Hi guys,

Is there a definitive way of finding out the version of OpenSSL used by
httpd, with mod_ssl statically compiled into it.

Thanks!



|---------+----------------------------->
| | Vishal.Bhalla@FT.c|
| | om |
| | Sent by: |
| | owner-modssl-users|
| | @modssl.org |
| | |
| | |
| | 07/06/2007 13:59 |
| | Please respond to |
| | modssl-users |
| | |
|---------+----------------------------->
>------------------------------------------------------------------------------------------------------------------------------|

|< |
| To: modssl-users@modssl.org< |
| cc: modssl-users@modssl.org, owner-modssl-users@modssl.org |
| Subject: Re: OpenSSL verion from mod_ssl statically compiled into httpd? |
>------------------------------------------------------------------------------------------------------------------------------|









Thanks for the reply Zareh, but still no joy :-(

We DO have old libraries on the box, but when compiling apache (after
setting SSL_BASE),
The output does show:
..
..
+ SSL library version: OpenSSL 0.9.8e 23 Feb 2007
..
..
Running a strings on httpd shows:

OpenSSL 0.9.7b 10 Apr 2003
SSLv2 part of OpenSSL 0.9.8e 23 Feb 2007
TLSv1 part of OpenSSL 0.9.8e 23 Feb 2007
OpenSSL 0.9.8e 23 Feb 2007
SSLv3 part of OpenSSL 0.9.8e 23 Feb 2007
Big Number part of OpenSSL 0.9.8e 23 Feb 2007
RSA part of OpenSSL 0.9.8e 23 Feb 2007
Diffie-Hellman part of OpenSSL 0.9.8e 23 Feb 2007
Stack part of OpenSSL 0.9.8e 23 Feb 2007
lhash part of OpenSSL 0.9.8e 23 Feb 2007
EVP part of OpenSSL 0.9.8e 23 Feb 2007
ASN.1 part of OpenSSL 0.9.8e 23 Feb 2007
X.509 part of OpenSSL 0.9.8e 23 Feb 2007
MD2 part of OpenSSL 0.9.8e 23 Feb 2007
MD5 part of OpenSSL 0.9.8e 23 Feb 2007
SHA1 part of OpenSSL 0.9.8e 23 Feb 2007
SHA-256 part of OpenSSL 0.9.8e 23 Feb 2007
SHA-512 part of OpenSSL 0.9.8e 23 Feb 2007
DES part of OpenSSL 0.9.8e 23 Feb 2007
libdes part of OpenSSL 0.9.8e 23 Feb 2007
RC2 part of OpenSSL 0.9.8e 23 Feb 2007
RC4 part of OpenSSL 0.9.8e 23 Feb 2007
IDEA part of OpenSSL 0.9.8e 23 Feb 2007
DSA part of OpenSSL 0.9.8e 23 Feb 2007
ECDSA part of OpenSSL 0.9.8e 23 Feb 2007
ECDH part of OpenSSL 0.9.8e 23 Feb 2007
RAND part of OpenSSL 0.9.8e 23 Feb 2007
PEM part of OpenSSL 0.9.8e 23 Feb 2007
CONF part of OpenSSL 0.9.8e 23 Feb 2007
CONF_def part of OpenSSL 0.9.8e 23 Feb 2007

As you can see from the top line, 0.9.7b is comming in from somewhere!?#@!

