| View previous topic :: View next topic | 
	
	
		| Author | Message | 
	
		| Lars Senior Member
 
 
 Joined: 25 Oct 2010
 Posts: 136
 
 
 | 
			
				|  Posted: Sun Aug 31, 2014 10:09 pm    Post subject: Suggestion: Close this thread |   |  
				| 
 |  
				| Hi again! 
 Perhaps it's time to finalize and close this thread now.
 
 As you could see above the symlinks virtually seemed to solve most of the problems. At least when it came to boot messages.
 The only two remaining were
 OpenSSL mismatch...
 Starting Dovecotconf:....
 But when I looked into it more carefully i saw that only ftp and ftps (vsftpd) were running.
 http, https (httpd) and ssh (sshd) were down, but without boot error msgs or warnings.
 And, of course Dovecot, as warned.
 
 Perhaps I would have been able to solve those later?
 
 But Worse: tor crashed! ..and logged:
 
  	  | Code: |  	  | Aug 31 17:34:53.000 [warn] OpenSSL version from headers does not match the version we're running with. If you get weird crashes, that might be why. (Compiled with 9080ef: OpenSSL 0.9.8r 8 Feb 2011; running with 1000103f: OpenSSL 1.0.1h 5 Jun 2014). ....
 Aug 31 17:35:11.000 [err] tor_tls_get_tlssecrets(): Bug: src/common/tortls.c:2763: tor_tls_get_tlssecrets: Assertion tls->ssl->session failed; aborting.
 | 
 
 Perhaps this in somehow is related to what you described about "...this is due to 0.9.8za though included in openssl package. rather than 1.0.1h..."
 
 And Tor was the only reason for my trying to upgrade OpenSSL. I now have come to a point giving up this tor-openssl problem and stick with what I've got. -I'm only glad that I didn't try this in my real server!
 
 I finally must express my great gratitude for the ova-"sandbox" you provided me with! It prevented destroying my real server!
   
 Best regards!
 
 Lars
 |  | 
	
		| Back to top |  | 
	
		| Lars Senior Member
 
 
 Joined: 25 Oct 2010
 Posts: 136
 
 
 | 
			
				|  Posted: Sun Aug 31, 2014 10:20 pm    Post subject: |   |  
				| 
 |  
				| gerasimos, I didn't notice you were writing simultaneously  , 
 Some is explained in my post after yours, but to anwer your questions
 
  	  | Quote: |  	  | and openssl-solibs... Did you upgrade packages or install over...?
 
 Dovecot is missing /etc/ssh/certs/dovecot.pem, just create a dovecot.pem that's a .cert and a .key usually...
 If you install sms-scripts which includes "smsconfig" you can create a new one with "smsconfig cert create".
 
 Now where did you get the "OpenSSL mismatch. Built against 9080ef, you have 1000103f" ?
 | 
 
 I didn't upgrade openssl-solibs, was uncertain of version (what you earlier described)
 I upgraded.
 About the mismatch I didn't know when I wrote, but as you can see in my previous post it came from tor.
 
 Lars
 |  | 
	
		| Back to top |  | 
	
		| gerasimos_h Site Admin
 
 
 Joined: 09 Aug 2007
 Posts: 1757
 Location: Greece
 
 | 
			
				|  Posted: Sun Aug 31, 2014 10:28 pm    Post subject: |   |  
				| 
 |  
				| Didn't notice your message either... 
 As far as I remember tor was built from source, so if I remember correct you need to re-built it with new openssl...
 
 You can try to install "installpkg" openssl and openssl-solibs again...
 All the services you mentioned use the 0.9.8 libs...
 
 You can also try to upgrade your current packages with 1.0.1i from SMS-Current too in you ova...
 
 gerasimos_h
 _________________
 Superb! Mini Server Project Manager
 http://sms.it-ccs.com
 |  | 
	
		| Back to top |  | 
	
		| Lars Senior Member
 
 
 Joined: 25 Oct 2010
 Posts: 136
 
 
 | 
			
				|  Posted: Sun Aug 31, 2014 10:38 pm    Post subject: |   |  
				| 
 |  
				| But what version of openssl-solibs? 
 I must admit I never really understood what you earlier described about openssl-solibs.
 I thought openssl-solibs was included in openssl.
 Think the openssl-site confirmed that.
 Further I thought you built openssl-1.0.1h with openssl-solibs-09.8z(?) and that was essintial to make it work in SMS-1.6.0?
 
 That's why I didn't dare upgrading openssl-solibs.
 
 If I try, which version of openssl-solibs should I use?
 
