Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
OpenSSL and Solaris zones
3 views
Skip to first unread message
Jorge Medina
Oct 18, 2011, 4:08:17 PM10/18/11
to
I don't have much information, but maybe someone has had a similar problem.
I am building my distribution of Apache Web Server (and Tomcat). I
include in my tarball a compiled version of openssl, apr, apr-util and
apache with several modules including mod_jk
I build the components above in a physical machine running Solaris 10,
create the tar ball and deploy it in another system (possibly in
different directory, so we use LD_LIBRARY_PATH to point to the right
set of libraries)
All this has worked wonderful for quite some time. We have over the
years updated several of the components with minor adjustment to our
build. Currently we are using apache 2.2.20 with openssl 1.0.0d
Recently our IT department decided to use Solaris zones; so they
deployed the same tarball in a zone. It works fine for most of the
users of the system, except for two of them. Their requests time out.
The apache access and error logs don't show anything, but we were able
to narrow it down to the SSL handshaking failing.
So far, it seems that building openssl in the target machine (the
solaris zone) fixes the problem; but I really want to distribute a
compiled version of all libraries rather than building it in the
target machine.
So I was wondering if anybody has experienced a similar problem with
OpenSSL when building it in a Soalris physical (global zone) machine
but deploying it in a zone.
-Jorge
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
I am building my distribution of Apache Web Server (and Tomcat). I
include in my tarball a compiled version of openssl, apr, apr-util and
apache with several modules including mod_jk
I build the components above in a physical machine running Solaris 10,
create the tar ball and deploy it in another system (possibly in
different directory, so we use LD_LIBRARY_PATH to point to the right
set of libraries)
All this has worked wonderful for quite some time. We have over the
years updated several of the components with minor adjustment to our
build. Currently we are using apache 2.2.20 with openssl 1.0.0d
Recently our IT department decided to use Solaris zones; so they
deployed the same tarball in a zone. It works fine for most of the
users of the system, except for two of them. Their requests time out.
The apache access and error logs don't show anything, but we were able
to narrow it down to the SSL handshaking failing.
So far, it seems that building openssl in the target machine (the
solaris zone) fixes the problem; but I really want to distribute a
compiled version of all libraries rather than building it in the
target machine.
So I was wondering if anybody has experienced a similar problem with
OpenSSL when building it in a Soalris physical (global zone) machine
but deploying it in a zone.
-Jorge
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
Garick Hamlin
Oct 18, 2011, 8:30:35 PM10/18/11
to
On Tue, Oct 18, 2011 at 04:08:17PM -0400, Jorge Medina wrote:
> I don't have much information, but maybe someone has had a similar problem.
>
> I am building my distribution of Apache Web Server (and Tomcat). I
> include in my tarball a compiled version of openssl, apr, apr-util and
> apache with several modules including mod_jk
Have you tried doing a pldd to verify that /usr/sfw/lib/libcrypt.so
> I don't have much information, but maybe someone has had a similar problem.
>
> I am building my distribution of Apache Web Server (and Tomcat). I
> include in my tarball a compiled version of openssl, apr, apr-util and
> apache with several modules including mod_jk
didn't get linked in?
Hasan Rezaul-CHR010
Oct 19, 2011, 12:13:25 PM10/19/11
to
Hi All,
We have a bunch of Linux Boxes (Clients) that would run openssl 0.9.8r.
We will have a Solaris box (CA Server), that would run openssl 1.0.0e
Is there any compatibility problems that we would need to be concerned
about ? Is there any difference in functionality that could give rise to
unexpected problems ?
Thanks in advance for your help.
We have a bunch of Linux Boxes (Clients) that would run openssl 0.9.8r.
We will have a Solaris box (CA Server), that would run openssl 1.0.0e
Is there any compatibility problems that we would need to be concerned
about ? Is there any difference in functionality that could give rise to
unexpected problems ?
Thanks in advance for your help.
Kenneth Goldman
Oct 19, 2011, 1:58:50 PM10/19/11
to
> From: "Hasan Rezaul-CHR010" <rezaul...@nsn.com>
> To: <openss...@openssl.org>,
> Date: 10/19/2011 12:44 PM
> Subject: Openssl version compatibility [0.9.8r vs. 1.0.0e]
> Sent by: owner-ope...@openssl.org
and SHA and it works without source modification.
I strongly advise recompiling - even for letter changes.
> To: <openss...@openssl.org>,
> Date: 10/19/2011 12:44 PM
> Subject: Openssl version compatibility [0.9.8r vs. 1.0.0e]
> Sent by: owner-ope...@openssl.org
>
> We have a bunch of Linux Boxes (Clients) that would run openssl 0.9.8r.
>
> We will have a Solaris box (CA Server), that would run openssl 1.0.0e
>
> Is there any compatibility problems that we would need to be concerned
> about ? Is there any difference in functionality that could give rise to
> unexpected problems ?
It likely depends on the functions you're using. I use AES, RSA,
> We have a bunch of Linux Boxes (Clients) that would run openssl 0.9.8r.
>
> We will have a Solaris box (CA Server), that would run openssl 1.0.0e
>
> Is there any compatibility problems that we would need to be concerned
> about ? Is there any difference in functionality that could give rise to
> unexpected problems ?
and SHA and it works without source modification.
I strongly advise recompiling - even for letter changes.
0 new messages