libc.so.7 (0x800c22000) libthr.so.3 => /lib/libthr.so.3 (0x800e4f000) [2.1.1-RELEASE][[email protected]]/root(22): ldd /usr/local/sbin/lighttpd /usr/local/sbin/lighttpd: libpcre.so.3 => /usr/local/lib/libpcre.so.3 (0x800670000) libssl.so.8 => /usr/local/lib/libssl.so.8 (0x8007d3000) libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x800939000) libthr.so.3 => /lib/libthr.so.3 (0x800c0c000) libc.so.7 => /lib/libc.so.7 (0x800d25000) As previously mentioned, we’re working on a new release. jim _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
