Greetings - I don't think this is a bug; just something I don't understand. I'm using RedHat Linux v7.0 with an i686 processor. I've been using openssl v0.9.5a with openssh v2.2.1 I've upgraded to openssl v0.9.6b and openssh v2.9.p2 I've built both packages with the '--prefix=/usr' option. During the openssh 'make install' at 'host-key' I get an error 255 OpenSSL Version mismatch. Built against 90601f, you have 90581f I also get the same error when trying to start the sshd daemon. I've re-installed openssl v0.9.5a and it fixed the problem. Can you tell me what's goin on here? Thanks, Mike. -- Michael Vihel Server Farm Director Paragee Zero Search 109 4th Street, Suite B Eureka, California 95501 707.445.2678 ext. 207 707.445.4655 fax www.paragee.com mvihel at paragee.com
On Wed, Aug 08, 2001 at 03:34:19PM -0700, Mike Vihel wrote:> Greetings - > > I don't think this is a bug; just something I don't understand. > > I'm using RedHat Linux v7.0 with an i686 processor. > > I've been using openssl v0.9.5a with openssh v2.2.1 > > I've upgraded to openssl v0.9.6b and openssh v2.9.p2 > > I've built both packages with the '--prefix=/usr' option. > > During the openssh 'make install' at 'host-key' I get an error 255 > OpenSSL Version mismatch. Built against 90601f, you have 90581f > > I also get the same error when trying to start the sshd daemon. > > I've re-installed openssl v0.9.5a and it fixed the problem. > > Can you tell me what's goin on here?For reasons that you will have to check out yourself, the runtime loader loads the old shared libraries of OpenSSL-0.9.5 (that are still on the system) instead of picking up the new libraries... Probably it is necessary to perform an 'ldconfig' after installing the new openssl-0.9.6b shared libraries. Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
Circa 2001-Aug-08 15:34:19 -0700 dixit Mike Vihel: : Greetings - : : I don't think this is a bug; just something I don't understand. : : I'm using RedHat Linux v7.0 with an i686 processor. : : I've been using openssl v0.9.5a with openssh v2.2.1 : : I've upgraded to openssl v0.9.6b and openssh v2.9.p2 : : I've built both packages with the '--prefix=/usr' option. : : During the openssh 'make install' at 'host-key' I get an error 255 : OpenSSL Version mismatch. Built against 90601f, you have 90581f : : I also get the same error when trying to start the sshd daemon. : : I've re-installed openssl v0.9.5a and it fixed the problem. : : Can you tell me what's goin on here? If you're installing OpenSSL by compiling from source instead of from a pre-built RPM package, then it's very likely that you're not installing everything that Red Hat's OpenSSL RPM package does. In particular, Red Hat's package installs shared libraries, and, by default, OpenSSL-0.9.6b does not. Additionally, gcc on Red Hat Linux is set up to link against a shared library if one exists in preference to a static library. If you're going to install OpenSSL from source, you really should uninstall the existing openssl-devel package before doing so: su rpm -e openssl-devel Also, under package-managed systems such as Red Hat Linux (or Mandrake, SuSE, Connectiva, or Debian) it's recommended to configure packages you install from source with a --prefix of /usr/local or /opt or similar, so that you (or someone else) can tell the software is not installed via the package management system. Otherwise, you end up with a system where 'rpm -q openssl' claims that openssl-0.9.5a is installed, but somehow magically openssl-0.9.6b is what applications get built against.... Of course, it can often be worth the time to roll your own RPM packages of openssl-0.9.6b, using Red Hat's packages as an example. Then you can install them on multiple systems without having to compile each time, and you've got the spec file to document how the package was built and with what options it was configured. -- jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/ (GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 262 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010809/3bf509bb/attachment.bin
i general for openssl, if you are not overly concerned about executable size and code sharing, you should link with it statically when compiling with openssh. This is because other programs may use specific versions of openssl as well, and openssl has had a bad history of having different versions of the library binary compatible with each other. -rchit -----Original Message----- From: Jim Knoble [mailto:jmknoble at pobox.com] Sent: Thursday, August 09, 2001 8:33 AM To: OpenSSH Unix Dev Subject: Re: build problem with 2.9p1 & p2 Circa 2001-Aug-08 15:34:19 -0700 dixit Mike Vihel: : Greetings - : : I don't think this is a bug; just something I don't understand. : : I'm using RedHat Linux v7.0 with an i686 processor. : : I've been using openssl v0.9.5a with openssh v2.2.1 : : I've