23 Feb
2010
23 Feb
'10
3:15 a.m.
Some analysis ...
Am 22.02.2010 22:21, schrieb Andrei Pelinescu-Onciul:
Note that another very strange thing is the version
number.
From your log:
INFO: tls [tls_init.c:486]: tls: _init_tls_h: compiled with openssl
version "OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008" (0x0090802f), kerberos
^^^^^^^ ^^^^^^^^^^
0x0090802f means openssl 0.9.8b (release) and not 0.9.8e.
It looks like OPENSSL_VERSION_NUMBER is different from
OPENSSL_VERSION_TEXT in you include/openssl/opensslv.h. Out o curiosity
could you verify that that's the case?
# cat /etc/redhat-release
CentOS release 5.4 (Final)
# rpm -qa|grep ssl
openssl-devel-0.9.8e-12.el5_4.1
openssl-0.9.8e-12.el5_4.1
extract from /usr/include/openssl/opensslv.h:
#define OPENSSL_VERSION_NUMBER 0x0090802fL
#ifdef OPENSSL_FIPS
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008"
#else
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8e-rhel5 01 Jul 2008"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
really strange. I downloaded and extracted RH
openssl-0.9.8e-12.el5_4.1.src.rpm and greped for "OPENSSL_VERSION":
openssl-fips-0.9.8e-abi.patch:-#define OPENSSL_VERSION_NUMBER 0x00908060L
openssl-fips-0.9.8e-abi.patch:+#define OPENSSL_VERSION_NUMBER 0x0090802fL
openssl-fips-0.9.8e-abi.patch:-#define OPENSSL_VERSION_TEXT "OpenSSL
0.9.8f-fips-dev xx XXXX xxxx"
openssl-fips-0.9.8e-abi.patch:+#define OPENSSL_VERSION_TEXT "OpenSSL
0.9.8e-fips-rhel5 01 Jul 2008"
Further the SRPM contains openssl-fips-0.9.8e-usa.tar.bz2 which contains
a opensslv.h with:
#define OPENSSL_VERSION_NUMBER 0x00908060L
#ifdef OPENSSL_FIPS
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8f-fips-dev xx XXXX xxxx"
#else
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8f-dev xx XXXX xxxx"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
Looks like RH is using a 0.9.8f-dev version, which is named 0.9.8e, and
numbered like 0.9.8b - maybe for compatibility reasons with earlier
RHEL5 releases.
regards
klaus