Re: [openssl-users] no version information available error

2016-02-12 Thread cloud force 
Thanks Jakob for the detailed info.

On Thu, Feb 11, 2016 at 7:50 AM, Jakob Bohm  wrote:

> On 10/02/2016 22:46, cloud force wrote:
>
>> Hi Everyone,
>>
>> I installed the FIPS capable openssl library (which was built by myself)
>> on my Ubuntu linux box.
>>
>> For some reason, I keep running into the following errors whenever I run
>> ssh related command:
>>
>>
>> ssh: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version
>> information available (required by ssh)
>>
>>
>> The same error happens when I ran openssl command such as the following:
>>
>> linux-fips@ubuntu:/usr/local/ssl/lib$ openssl ciphers -v | wc -l
>> openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information
>> available (required by openssl)
>> openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information
>> available (required by openssl)
>> openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information
>> available (required by /lib/x86_64-linux-gnu/libssl.so.1.0.0)
>> openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information
>> available (required by /lib/x86_64-linux-gnu/libssl.so.1.0.0)
>>
>> The Debian-family (includes Ubuntu) standard OpenSSL shared
> libraries is built in a special way to include "version tags"
> in the resulting .so files, and all the openssl-needing
> binaries in Debian/Ubuntu/etc. produce the error message
> above if you install copies of those libraries without those
> extra "version tags".
>
> There are two alternative ways to solve this:
>
> A) Build your FIPS-cabable OpenSSL (not the FIPScanister)
>   with all the extra steps and patches in the Ubuntu OpenSSL
>   source package (.dsc etc.), just adding the FIPS canister.
>Note that some of the patches in the source package are
>   backports of the security fixes included in the latest
>   OpenSSL versions, you'll probably have to figure out the
>   details yourself (unless Kurt Roeckz posts a recipe
>   somewhere).
>
> B) Patch your FIPS-capable OpenSSL makefile (not the
>   FIPScanister makefile) to use a different .so-version, such
>   as .so.1.0.2 .  Then your private openssl build will not be
>   used by the prepackaged software while software explicitly
>   compiled against your locally build OpenSSL will not
>   accidentally pick up the standard non-FIPS OpenSSL.
>
>
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>



-- 
Thanks,
Rich
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] no version information available error

2016-02-12 Thread Scott Neugroschl 
OpenSSH does not work with the FIPS mode of OpenSSL.  This has been discussed 
both here and on the OpenSSH list.

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
cloud force
Sent: Friday, February 12, 2016 11:44 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] no version information available error

Thanks Jakob for the detailed info.

On Thu, Feb 11, 2016 at 7:50 AM, Jakob Bohm 
<jb-open...@wisemo.com<mailto:jb-open...@wisemo.com>> wrote:
On 10/02/2016 22:46, cloud force wrote:
Hi Everyone,

I installed the FIPS capable openssl library (which was built by myself) on my 
Ubuntu linux box.

For some reason, I keep running into the following errors whenever I run ssh 
related command:


ssh: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version
information available (required by ssh)


The same error happens when I ran openssl command such as the following:

linux-fips@ubuntu:/usr/local/ssl/lib$ openssl ciphers -v | wc -l
openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information 
available (required by openssl)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information 
available (required by openssl)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information 
available (required by /lib/x86_64-linux-gnu/libssl.so.1.0.0)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information 
available (required by /lib/x86_64-linux-gnu/libssl.so.1.0.0)
The Debian-family (includes Ubuntu) standard OpenSSL shared
libraries is built in a special way to include "version tags"
in the resulting .so files, and all the openssl-needing
binaries in Debian/Ubuntu/etc. produce the error message
above if you install copies of those libraries without those
extra "version tags".

There are two alternative ways to solve this:

A) Build your FIPS-cabable OpenSSL (not the FIPScanister)
  with all the extra steps and patches in the Ubuntu OpenSSL
  source package (.dsc etc.), just adding the FIPS canister.
   Note that some of the patches in the source package are
  backports of the security fixes included in the latest
  OpenSSL versions, you'll probably have to figure out the
  details yourself (unless Kurt Roeckz posts a recipe
  somewhere).

B) Patch your FIPS-capable OpenSSL makefile (not the
  FIPScanister makefile) to use a different .so-version, such
  as .so.1.0.2 .  Then your private openssl build will not be
  used by the prepackaged software while software explicitly
  compiled against your locally build OpenSSL will not
  accidentally pick up the standard non-FIPS OpenSSL.



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 
10<tel:%2B45%2031%2013%2016%2010>
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
Thanks,
Rich

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] no version information available error

2016-02-11 Thread Jakob Bohm 

On 10/02/2016 22:46, cloud force wrote:

Hi Everyone,

I installed the FIPS capable openssl library (which was built by 
myself) on my Ubuntu linux box.


For some reason, I keep running into the following errors whenever I 
run ssh related command:



ssh: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version
information available (required by ssh)


The same error happens when I ran openssl command such as the following:

linux-fips@ubuntu:/usr/local/ssl/lib$ openssl ciphers -v | wc -l
openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version 
information available (required by openssl)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version 
information available (required by openssl)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version 
information available (required by /lib/x86_64-linux-gnu/libssl.so.1.0.0)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version 
information available (required by /lib/x86_64-linux-gnu/libssl.so.1.0.0)



The Debian-family (includes Ubuntu) standard OpenSSL shared
libraries is built in a special way to include "version tags"
in the resulting .so files, and all the openssl-needing
binaries in Debian/Ubuntu/etc. produce the error message
above if you install copies of those libraries without those
extra "version tags".

There are two alternative ways to solve this:

A) Build your FIPS-cabable OpenSSL (not the FIPScanister)
  with all the extra steps and patches in the Ubuntu OpenSSL
  source package (.dsc etc.), just adding the FIPS canister.
   Note that some of the patches in the source package are
  backports of the security fixes included in the latest
  OpenSSL versions, you'll probably have to figure out the
  details yourself (unless Kurt Roeckz posts a recipe
  somewhere).

B) Patch your FIPS-capable OpenSSL makefile (not the
  FIPScanister makefile) to use a different .so-version, such
  as .so.1.0.2 .  Then your private openssl build will not be
  used by the prepackaged software while software explicitly
  compiled against your locally build OpenSSL will not
  accidentally pick up the standard non-FIPS OpenSSL.



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] no version information available error

2016-02-10 Thread cloud force 
Hi Everyone,

I installed the FIPS capable openssl library (which was built by myself) on
my Ubuntu linux box.

For some reason, I keep running into the following errors whenever I run
ssh related command:

ssh: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information
available (required by ssh)

The same error happens when I ran openssl command such as the following:

linux-fips@ubuntu:/usr/local/ssl/lib$ openssl ciphers -v | wc -l
openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information
available (required by openssl)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information
available (required by openssl)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information
available (required by /lib/x86_64-linux-gnu/libssl.so.1.0.0)
openssl: /lib/x86_64-linux-gnu/libcrypto.so.1.0.0: no version information
available (required by /lib/x86_64-linux-gnu/libssl.so.1.0.0)


Not sure what I did wrong as I followed the same steps mentioned in the
OpenSSL FIPS doc to build both FIPS canister.o and openssl lib.

Any suggestion are greatly appreciated.

Thanks,
Rich
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users