Changes between Initial Version and Version 1 of openser-tls-fedora-core-5


Ignore:
Timestamp:
Feb 24, 2007 12:22:58 PM (15 years ago)
Author:
bennylp
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • openser-tls-fedora-core-5

    v1 v1  
     1= Working with OpenSER TLS Support on Redhat Fedora Core 5 = 
     2 
     3RedHat FC5 ships with '''openssl-0.9.8a''', which somehow is not compatible with OpenSER. This small article will give you step by step guide to downgrade OpenSSL to '''openssl-0.9.7f''' which works with OpenSER, while trying to maintain compatibility with the rest of FC5 applications that depends on the original '''openssl-0.9.8a'''. 
     4 
     5== Warning (Really, You Should Read This!) == 
     6 
     7I'm no OpenSSL or OpenSER expert, and what I do here simply is a workaround to make OpenSER works on RedHat FC5. Messing around with OpenSSL installation on your box is '''really''' dangerous, as you may be unable to reconnect to your box with SSH and you may not able to use '''rpm''' since '''rpm''' depends on OpenSSL libraries. 
     8 
     9Because of this, you really don't want to do this on a production box. 
     10 
     11== Step by Step == 
     12 
     13Step by step: 
     14 1. Create a directory for working with this process: 
     15    {{{ 
     16      #> cd /root 
     17      #> mkdir ssl  
     18      #> cd ssl 
     19    }}} 
     20 1. Make a copy of your existing OpenSSL libraries. This is not just a mere safety precautions, but it's crucial to do since rpm will stop working after openssl is uninstalled: 
     21    {{{ 
     22     #> mkdir bak 
     23     #> cp -a /lib/libssl*  bak/ 
     24     #> cp -a /lib/libcrypto*  bak/ 
     25    }}} 
     26 1. Download openssl-0.9.7 and openssl-devel-0.9.7 
     27    {{{ 
     28     #> wget http://www.mirror.ac.uk/mirror/fedora.redhat.com/4/i386/os/Fedora/RPMS/openssl-0.9.7f-7.i386.rpm 
     29     #> wget http://www.mirror.ac.uk/mirror/fedora.redhat.com/4/i386/os/Fedora/RPMS/openssl-devel-0.9.7f-7.i386.rpm 
     30    }}} 
     31 1. Now remove openssl and openssl-devel RPM: 
     32    {{{ 
     33     #> rpm --erase openssl-devel --nodeps 
     34     #> rpm --erase openssl --nodeps 
     35    }}} 
     36 1. By this time, rpm will not work since it depends on openssl. So lets bring it up again: 
     37    {{{ 
     38     #> export LD_LIBRARY_PATH=./bak 
     39    }}} 
     40 1. Verify that openssl has really been cleaned up: 
     41    {{{ 
     42     #> rpm --erase openssl-devel --nodeps 
     43     #> rpm --erase openssl --nodeps 
     44    }}} 
     45 1. Delete SSL left-overs in {{{/lib}}} direcctory: 
     46    {{{ 
     47     #> rm -f /lib/libssl* 
     48     #> rm -f /lib/libcrypto* 
     49    }}} 
     50 1. Install the openssl RPMs that we downloaded earlier: 
     51    {{{ 
     52     #> rpm --install openssl* 
     53    }}} 
     54 1. Re-install {{{libssl.so.6}}} to make existing applications work again: 
     55    {{{ 
     56     #> cp bak/libssl.so.0.9.8a /lib/libssl.so.6 
     57     #> cp bak/libcrypto.so.0.9.8a /lib/libcrypto.so.6 
     58    }}} 
     59 1. Recompile and reinstall OpenSER 
     60 1. Verify that existing applications that depend on OpenSSL still works. For example: 
     61    {{{ 
     62     #> ssh localhost 
     63    }}}