HPE Community
Operating System - HP-UX
1831333 Members
3079 Online
110024 Solutions
New Discussion

Re: OPENSSL

 
tballs
Advisor

‎03-03-2010 03:09 PM

‎03-03-2010 03:09 PM

OPENSSL

I upgraded my OPENSSL to 09.081.002. I see the new version using swlist as well as ssh -V. However, when I go into openssl and check the version, it's showing 0.9.7m 23 Feb 2007. Any help in understanding why it's still showing the older version would be greatly appreciated...

# swlist -l product|grep ssl
openssl A.00.09.08l.002 Secure Network Communications Protocol
# ssh -V
OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5, OpenSSL 0.9.8l 5 Nov 2009
HP-UX Secure Shell-A.05.30.008, HP-UX Secure Shell version
# openssl
OpenSSL> version
OpenSSL 0.9.7m 23 Feb 2007
OpenSSL>
0 Kudos
15 REPLIES 15
tballs
Advisor

‎03-03-2010 03:32 PM

‎03-03-2010 03:32 PM

Re: OPENSSL

I just found some info in the WU-FTPD doc that says 0.9.7m is the latest version of openssl. So I guess I'm just getting confused between the "product version" and the "software version"... ?
0 Kudos
Joe Ledesma
Frequent Advisor

‎03-03-2010 03:47 PM

‎03-03-2010 03:47 PM

Re: OPENSSL

The HP Software Depot site for OpenSSL says:

A.00.09.08l.001, A.00.09.08l.002, and A.00.09.08l.003, are based on versions 0.9.7m and 0.9.8l from http://www.openssl.org/. (See table 1 for contents of the depots)

--Since it mentions both upstream versions, maybe part of HP-UX OpenSSL is based on upstream 0.9.7m and part on 0.9.8l ?

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I
0 Kudos
Steven Schweda
Honored Contributor

‎03-03-2010 04:01 PM

‎03-03-2010 04:01 PM

Re: OPENSSL

> [...] when I go into openssl [...]

When you go into _which_ "openssl"? And is
that the newly installed one?
0 Kudos
tballs
Advisor

‎03-03-2010 04:20 PM

‎03-03-2010 04:20 PM

Re: OPENSSL

I only see that I have one openssl installed when I perform the swlist command as shown above.

0 Kudos
Steven Schweda
Honored Contributor

‎03-03-2010 04:33 PM

‎03-03-2010 04:33 PM

Re: OPENSSL

> I only see [...]

You see only what you look for. Look harder?
An "openssl" program could come from many
sources, only some of which are HP depots.

which openssl

ls -l ` which openssl `
0 Kudos
tballs
Advisor

‎03-03-2010 04:42 PM

‎03-03-2010 04:42 PM

Re: OPENSSL

# which openssl
/usr/bin/openssl
# ls -l `which openssl`
lrwxr-xr-x 1 root sys 24 Mar 3 12:14 /usr/bin/openssl -> /opt/openssl/bin/openssl
#
0 Kudos
Steven Schweda
Honored Contributor

‎03-03-2010 06:08 PM

‎03-03-2010 06:08 PM

Re: OPENSSL

It's like pulling teeth...

ls -l /opt/openssl/bin/openssl

> [...] And is
> that the newly installed one?


> I just found some info in the WU-FTPD doc
> that says 0.9.7m is the latest version of
> openssl. [...]

And what has WU-FTPD to do with anything?

According to:
http://openssl.org/

"OpenSSL 0.9.8m is now available"

0.9.8l is relatively recent.


> # ssh -V

Does that tell you what was used to build the
SSH kit, or what you have installed on your
system?


According to:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I

OpenSSL A.00.09.08l.00x would appear to
contain two versions of OpenSSl software,
0.9.7m and 0.9.8l.

find /opt/openssl -name openssl

Around here:

dy # echo version | /opt/openssl/0.9.7/bin/openssl
OpenSSL> OpenSSL 0.9.7m 23 Feb 2007
OpenSSL> dy #

dy # echo version | /opt/openssl/0.9.8/bin/openssl
OpenSSL> OpenSSL 0.9.8l 5 Nov 2009
OpenSSL> dy #


dy # ls -l /opt/openssl/bin
lrwxr-xr-x 1 root sys 9 Mar 3 19:59 /opt/openssl/bin -> 0.9.7/bin

This might explain something.


Almost always useful info, by the way:

uname -a
0 Kudos
Dennis Handly
Acclaimed Contributor

‎03-04-2010 01:37 AM

‎03-04-2010 01:37 AM

Re: OPENSSL

>Steven: ls -l /opt/openssl/bin/openssl

You could always suggest using -L:
# ls -l -L $(whence openssl)
0 Kudos
Steven Schweda
Honored Contributor

‎03-04-2010 05:11 AM

‎03-04-2010 05:11 AM

Re: OPENSSL

> You could always suggest [...]

