3

I previously replaced openssl on my centos box with openssl10, using something like these instructions:

rpm -Uvh http://dl.iuscommunity.org/pub/ius/stable/CentOS/6/...
     ...x86_64/ius-release-1.0-11.ius.centos6.noarch.rpm
yum install yum-plugin-replace
# Edit /etc/yum.repos.d/ius-archive.repo and 
# enable the ius-archive repo by changing enabled=0 to enabled=1.
yum replace openssl --replace-with openssl10

Then when I do a general yum update I get errors because of openssl, so instead I do:

yum update -x openssl -x postfix

This seems to work fine, but in actual fact, I can no longer reconnect over ssh to the box:

me@local $ ssh -S none root@the_server
ssh_exchange_identification: Connection closed by remote host

Any ideas on how to recover from this situation?

Edit: When I run sshd on the server (I still have an open connection), I get the following error:

ssh: relocation error: ssh: symbol SSLeay_version, version OPENSSL_1.0.1 
    not defined in file libcrypto.so.10 with link time reference
EoghanM
  • 540
  • 2
  • 6
  • 15
  • 2
    Don't try to _replace_ the system OpenSSL. Just don't. You will break practically everything on the system. And I don't recommend the IUS repos either, since they seem to recommend various ways of breaking your system... – Michael Hampton Mar 09 '14 at 17:38
  • I agree with that sentiment now! Won't help with this question, but do you know of a better way of getting the latest version of openssl? My motivation was installation of SPDY on nginx. – EoghanM Mar 09 '14 at 17:38
  • 2
    I think that you are having an issue related to OpenSSL being upgraded in CentOS 6.5. If this is the case, [the solution is here](http://serverfault.com/q/563051/126632). – Michael Hampton Mar 09 '14 at 17:39
  • 1
    https://lists.launchpad.net/ius-community/msg00807.html explains how to resolve it and why you shouldn't have to use it anymore. – faker Mar 09 '14 at 17:48

3 Answers3

4

There has been a bug when using IUS repositories and using it to replace openssl with openssl10 and then trying to upgrade to CentOS 6.5.

Basically what you have to do is go back to the stock openssl - which now is anyway on version 1.0.1: 

yum replace openssl10 --replace-with openssl

Use of openssl10 is unnecessary now and unsupported.
That is also why it is only available in the archive repo.

For more information see: https://lists.launchpad.net/ius-community/msg00807.html and https://bugs.launchpad.net/ius/+bug/1034961/comments/60

faker
  • 17,326
  • 2
  • 60
  • 69
  • This is likely the right answer, however I'm getting `Error: Trying to remove "yum", which is protected` when I try to run yum replace. – EoghanM Mar 15 '14 at 08:29
  • Dependencies are `openssl10 -> python-libs -> pygpgme -> yum` http://pastebin.com/ymAgZgQP – EoghanM Mar 15 '14 at 08:43
4

Answer from @faker should be tried first, but if that doesn't work I found the following instructions at rpm.org

If you want to be on the safe side, also download rpms of yum and all it's dependencies

(Replace with the exact one appropriate for your installation)

wget http://mirror.centos.org/centos/6/os/x86_64/Packages/openssl-<version>.rpm
wget http://mirror.centos.org/centos/6/os/x86_64/Packages/openssl-devel-<version>.rpm

rpm -i openssl-*
    file /usr/lib64/libcrypto.so.1.0.1e from install of openssl-1.0.1e-16.el6_5.4.x86_64 conflicts with file from package openssl10-libs-1.0.1e-1.ius.el6.x86_64
    .... lots more lines

Now take a backup of all those conflicting files in such a way as you can reinstate them to their correct folder if something goes wrong.

Finally, you can take a leap and do:

rpm  -iv --replacepkgs --replacefiles openssl-*

If all goes well yum update should work.

Edit: also erase the packages so that they don't conflict on future updates:

rpm -qa |grep ius
... lists packages
rpm -e openssl10-libs-1.0.1e-1.ius.el6.x86_64
rpm -e openssl10-devel-1.0.1e-1.ius.el6.x86_64
EoghanM
  • 540
  • 2
  • 6
  • 15
0

Easier solution to the above issue

yum update openssl openssl-devel
Alexander Tolkachev
  • 4,513
  • 3
  • 14
  • 23
Sajumon Joseph
  • 11