HPE Community
Operating System - HP-UX
1753857 Members
7525 Online
108809 Solutions
New Discussion юеВ

OPENSSL

 
tballs
Advisor

тАО03-03-2010 03:09 PM

тАО03-03-2010 03:09 PM

OPENSSL

I upgraded my OPENSSL to 09.081.002. I see the new version using swlist as well as ssh -V. However, when I go into openssl and check the version, it's showing 0.9.7m 23 Feb 2007. Any help in understanding why it's still showing the older version would be greatly appreciated...

# swlist -l product|grep ssl
openssl A.00.09.08l.002 Secure Network Communications Protocol
# ssh -V
OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5, OpenSSL 0.9.8l 5 Nov 2009
HP-UX Secure Shell-A.05.30.008, HP-UX Secure Shell version
# openssl
OpenSSL> version
OpenSSL 0.9.7m 23 Feb 2007
OpenSSL>
0 Kudos
15 REPLIES 15
tballs
Advisor

тАО03-03-2010 03:32 PM

тАО03-03-2010 03:32 PM

Re: OPENSSL

I just found some info in the WU-FTPD doc that says 0.9.7m is the latest version of openssl. So I guess I'm just getting confused between the "product version" and the "software version"... ?
0 Kudos
Joe Ledesma
Frequent Advisor

тАО03-03-2010 03:47 PM

тАО03-03-2010 03:47 PM

Re: OPENSSL

The HP Software Depot site for OpenSSL says:

A.00.09.08l.001, A.00.09.08l.002, and A.00.09.08l.003, are based on versions 0.9.7m and 0.9.8l from http://www.openssl.org/. (See table 1 for contents of the depots)

--Since it mentions both upstream versions, maybe part of HP-UX OpenSSL is based on upstream 0.9.7m and part on 0.9.8l ?

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I
0 Kudos
Steven Schweda
Honored Contributor

тАО03-03-2010 04:01 PM

тАО03-03-2010 04:01 PM

Re: OPENSSL

> [...] when I go into openssl [...]

When you go into _which_ "openssl"? And is
that the newly installed one?
0 Kudos
tballs
Advisor

тАО03-03-2010 04:20 PM

тАО03-03-2010 04:20 PM

Re: OPENSSL

I only see that I have one openssl installed when I perform the swlist command as shown above.

0 Kudos
Steven Schweda
Honored Contributor

тАО03-03-2010 04:33 PM

тАО03-03-2010 04:33 PM

Re: OPENSSL

> I only see [...]

You see only what you look for. Look harder?
An "openssl" program could come from many
sources, only some of which are HP depots.

which openssl

ls -l ` which openssl `
0 Kudos
tballs
Advisor

тАО03-03-2010 04:42 PM

тАО03-03-2010 04:42 PM

Re: OPENSSL

# which openssl
/usr/bin/openssl
# ls -l `which openssl`
lrwxr-xr-x 1 root sys 24 Mar 3 12:14 /usr/bin/openssl -> /opt/openssl/bin/openssl
#
0 Kudos
Steven Schweda
Honored Contributor

тАО03-03-2010 06:08 PM

тАО03-03-2010 06:08 PM

Re: OPENSSL

It's like pulling teeth...

ls -l /opt/openssl/bin/openssl

> [...] And is
> that the newly installed one?


> I just found some info in the WU-FTPD doc
> that says 0.9.7m is the latest version of
> openssl. [...]

And what has WU-FTPD to do with anything?

According to:
http://openssl.org/

"OpenSSL 0.9.8m is now available"

0.9.8l is relatively recent.


> # ssh -V

Does that tell you what was used to build the
SSH kit, or what you have installed on your
system?


According to:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I

OpenSSL A.00.09.08l.00x would appear to
contain two versions of OpenSSl software,
0.9.7m and 0.9.8l.

find /opt/openssl -name openssl

Around here:

dy # echo version | /opt/openssl/0.9.7/bin/openssl
OpenSSL> OpenSSL 0.9.7m 23 Feb 2007
OpenSSL> dy #

dy # echo version | /opt/openssl/0.9.8/bin/openssl
OpenSSL> OpenSSL 0.9.8l 5 Nov 2009
OpenSSL> dy #


dy # ls -l /opt/openssl/bin
lrwxr-xr-x 1 root sys 9 Mar 3 19:59 /opt/openssl/bin -> 0.9.7/bin

This might explain something.


Almost always useful info, by the way:

uname -a
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО03-04-2010 01:37 AM

тАО03-04-2010 01:37 AM

Re: OPENSSL

>Steven: ls -l /opt/openssl/bin/openssl

You could always suggest using -L:
# ls -l -L $(whence openssl)
0 Kudos
Steven Schweda
Honored Contributor

тАО03-04-2010 05:11 AM

тАО03-04-2010 05:11 AM

Re: OPENSSL

> You could always suggest [...]

Before I actually installed the kit, I had no
idea that there'd be a link anywhere.

On the other hand, after I installed the kit,
even some very basic looking around led to
enough information to satisfy me.

Cultivating simple curiosity often pays
valuable dividends.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.