dovecot - Oct 2017 - How to check which version of openssl is getting compiled in into dovecot?

> On Oct 27, 2017, at 12:33 AM, Aki Tuomi <aki.tuomi at dovecot.fi>
wrote:
> 
> 
> 
> On 27.10.2017 00:53, krzf83 at gmail.com wrote:
>> I got multiple versions of openssl in my system. I compile dovecot with
>> PKG_CONFIG_PATH=/usr/openssl-1.0.2l-fpic/lib/pkgconfig ./configure
>> 
>> How do I check which version of openssl got compiled in? configure
>> script does not show version. There seem to be no way to check it in
>> compiled binary (?)
>> 
>> My dovecot is still seen vulnerable by tls testing tools so I'm
>> guessing wrong version of openssl got compiled it but there seem to be
>> no way to check it.
> You can check with ldd /usr/lib/dovecot/imap-login (or libexec)
> 
> Just check which SSL library has been linked to it.
That is not immediately helpful, though.

libssl.so.9 => /usr/local/lib/libssl.so.9 (0x28313000

No version info there?

-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

On 27.10.2017 10:07, @lbutlr wrote:
>
>> On Oct 27, 2017, at 12:33 AM, Aki Tuomi <aki.tuomi at dovecot.fi>
wrote:
>>
>>
>>
>> On 27.10.2017 00:53, krzf83 at gmail.com wrote:
>>> I got multiple versions of openssl in my system. I compile dovecot
with
>>> PKG_CONFIG_PATH=/usr/openssl-1.0.2l-fpic/lib/pkgconfig ./configure
>>>
>>> How do I check which version of openssl got compiled in? configure
>>> script does not show version. There seem to be no way to check it
in
>>> compiled binary (?)
>>>
>>> My dovecot is still seen vulnerable by tls testing tools so I'm
>>> guessing wrong version of openssl got compiled it but there seem to
be
>>> no way to check it.
>> You can check with ldd /usr/lib/dovecot/imap-login (or libexec)
>>
>> Just check which SSL library has been linked to it.
> That is not immediately helpful, though.
>
> libssl.so.9 => /usr/local/lib/libssl.so.9 (0x28313000
>
> No version info there?
>
I was kinda assuming you'd know which library it should link into. But..

$ strings /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 | grep OpenSSL
OpenSSLDie
SSLv3 part of OpenSSL 1.0.1t? 3 May 2016
TLSv1 part of OpenSSL 1.0.1t? 3 May 2016
DTLSv1 part of OpenSSL 1.0.1t? 3 May 2016
OpenSSL 1.0.1t? 3 May 2016

works at least for me. maybe this helps you?

Aki

> On Oct 27, 2017, at 1:09 AM, Aki Tuomi <aki.tuomi at dovecot.fi>
wrote:
> 
> 
> 
> On 27.10.2017 10:07, @lbutlr wrote:
>> 
>>> On Oct 27, 2017, at 12:33 AM, Aki Tuomi <aki.tuomi at
dovecot.fi> wrote:
>>> 
>>> 
>>> 
>>> On 27.10.2017 00:53, krzf83 at gmail.com wrote:
>>>> I got multiple versions of openssl in my system. I compile
dovecot with
>>>> PKG_CONFIG_PATH=/usr/openssl-1.0.2l-fpic/lib/pkgconfig
./configure
>>>> 
>>>> How do I check which version of openssl got compiled in?
configure
>>>> script does not show version. There seem to be no way to check
it in
>>>> compiled binary (?)
>>>> 
>>>> My dovecot is still seen vulnerable by tls testing tools so
I'm
>>>> guessing wrong version of openssl got compiled it but there
seem to be
>>>> no way to check it.
>>> You can check with ldd /usr/lib/dovecot/imap-login (or libexec)
>>> 
>>> Just check which SSL library has been linked to it.
>> That is not immediately helpful, though.
>> 
>> libssl.so.9 => /usr/local/lib/libssl.so.9 (0x28313000
>> 
>> No version info there?
>> 
> I was kinda assuming you'd know which library it should link into.
But..
Sure, but if the OP knew this, wouldn't be asking, right?

-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.