Wednesday, October 21, 2009

Upgrading OpenSSL on Solaris

Well I struggled and struggled for days trying to install OpenSSL's latest version on Solaris 10. I had some applications like Apache that no matter what I did they continued to recognize the old version of OpenSSL. After a few attempts at building some symbolic links I thought there had to be a better way. I did think it was strange the way Sun has it all organized. I am posting the various locations of the default Solaris OpenSSL package below.

Sun default location:

/usr/sfw/bin/openssl -- executable . If you run openssl version on Solaris you will probably see this response

OpenSSL 0.9.7d 17 Mar 2004

/usr/sfw/include/openssl ---header files for compiling

/etc/sfw/openssl -- configuration file and certificate store with private key store

Finally after some Google searches I came across this very important blog from Sun.

The blog basically says you don't patch or upgrade OpenSSL on Solaris. Interesting. Any patch appears to come bundled in the OS patches they provide and test. They claim this will cover all existing issues.

I am still letting this settle into my small brain because it just seems so unnatural. I did verify that if you run the OpenSSL version command on a most up to date OS with patches you will see a different version result.

OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2007-5135 CVE-2008-5077)

It will appear more like this above. This makes me believe the blog. Now I just have to figure out if I can live with this approach going forward.

1 comment:

Lokamani Sadananda Swamy said...
This comment has been removed by the author.