wiki:openser-tls-fedora-core-5

Working with OpenSER TLS Support on Redhat Fedora Core 5

RedHat? FC5 ships with openssl-0.9.8a, which somehow is not compatible with OpenSER. This small article will give you step by step guide to downgrade OpenSSL to openssl-0.9.7f which works with OpenSER, while trying to maintain compatibility with the rest of FC5 applications that depends on the original openssl-0.9.8a.

Warning (Really, You Should Read This!)

The instructions provided here are simply just my recollection of what I did few minutes ago, and it may not be accurate.

I'm no OpenSSL or OpenSER expert, and what I do here simply is a workaround to make OpenSER works on RedHat? FC5. Messing around with OpenSSL installation on your box is really dangerous, as you may be unable to reconnect to your box with SSH and you may not able to use rpm or even wget since these applications depend on OpenSSL libraries.

Because of this, you really don't want to do this on a production box. Erm actually, you really shouldn't do this to any FC5 boxes at all, unless you are prepared to reinstall your box.

If things screwed up, don't blame me, as you have been warned!

Step by Step

Step by step:

  1. Create a directory for working with this process:
      #> cd /root
      #> mkdir ssl 
      #> cd ssl
    
  2. Make a copy of your existing OpenSSL libraries. This is not just a mere safety precautions, but it's crucial to do since rpm will stop working after openssl is uninstalled:
     #> mkdir bak
     #> cp -a /lib/libssl*  bak/
     #> cp -a /lib/libcrypto*  bak/
    
  3. Download openssl-0.9.7f and openssl-devel-0.9.7f
     #> wget http://www.mirror.ac.uk/mirror/fedora.redhat.com/4/i386/os/Fedora/RPMS/openssl-0.9.7f-7.i386.rpm
     #> wget http://www.mirror.ac.uk/mirror/fedora.redhat.com/4/i386/os/Fedora/RPMS/openssl-devel-0.9.7f-7.i386.rpm
    
  4. Now remove openssl and openssl-devel RPM:
     #> rpm --erase openssl-devel --nodeps
     #> rpm --erase openssl --nodeps
    
  5. By this time, rpm will not work since it depends on openssl. So lets bring it up again:
     #> export LD_LIBRARY_PATH=./bak
    
  6. Verify that openssl has really been cleaned up:
     #> rpm --erase openssl-devel --nodeps
     #> rpm --erase openssl --nodeps
    
  7. Delete SSL left-overs in /lib direcctory:
     #> rm -f /lib/libssl*
     #> rm -f /lib/libcrypto*
    
  8. Install the openssl RPMs that we downloaded earlier:
     #> rpm --install openssl*
    
  9. Re-install libssl.so.6 and libcrypto.so.6 to make existing applications work again:
     #> cp bak/libssl.so.0.9.8a /lib/libssl.so.6
     #> cp bak/libcrypto.so.0.9.8a /lib/libcrypto.so.6
    
  10. Recompile and reinstall OpenSER
  11. Verify that existing applications that depend on OpenSSL still works. For example:
     #> ssh localhost
    
Last modified 18 years ago Last modified on Feb 24, 2007 12:32:14 PM