Repairing replaced OpenSSL installation
Solution 1
There has been a bug when using IUS repositories and using it to replace openssl
with openssl10
and then trying to upgrade to CentOS 6.5.
Basically what you have to do is go back to the stock openssl
- which now is anyway on version 1.0.1:
yum replace openssl10 --replace-with openssl
Use of openssl10
is unnecessary now and unsupported.
That is also why it is only available in the archive repo.
For more information see: https://lists.launchpad.net/ius-community/msg00807.html and https://bugs.launchpad.net/ius/+bug/1034961/comments/60
Solution 2
Answer from @faker should be tried first, but if that doesn't work I found the following instructions at rpm.org
If you want to be on the safe side, also download rpms of yum and all it's dependencies
(Replace with the exact one appropriate for your installation)
wget http://mirror.centos.org/centos/6/os/x86_64/Packages/openssl-<version>.rpm
wget http://mirror.centos.org/centos/6/os/x86_64/Packages/openssl-devel-<version>.rpm
rpm -i openssl-*
file /usr/lib64/libcrypto.so.1.0.1e from install of openssl-1.0.1e-16.el6_5.4.x86_64 conflicts with file from package openssl10-libs-1.0.1e-1.ius.el6.x86_64
.... lots more lines
Now take a backup of all those conflicting files in such a way as you can reinstate them to their correct folder if something goes wrong.
Finally, you can take a leap and do:
rpm -iv --replacepkgs --replacefiles openssl-*
If all goes well yum update
should work.
Edit: also erase the packages so that they don't conflict on future updates:
rpm -qa |grep ius
... lists packages
rpm -e openssl10-libs-1.0.1e-1.ius.el6.x86_64
rpm -e openssl10-devel-1.0.1e-1.ius.el6.x86_64
Related videos on Youtube
EoghanM
Updated on September 18, 2022Comments
-
EoghanM over 1 year
I previously replaced openssl on my centos box with openssl10, using something like these instructions:
rpm -Uvh http://dl.iuscommunity.org/pub/ius/stable/CentOS/6/... ...x86_64/ius-release-1.0-11.ius.centos6.noarch.rpm yum install yum-plugin-replace # Edit /etc/yum.repos.d/ius-archive.repo and # enable the ius-archive repo by changing enabled=0 to enabled=1. yum replace openssl --replace-with openssl10
Then when I do a general
yum update
I get errors because of openssl, so instead I do:yum update -x openssl -x postfix
This seems to work fine, but in actual fact, I can no longer reconnect over ssh to the box:
me@local $ ssh -S none root@the_server ssh_exchange_identification: Connection closed by remote host
Any ideas on how to recover from this situation?
Edit: When I run
sshd
on the server (I still have an open connection), I get the following error:ssh: relocation error: ssh: symbol SSLeay_version, version OPENSSL_1.0.1 not defined in file libcrypto.so.10 with link time reference
-
Michael Hampton about 10 yearsDon't try to replace the system OpenSSL. Just don't. You will break practically everything on the system. And I don't recommend the IUS repos either, since they seem to recommend various ways of breaking your system...
-
EoghanM about 10 yearsI agree with that sentiment now! Won't help with this question, but do you know of a better way of getting the latest version of openssl? My motivation was installation of SPDY on nginx.
-
Michael Hampton about 10 yearsI think that you are having an issue related to OpenSSL being upgraded in CentOS 6.5. If this is the case, the solution is here.
-
faker about 10 yearslists.launchpad.net/ius-community/msg00807.html explains how to resolve it and why you shouldn't have to use it anymore.
-
-
EoghanM about 10 yearsThis is likely the right answer, however I'm getting
Error: Trying to remove "yum", which is protected
when I try to run yum replace. -
EoghanM about 10 yearsDependencies are
openssl10 -> python-libs -> pygpgme -> yum
pastebin.com/ymAgZgQP -
Hesham Yassin over 6 yearsSolved in RHEL 7