Project

General

Profile

Bug #10479

OpenSSL not upgrading to 1.0.1j while recompiling Ruby.

Added by pramod-sharma (Pramod Sharma) almost 5 years ago. Updated almost 3 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
openssl
Target version:
-
ruby -v:
1.9.3p550
[ruby-core:66092]

Description

I had my system running on ubuntu 14.04, Ruby 1.9.3p550, OpenSSL 1.0.1f. After MITM vulnerability when I tried to update my system level openssl its been upgraded to 1.0.1j.
But when I check ruby -r openssl -e 'puts OpenSSL::OPENSSL_VERSION' to check latest version of openssl used by system's ruby services. It still shows old version i.e. 1.0.1f.
The workaround I find is to recompile ruby. But after recompiling ruby ruby -r openssl -e 'puts OpenSSL::OPENSSL_VERSION' raising :-
/usr/local/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': /usr/local/lib/ruby/1.9.1/x86_64-linux/openssl.so: undefined symbol: SSLv2_method - /usr/local/lib/ruby/1.9.1/x86_64-linux/openssl.so (LoadError)

I have tried:-

  1. using --with-openssl-dir while compiling ruby but its not a valid option.
  2. http://stackoverflow.com/questions/8206546/undefined-symbol-sslv2-method
  3. http://aaronparecki.com/articles/2014/04/08/1/how-to-test-and-confirm-openssl-is-updated-for-nginx-and-ruby-on-ubuntu-12-04
  4. recompiling a package with fPIC flag :- http://stackoverflow.com/questions/13812185/how-to-recompile-with-fpic
  5. Tried recompiling extconf.rb from ruby source as well :- http://stackoverflow.com/questions/9732591/rails-loaderror-with-openssl-so-undefined-symbol-d2i-ecpkparameters

History

Updated by jaredbeck (Jared Beck) almost 5 years ago

As Pramod said, --with-openssl-dir is not an option in 1.9.3.

./configure --with-openssl-dir=/usr/local/Cellar/openssl/1.0.1j
configure: WARNING: unrecognized options: --with-openssl-dir

I'm not sure when that option was added, but it is available in 2.1.5. Is there an alternative option in 1.9.3?

Updated by pramod-sharma (Pramod Sharma) almost 5 years ago

no i am still not able to find an alternative. Please help me if there's any

Updated by usa (Usaku NAKAMURA) over 4 years ago

  1. The configure warning is false positive.
    The option is passed to the ext/openssl. You can just ignore the warning.

  2. I guess that openssl 1.0.1j is installed at non-standard path, or 1.0.1f is still remain in the library search path before 1.0.1j.
    Check it. ldd will help you.

Updated by hsbt (Hiroshi SHIBATA) over 4 years ago

  • Status changed from Open to Feedback
  • Priority changed from 6 to Normal
#6

Updated by zzak (Zachary Scott) almost 4 years ago

  • Assignee set to openssl

Updated by rhenium (Kazuki Yamaguchi) almost 3 years ago

  • Status changed from Feedback to Rejected

The version string in OpenSSL::OPENSSL_VERSION is not the version running with but the OpenSSL version compiled with. Current versions of Ruby have OpenSSL::OPENSSL_LIBRARY_VERSION for the actual loaded version.

Also available in: Atom PDF