upgraded to openssl v0.9.6b and openssh v2.9.p2 : : I've built both packages with the '--prefix=/usr' option. : : During the openssh 'make install' at 'host-key' I get an error 255 : OpenSSL Version mismatch. Built against 90601f, you have 90581f : : I also get the same error when trying to start the sshd daemon. : : I've re-installed openssl v0.9.5a and it fixed the problem. : : Can you tell me what's goin on here? If you're installing OpenSSL by compiling from source instead of from a pre-built RPM package, then it's very likely that you're not installing everything that Red Hat's OpenSSL RPM package does. In particular, Red Hat's package installs shared libraries, and, by default, OpenSSL-0.9.6b does not. Additionally, gcc on Red Hat Linux is set up to link against a shared library if one exists in preference to a static library. If you're going to install OpenSSL from source, you really should uninstall the existing openssl-devel package before doing so: su rpm -e openssl-devel Also, under package-managed systems such as Red Hat Linux (or Mandrake, SuSE, Connectiva, or Debian) it's recommended to configure packages you install from source with a --prefix of /usr/local or /opt or similar, so that you (or someone else) can tell the software is not installed via the package management system. Otherwise, you end up with a system where 'rpm -q openssl' claims that openssl-0.9.5a is installed, but somehow magically openssl-0.9.6b is what applications get built against.... Of course, it can often be worth the time to roll your own RPM packages of openssl-0.9.6b, using Red Hat's packages as an example. Then you can install them on multiple systems without having to compile each time, and you've got the spec file to document how the package was built and with what options it was configured. -- jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/ (GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
I meant "incompatible", sorry.. -rchit -----Original Message----- From: Rachit Siamwalla [mailto:rachit at ensim.com] Sent: Friday, August 10, 2001 2:37 PM To: 'Jim Knoble'; OpenSSH Unix Dev Subject: RE: build problem with 2.9p1 & p2 i general for openssl, if you are not overly concerned about executable size and code sharing, you should link with it statically when compiling with openssh. This is because other programs may use specific versions of openssl as well, and openssl has had a bad history of having different versions of the library binary compatible with each other. -rchit -----Original Message----- From: Jim Knoble [mailto:jmknoble at pobox.com] Sent: Thursday, August 09, 2001 8:33 AM To: OpenSSH Unix Dev Subject: Re: build problem with 2.9p1 & p2 Circa 2001-Aug-08 15:34:19 -0700 dixit Mike Vihel: : Greetings - : : I don't think this is a bug; just something I don't understand. : : I'm using RedHat Linux v7.0 with an i686 processor. : : I've been using openssl v0.9.5a with openssh v2.2.1 : : I've upgraded to openssl v0.9.6b and openssh v2.9.p2 : : I've built both packages with the '--prefix=/usr' option. : : During the openssh 'make install' at 'host-key' I get an error 255 : OpenSSL Version mismatch. Built against 90601f, you have 90581f : : I also get the same error when trying to start the sshd daemon. : : I've re-installed openssl v0.9.5a and it fixed the problem. : : Can you tell me what's goin on here? If you're installing OpenSSL by compiling from source instead of from a pre-built RPM package, then it's very likely that you're not installing everything that Red Hat's OpenSSL RPM package does. In particular, Red Hat's package installs shared libraries, and, by default, OpenSSL-0.9.6b does not. Additionally, gcc on Red Hat Linux is set up to link against a shared library if one exists in preference to a static library. If you're going to install OpenSSL from source, you really should uninstall the existing openssl-devel package before doing so: su rpm -e openssl-devel Also, under package-managed systems such as Red Hat Linux (or Mandrake, SuSE, Connectiva, or Debian) it's recommended to configure packages you install from source with a --prefix of /usr/local or /opt or similar, so that you (or someone else) can tell the software is not installed via the package management system. Otherwise, you end up with a system where 'rpm -q openssl' claims that openssl-0.9.5a is installed, but somehow magically openssl-0.9.6b is what applications get built against.... Of course, it can often be worth the time to roll your own RPM packages of openssl-0.9.6b, using Red Hat's packages as an example. Then you can install them on multiple systems without having to compile each time, and you've got the spec file to document how the package was built and with what options it was configured. -- jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/ (GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)