| | 1 | = Working with OpenSER TLS Support on Redhat Fedora Core 5 = |
| | 2 | |
| | 3 | RedHat FC5 ships with '''openssl-0.9.8a''', which somehow is not compatible with OpenSER. This small article will give you step by step guide to downgrade OpenSSL to '''openssl-0.9.7f''' which works with OpenSER, while trying to maintain compatibility with the rest of FC5 applications that depends on the original '''openssl-0.9.8a'''. |
| | 4 | |
| | 5 | == Warning (Really, You Should Read This!) == |
| | 6 | |
| | 7 | I'm no OpenSSL or OpenSER expert, and what I do here simply is a workaround to make OpenSER works on RedHat FC5. Messing around with OpenSSL installation on your box is '''really''' dangerous, as you may be unable to reconnect to your box with SSH and you may not able to use '''rpm''' since '''rpm''' depends on OpenSSL libraries. |
| | 8 | |
| | 9 | Because of this, you really don't want to do this on a production box. |
| | 10 | |
| | 11 | == Step by Step == |
| | 12 | |
| | 13 | Step by step: |
| | 14 | 1. Create a directory for working with this process: |
| | 15 | {{{ |
| | 16 | #> cd /root |
| | 17 | #> mkdir ssl |
| | 18 | #> cd ssl |
| | 19 | }}} |
| | 20 | 1. Make a copy of your existing OpenSSL libraries. This is not just a mere safety precautions, but it's crucial to do since rpm will stop working after openssl is uninstalled: |
| | 21 | {{{ |
| | 22 | #> mkdir bak |
| | 23 | #> cp -a /lib/libssl* bak/ |
| | 24 | #> cp -a /lib/libcrypto* bak/ |
| | 25 | }}} |
| | 26 | 1. Download openssl-0.9.7 and openssl-devel-0.9.7 |
| | 27 | {{{ |
| | 28 | #> wget http://www.mirror.ac.uk/mirror/fedora.redhat.com/4/i386/os/Fedora/RPMS/openssl-0.9.7f-7.i386.rpm |
| | 29 | #> wget http://www.mirror.ac.uk/mirror/fedora.redhat.com/4/i386/os/Fedora/RPMS/openssl-devel-0.9.7f-7.i386.rpm |
| | 30 | }}} |
| | 31 | 1. Now remove openssl and openssl-devel RPM: |
| | 32 | {{{ |
| | 33 | #> rpm --erase openssl-devel --nodeps |
| | 34 | #> rpm --erase openssl --nodeps |
| | 35 | }}} |
| | 36 | 1. By this time, rpm will not work since it depends on openssl. So lets bring it up again: |
| | 37 | {{{ |
| | 38 | #> export LD_LIBRARY_PATH=./bak |
| | 39 | }}} |
| | 40 | 1. Verify that openssl has really been cleaned up: |
| | 41 | {{{ |
| | 42 | #> rpm --erase openssl-devel --nodeps |
| | 43 | #> rpm --erase openssl --nodeps |
| | 44 | }}} |
| | 45 | 1. Delete SSL left-overs in {{{/lib}}} direcctory: |
| | 46 | {{{ |
| | 47 | #> rm -f /lib/libssl* |
| | 48 | #> rm -f /lib/libcrypto* |
| | 49 | }}} |
| | 50 | 1. Install the openssl RPMs that we downloaded earlier: |
| | 51 | {{{ |
| | 52 | #> rpm --install openssl* |
| | 53 | }}} |
| | 54 | 1. Re-install {{{libssl.so.6}}} to make existing applications work again: |
| | 55 | {{{ |
| | 56 | #> cp bak/libssl.so.0.9.8a /lib/libssl.so.6 |
| | 57 | #> cp bak/libcrypto.so.0.9.8a /lib/libcrypto.so.6 |
| | 58 | }}} |
| | 59 | 1. Recompile and reinstall OpenSER |
| | 60 | 1. Verify that existing applications that depend on OpenSSL still works. For example: |
| | 61 | {{{ |
| | 62 | #> ssh localhost |
| | 63 | }}} |
![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