Before I actually installed the kit, I had no
idea that there'd be a link anywhere.

On the other hand, after I installed the kit,
even some very basic looking around led to
enough information to satisfy me.

Cultivating simple curiosity often pays
valuable dividends.
0 Kudos
tballs
Advisor

‎03-04-2010 07:34 AM

‎03-04-2010 07:34 AM

Re: OPENSSL

> Cultivating simple curiosity [...]

Cultivating simple curiosity in a kind and non-sarcastic manner could pay more valuable dividends in both directions.

Thanks for the information. I found all the links and pointed them to the new software.

Had I been a unix admin or worked with this stuff every day, I probably wouldn't have needed to ask the question.
Thanks again.
0 Kudos
tballs
Advisor

‎03-04-2010 07:36 AM

‎03-04-2010 07:36 AM

Re: OPENSSL

links corrected
0 Kudos
Steven Schweda
Honored Contributor

‎03-04-2010 08:18 AM

‎03-04-2010 08:18 AM

Re: OPENSSL

> Mar 4, 2010 00:01:22 GMT 0 pts
> Mar 4, 2010 00:33:01 GMT 0 pts
> Mar 4, 2010 02:08:20 GMT 0 pts
> Mar 4, 2010 13:11:08 GMT 0 pts

Oh, now my feelings are hurt. (Oops. Am I
being sarcastic?)

> Cultivating simple curiosity in a kind and
> non-sarcastic manner could pay more
> valuable dividends in both directions.

Rewarding useful help (even with these
oh-so-valuable points) might increase the
probability of your getting more useful help
here in the future.

> Had I been a unix admin or worked with this
> stuff every day, I probably wouldn't have
> needed to ask the question.

All the more reason to bite the hand which
feeds you, I'm sure.

> Thanks again.

Yeah, right. Again? When was the first
time?
0 Kudos
tballs
Advisor

‎03-04-2010 09:08 AM

‎03-04-2010 09:08 AM

Re: OPENSSL

> Mar 4, 2010 00:01:22 GMT 0 pts
> Mar 4, 2010 00:33:01 GMT 0 pts
> Mar 4, 2010 02:08:20 GMT 0 pts
> Mar 4, 2010 13:11:08 GMT 0 pts

My initial gut told me to do this. I actually went back and attempted to give you some pts (not sure why, I don't tip waitresses with bad attitudes?), but apparently after you submit the points, it doesn't let you change them. After your last comments, you have confirmed why I wanted to give you no points. Again, "kindness and non-sarcastic pays both ways".

>Thanks for the information. I found all the links and pointed them to the new software.
>Thanks again.
>>Yeah, right. Again? When was the first
time?

Yep, that's "2 Thanks". Whew... I thought I was the one that couldn't count.

Look Steve, I'm not here to banter back and fourth about points or your attitude. But, honestly, if this is the kind of "help" I can expect to get on here, I'll just open up a call with HP. I certainly would rather get assistance in a kind and curtious fashion, than someone trying to belittle me and make me feel stupid for not catching onto suttle hints.

I do appreciate the help, but do not appreciate the way in which you presented it. Have a great day.
0 Kudos
nukemeslow
New Member

‎03-04-2010 09:52 AM

‎03-04-2010 09:52 AM

Re: OPENSSL

Wow Steve,

You see only what you look for. Look harder?
It's like pulling teeth...
And what has WU-FTPD to do with anything?

It's obvious you have experience, but it's also obvious you're a jerk. Do you treat your coworkers like that? Do you know that there's a whole world of IT folks who are exactly NOT like that? Kind of going out your way to be putz, aren't you? I think you really nailed it tballs... Glad I don't have to work with that guy. My eight year old doesn't even give me that kind of attitude!

Larry
0 Kudos
Steven Schweda
Honored Contributor

‎03-04-2010 08:40 PM

‎03-04-2010 08:40 PM

Re: OPENSSL

> Wow Steve, [...]

Jeepers, Larry,

Touchy, are we?

> You see only what you look for. Look harder?

Not doing even a few simple "ls" operations
to try to see what one is running seems to me
to be a bit lax.

> It's like pulling teeth...

Wasn't it? Seemed that way to me.

> And what has WU-FTPD to do with anything?

Seemed to me to be a reasonable question.
Still does, especially considering the
context ("I just found some info") which
provided exactly no info on the actual
source, or its date, or its relevance.

> Do you treat your coworkers like that?

I don't recall having had any particular
problems with them, as they've tended to be
grown-ups who knew how to form a useful
problem report, and do some basic poking
around, and who didn't interpret a simple
request for information as a personal attack.


> Whew... I thought I was the one that
> couldn't count.

I must have been blinded by rage. (Or a
dodgy Web browser.)
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.