Dear Thorpe,
it looks like you have now two versions of openssl installed on your
system, since the output "1.0.2k-fips" comes straight from the library.
So, if you see this string, the library is still there.
One can check the version used during linkage via
ldd /usr/local/ns/bin/nsd
When upgrading to OpenSSL 3.*, it is recommended to recompile NaviServer
(make clean, configure ..., make, make install) such that NaviServer can
use
the newer library calls. When the path to the openssl libary is not
specified
explicitly, configure uses "pkg-config --libs openssl" to determine the
path the the library.
all the best
-g
PS Btw, OpenACS.org runs with OpenSSL 3.2.0-dev
On 06.11.22 13:47, THORPE MAYES via naviserver-devel wrote:
Hi,
I updated OpenSSL on my server to version 3.0.7.
Prior to updating, openssl version -a showed:
OpenSSL 1.0.2k-fips 26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int)
idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB
-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT
-m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
-DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/etc/pki/tls"
engines: rdrand dynamic
After updating, openssl version -a showed:
OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
built on: Sat Nov 5 14:56:48 2022 UTC
platform: linux-x86_64
options: bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3
-DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC
-DOPENSSL_BUILDING_OPENSSL -DZLIB -DNDEBUG
OPENSSLDIR: "/etc/ssl"
ENGINESDIR: "/etc/ssl/lib64/engines-3"
MODULESDIR: "/etc/ssl/lib64/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0xfffa3203478bffff:0x7a9
When I restart naviserver I see this in the log file:
Notice: OpenSSL OpenSSL 1.0.2k-fips 26 Jan 2017 initialized
That is the previous version of OpenSSL on the server.
What do I need to change in order for naviserver to use the current
version of OpenSSL? Or, does it matter?
When I updated to naviserver version 4.99.24 my configuration was:
./configure --prefix=/usr/local/ns --with-tcl=/usr/local/ns/lib
--enable-symbols
Thorpe
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