Question, is the output of this LogFormat line an accurate reflection of
what version of openssl was compiled into httpd?:

CustomLog /tmp/ssl.log "%{SSL_VERSION_LIBRARY}x
%{SSL_VERSION_INTERFACE}x"

I'll try and move those libs out of the way, and re-compile



|---------+----------------------------->
| | Zareh |
| | | | > |
| | Sent by: |
| | owner-modssl-users|
| | @modssl.org |
| | |
| | |
| | 06/06/2007 06:10 |
| | Please respond to |
| | modssl-users |
| | |
|---------+----------------------------->

>------------------------------------------------------------------------------------------------------------------------------|


|<
|
| To: modssl-users@modssl.org<
|
| cc:
|
| Subject: Re: OpenSSL verion from mod_ssl statically compiled
into httpd? |

>------------------------------------------------------------------------------------------------------------------------------|






Hi Vishal,

I seem to remember running into this a while back, it turned out that I had
old ssl libs in /usr/local/ssl and apache's build scripts were picking them
up. instead of /usr/local/openssl - I can't remember what I did to get them
to compile with the newer openssl libs, but here are a few things you could
try:

1) Set the following in your environment before you build apache/mod_ssl

SSL_BASE=/usr/local/openssl (wherever the libs are you want to compile
against)
export SSL_BASE

2) Find the libs ( find /usr/* -type f -name '*ssl*' ), tar them up and
move them into another directory. Build apache/mod_ssl - then just untar
the old libs back into place.
.... kinda messy though

----- Original Message ----
From: "Vishal.Bhalla@FT.com"
To: modssl-users@modssl.org
Sent: Monday, June 4, 2007 8:52:34 AM
Subject: OpenSSL verion from mod_ssl statically compiled into httpd?





Question: How do I find out the version of openssl used by my httpd that
has mod_ssl statically compiled into it?

"HEAD / HTTP/1.0" shows no mod_ssl info, and the only way in which I can
get anything is to use the following in the Apache conf:

CustomLog /tmp/ssl.log "%{SSL_VERSION_LIBRARY}x %{SSL_VERSION_INTERFACE}x"

Is this accurate, and can it be trusted? I ask because I recompiled
apache/mod_ssl using openssl 0.9.8c and the version the above showed in the
logs was older: 0.9.7b, which isn't installed on the box...?

My LD_LIBRARY path was set to /usr/local/ssl/lib, which contained:

engines/
libcrypto.a
libcrypto.so
libcrypto.so.0.9.8*
libssl.a
libssl.so
libssl.so.0.9.8*
pkgconfig/

It's an old setup that I've inherited from people who have all left now :-(
The source files and the way in which this was compiled have gone.

To be honest, I'm a bit confused as to the whole ssl setup with regards to
solaris <-->apache <--> mod_ssl. I download and compiled openssl 0.9.8e
from source and compiled mod_ssl with ./configure
--with-apache=../apache_1.3.37 --with-ssl=../openssl-0.9.8e

But when apache built, it said that it was using 0.9.8c the one installed
as a pkg on the solaris box. Why would it do that? Anyway, the custom log
shows
the correct mod_ssl version, but an old openssl version.

Any help is much appreciated, thanks in advance guys.

Regards,
Vish.
************************************************** ********************************


This email may contain confidential material. If you were not an intended
recipient, please notify the sender and delete all copies. We may monitor
email to and from our network. For more details see www.FT.com.

The Financial Times Limited, registered in England and Wales number 227590.
Registered office: Number One Southwark Bridge, London SE1 9HL. VAT number
GB 278 5371 21.

F.T. Publications Inc, incorporated in New York, number 13-2545828,
Registered office: 1330 Avenue of the Americas, New York NY 10019, USA.

The Financial Times (HK) Limited, registered in Hong Kong number 108204,
Registered office: Suite 2903-2909, level 29, 2 International Finance
Centre, No.8 Finance Street, Central, Hong Kong.

__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org






__________________________________________________ __________________________________


Moody friends. Drama queens. Your life? Nope! - their life, your story.
Play Sims Stories at Yahoo! Games.
http://sims.yahoo.com/
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org




************************************************** ********************************

This email may contain confidential material. If you were not an
intended recipient, please notify the sender and delete all copies.
We may monitor email to and from our network.

__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org




************************************************** ********************************
This email may contain confidential material. If you were not an
intended recipient, please notify the sender and delete all copies.
We may monitor email to and from our network.

__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org