OpenSSL 0.9.7i

Justec · February 9, 2006, 3:43pm

Just wondering why YUM hasn’t updated to this latest version of OpenSSL.

I ran RKhunter and thats how I found it wasn’t the latest version. I believe i have the 0.9.7a version. Is this correct as per the Iworx YUM config or should it have updated?

http://www.openssl.org/

system · February 10, 2006, 8:01am

It all depends on what OS your using.

Correct me if I am wrong, but that is something the OS development team takes care of, not interworx.

Thanks,
Clint

system · February 10, 2006, 12:07pm

That’s corect

[root@iworx home]# rpm -qa | grep ssl
docbook-style-dsssl-1.78-4
mod_ssl-2.0.54-100.rhe4x.iworx
xmlsec1-openssl-1.2.6-3
openssl096b-0.9.6b-22.42
openssl-devel-0.9.7a-43.4
openssl-0.9.7a-43.4
[root@iworx home]#

Our staff are only responsible for rpm’s ending with .iworx

Justec · February 11, 2006, 1:27am

So the “OS” updates are handing through the default YUM lookup and not on Iworx servers?

In my case CentOS 4.2 YUM doesn’t include the latest OpenSSL?

Would it be a bad idea to upgrade it manually?

This is what my yum.conf looks like, I only see Iworx stuff in there? Also, I dont really understand that warning except for the fact that my kernel will never update by itself.


[root@server1 ~]# vi /etc/yum.conf
## +----------------------------------------------------------------------+
## | NEXCESS.NET InterWorx                                                |
## +----------------------------------------------------------------------+
## | This is the official yum.conf for InterWorx enabled servers.         |
## | Distro: RedHat Enterprise                                            |
## +----------------------------------------------------------------------+
## | Authors: Chris Wells <clwells@nexcess.net>                           |
## |          Paul Oehler <poehler@nexcess.net>                           |
## |          John Lim    <jelim@nexcess.net>                             |
## |          Socheat Sou <socheat@nexcess.net>                           |
## +----------------------------------------------------------------------+
##

[main]
# WARNING!  The kernel is excluded from the update list because this system
# contains the nvnet driver.  If you wish to update your kernel to a new
# version, you MUST rebuild the nvnet driver against the new kernel BEFORE
# rebooting or you will lose access to your system!
exclude=kernel-*
cachedir=/var/cache/yum
debuglevel=2
logfile=/var/log/yum.log
pkgpolicy=newest
distroverpkg=redhat-release
tolerant=1
exactarch=0
retries=1
exclude=

[interworx-cp-noarch]
name=InterWorx-CP - Generic
baseurl=http://updates.interworx.info/iworx/RPMS/noarch
#gpgcheck=1

[interworx-cp-rhe4x]
name=InterWorx-CP - RedHat Enterprise $releasever
baseurl=http://updates.interworx.info/iworx/RPMS/rhe4x/$basearch
#gpgcheck=1

#[dag]
#name=DAG - RedHat Enterprise $releasever
#baseurl=http://updates.interworx.info/dag/redhat/el4/en/$basearch/dag
#gpgcheck=1

system · February 12, 2006, 10:34am

I see you are running Red Hat Enterprise Linux. Due to licenseing restrictions we are not allowed to offer those rpm’s via yum. You will need to log into your box and run up2date to update RedHat’s RPM’s. up2date makes you log in (all ev1 boxex have access – but you need to give an email and pass the first time) so they can control who has access to them.

I’ve never upgraded openssl so I don’t know but if you are going to do it I’d suggest doing it via remote console since you don’t want to risk loosing your ssh connection.

If all of this is too big of a hassle for you, you may want to CONSIDER upgrading RHEL 4.2 to CENTOS 4.2 (whose rpm’s are freely available via yum), but that’s not something we can support – if you mess something up you need to fix it yourself or pay someone to do it.

I did this myself almost two weeks ago – an easy process with zero problems, though.

EDIT: Just reread the thread – can you clairify are you using CentOS or Red Hat Enterprise? the yum.conf you have appears to be for Red Hat Enterprise
EDIT2: Never mind, I guess that’s what it’s suppoised to say.

Justec · February 12, 2006, 1:30pm

Tim,

Yeah, Im using CentOS 4.2 x64.

I did find another YUM config file which updates of my hosting providers servers. My guess is the offical CentOS is still set to use this outdate openssl. I dont know if it is bad to manually upgrade something on a distro that doesn’t offically support it.

So thats my question now, you think its a good idea to do a manual upgrade of openSSL or just leave it as is until its offically supported by CentOS?

system · February 12, 2006, 2:11pm

Speaking for myself I would wait, unless you have access to remote console. I’m personally not comfortable upgrading the software that runs the server side of my connection to the server while that softwre is being used for said connection (say that time 5 times fast )