 You might very well be right about rebuliding tor against the higher openssl-version.
 |  | 
	
		| Back to top |  | 
	
		| gerasimos_h Site Admin
 
 
 Joined: 09 Aug 2007
 Posts: 1757
 Location: Greece
 
 | 
			
				|  Posted: Mon Sep 01, 2014 7:36 pm    Post subject: |   |  
				| 
 |  
				| If you upgrade openssl-1.0.1i you must upgrade openssl-solibs-1.0.1i too... Openssl-solibs package handle the symlinks, you can remove it, but not leave the old one...
 
 Openssl 1.0.1h includes 0.9.8za and 1.0.1i includes 0.9.8zb.
 
 gerasimos_h
 _________________
 Superb! Mini Server Project Manager
 http://sms.it-ccs.com
 |  | 
	
		| Back to top |  | 
	
		| Lars Senior Member
 
 
 Joined: 25 Oct 2010
 Posts: 136
 
 
 | 
			
				|  Posted: Mon Sep 01, 2014 9:02 pm    Post subject: |   |  
				| 
 |  
				| Ok, while waiting for your answer today I made a wild guess: installed openssl-solibs-1.0.1h and rebuilt tor against openssl-1.0.1h It all seemed to work all right! Thank you! Now my upgrade finally runs smooth (apart dovecotcert)!
   
 Perhaps you don't understand what I'm wondering about or I'm to unspecific in my asking?
 But what is the relation between openssl and openssl-solibs?
 In my SMS-1.6.0 i had no openssl-solibs, it was not among the packages on the CD either, just 2 textfiles.
 -Now, after today I've got openssl-1.0.1h-i486-1sms and openssl-solibs-1.0.1h-i486-1sms in SMS-1.6.0.
 Did your openssl-0.9.8r include the solibs or what? And your openssl-1.0.1h doesn't include openssl-solibs?
 And what about the confusing differences in version?
 You say Openssl 1.0.1h includes 0.9.8za and 1.0.1i includes 0.9.8zb, shouldn't it be 1.0.1h resp i?
 Or do you mean that your openssl-1.0.1h-i486-1sms (in contrary to the official) includes 0.9.8za solibs?
 And that's the reason I need to make a completing installation of openssl-solibs with the "official" version?
 
 Finally, I searched around for your "smsconfig", and a deeper search among your downloads.
 Where can I find a version that suits SMS-1.6.0 X86?
 
 Best regards
 Lars
 |  | 
	
		| Back to top |  | 
	
		| Lars Senior Member
 
 
 Joined: 25 Oct 2010
 Posts: 136
 
 
 | 
			
				|  Posted: Tue Sep 02, 2014 12:18 pm    Post subject: |   |  
				| 
 |  
				| A minor update 
 You really don't have to bother about "smsconfig"!
 
 I read the manuals and managed to create a key and cert using
 
 
 Anyway, I'm most grateful for all your help with this OpenSSL-upgrade problem!
 At last all problems were solved
  . 
 My best regards!
 
 Lars
 |  | 
	
		| Back to top |  | 
	
		| gerasimos_h Site Admin
 
 
 Joined: 09 Aug 2007
 Posts: 1757
 Location: Greece
 
 | 
			
				|  Posted: Wed Sep 03, 2014 7:28 pm    Post subject: |   |  
				| 
 |  
				| You can download sms-scripts with slapt-get which includes smsconfig and a set of defaults certs like dovecot.pem, but since you create the cert your self it's the same thing.... 
 You could also upgrade to openssl-1.0.1i instead of 1.0.1h though, since you end up upgrading...
 
 gerasimos_h
 _________________
 Superb! Mini Server Project Manager
 http://sms.it-ccs.com
 |  | 
	
		| Back to top |  | 
	
		| Lars Senior Member
 
 
 Joined: 25 Oct 2010
 Posts: 136
 
 
 | 
			
				|  Posted: Wed Sep 10, 2014 9:03 pm    Post subject: |   |  
				| 
 |  
				| Finally  ! 
 With your kind guidance I finally upgraded my real SMS-1.6.0 server with the latest stable versions from openssl and torproject, that is 1.0.1i and 2.4.23 respectively.
 
 And as you said from start, it met few problems:
 rebuilding tor and creating ssl-key and -cert for Dovecot was all that was needed.
 I had other applications built from source using ssl that I had not tested virtually, but they caused no problems.
 And so far I've not noticed any consequences of the glibc mismatch.
 
 I owe you great many thanks gerasimos!
 
 Best regards
 Lars
 |  | 
	
		| Back to top |  | 
	
		|  |