openssl with version information under sles11sp1

Posted on Tue 29 March 2011 in Linux • 2 min read

If you getting errors like this one

$ /path/to/program
/usr/lib/libcrypto.so.0.9.8: no version information available

you need a libcrypto.so and a libssl.so with version information.

Here are some information about the problem.

openssl has evolved to a very important library in Linux distribution. A
lot of cryptographic applications link to it including system libraries
like pam modules and apache modules. Now it becomes more and more
difficult to get all the binaries and libraries to link to the same
version of openssl. This leads to situations where an application uses
some libraries where on links to openssl 0.9.7 and another one to
version 0.9.8. Since the symbols of the libraries are not yet versioned
this leads to severe segfaults.

Install source package from the repository

$ zypper in -t srcpackages openssl

Create patches
/usr/src/packages/SOURCES/openssl-version-patch.patch

diff -Naur openssl-0.9.8h/Configure openssl-0.9.8h-new/Configure
--- openssl-0.9.8h/Configure    2008-05-02 01:11:30.000000000 +0200
+++ openssl-0.9.8h-new/Configure    2011-02-22 15:30:05.000000000 +0100
@@ -1327,6 +1327,8 @@
    $shlib_minor=$2;
    }

+$shared_ldflag .= " -Wl,--version-script=openssl.ld";
+
 open(IN,'$Makefile.new") || die "unable to create $Makefile.new:$!\n";
diff -Naur openssl-0.9.8h/engines/openssl.ld openssl-0.9.8h-new/engines/openssl.ld
--- openssl-0.9.8h/engines/openssl.ld   1970-01-01 01:00:00.000000000 +0100
+++ openssl-0.9.8h-new/engines/openssl.ld   2011-02-22 15:31:41.000000000 +0100
@@ -0,0 +1,4 @@
+OPENSSL_0.9.8 {
+    global:
+       *;
+};
diff -Naur openssl-0.9.8h/Makefile openssl-0.9.8h-new/Makefile
--- openssl-0.9.8h/Makefile 2008-05-28 10:48:27.000000000 +0200
+++ openssl-0.9.8h-new/Makefile 2011-02-22 15:30:59.000000000 +0100
@@ -140,9 +140,9 @@
 LIBS=   libcrypto.a libssl.a
 SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
 SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=
-SHARED_LDFLAGS=
+SHARED_LIBS=$(SHARED_FIPS) $(SHARED_CRYPTO) $(SHARED_SSL)
+SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so
+SHARED_LDFLAGS=-m64 -Wl,--version-script=openssl.ld

 GENERAL=        Makefile
 BASENAME=       openssl
diff -Naur openssl-0.9.8h/openssl.ld openssl-0.9.8h-new/openssl.ld
--- openssl-0.9.8h/openssl.ld   1970-01-01 01:00:00.000000000 +0100
+++ openssl-0.9.8h-new/openssl.ld   2011-02-22 15:31:48.000000000 +0100
@@ -0,0 +1,4 @@
+OPENSSL_0.9.8 {
+    global:
+       *;
+};

/usr/src/packages/SPECS/openssl.spec.patch

--- openssl.spec   2011-02-22 17:00:26.000000000 +0100
+++ openssl-new.spec    2011-02-22 16:59:58.000000000 +0100
@@ -32,7 +32,7 @@
 %endif
 #
 Version:        0.9.8h
-Release:        30.30.1
+Release:        30.30.1.custom
 Summary:        Secure Sockets and Transport Layer Security
 Url:            http://www.openssl.org/
 Source:         http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
@@ -67,6 +67,7 @@
 Patch26:        bug608666.patch
 Patch27:        CVE-2010-3864.patch
 Patch28:        CVE-2010-4180.patch
+Patch29:   openssl-version-patch.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@@ -222,6 +223,7 @@
 %patch26 -p1
 %patch27 -p1
 %patch28 -p1
+%patch29 -p1
 cp -p %{S:10} .
 # lib64 installation fixes
 for i in Makefile.org engines/Makefile; do
@@ -433,6 +435,8 @@
 %{_bindir}/%{name}

 %changelog
+* Tue Feb 22 2011 rmichel@devnu11.net
+- added for rsa usage the version information.
 * Tue Dec  7 2010 gjhe@novell.com
 - fix bug [bnc#657663]
   CVE-2010-4180

Patch the spec file

$ cd /usr/src/packages/SPEC/
$ patch -i openssl.spec.patch
patching file openssl.spec

Build the new rpm packages

$ rpmbuild -bb /usr/src/packages/SPECS/openssl.spec