IUS Community Project

Bug #1034961
Comment #60

Comment 60 for bug 1034961

Revision history for this message

bharper (bharper) wrote on 2013-12-03:

#60

Hello Michael,

I was able to recreate the behavior you reported. I spun up a CentOS 6.4 server and switched it to use IUS's openssl10. Then I upgraded to 6.5:

# cat /etc/issue
CentOS release 6.4 (Final)
Kernel \r on an \m

# rpm -qa |grep openssl
openssl10-libs-1.0.1e-2.ius.centos6.x86_64
openssl10-1.0.1e-2.ius.centos6.x86_64

# yum upgrade
...

# ssh localhost
ssh: relocation error: ssh: symbol SSLeay_version, version OPENSSL_1.0.1 not defined in file libcrypto.so.10 with link time reference

and from a remote machine:

$ ssh <email address hidden>
ssh_exchange_identification: read: Connection reset by peer

After switching back to stock openssl, I was able to connect.

# yum replace openssl10 --replace-with openssl
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
* epel: mirror.steadfast.net
* ius: mirror.rackspace.hk
Replacing packages takes time, please be patient...

WARNING: Unable to resolve all providers: ['config(openssl10-libs)', 'openssl-libs', 'openssl-libs(x86-64)', 'openssl10-libs', 'openssl10-libs(x86-64)', 'openssl10', 'openssl10(x86-64)']

This may be normal depending on the package. Continue? [y/N] y
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-15.el6 will be installed
---> Package openssl10.x86_64 0:1.0.1e-2.ius.centos6 will be erased
---> Package openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

Transaction Summary
=======================================================================================================================
Install 1 Package(s)
Remove 2 Package(s)

Removed:
openssl10.x86_64 0:1.0.1e-2.ius.centos6 openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6

Installed:
openssl.x86_64 0:1.0.1e-15.el6

Complete!
# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is a7:f1:24:99:dd:e1:25:32:34:f7:ef:aa:19:71:9d:4d.
Are you sure you want to continue connecting (yes/no)?no
# rpm -qa |grep openssl
openssl-1.0.1e-15.el6.x86_64

I spun up another test server, switched to openssl10, updated to 6.5 and got the follow when I attempted to restart sshd:

My connection did not drop even though sshd was not running. Switching back to stock openssl, I was able to start sshd:

# yum replace openssl10 --replace-with openssl
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
* epel: mirror.steadfast.net
* ius: ord.mirror.rackspace.com
Replacing packages takes time, please be patient...

WARNING: Unable to resolve all providers: ['config(openssl10-libs)', 'openssl-libs', 'openssl-libs(x86-64)', 'openssl10-libs', 'openssl10-libs(x86-64)', 'openssl10', 'openssl10(x86-64)']

Dependencies Resolved

Transaction Summary
=======================================================================================================================
Install 1 Package(s)
Remove 2 Package(s)

Removed:
openssl10.x86_64 0:1.0.1e-2.ius.centos6 openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6

Installed:
openssl.x86_64 0:1.0.1e-15.el6

Complete!

# /etc/init.d/sshd restart
Stopping sshd: [FAILED]
Starting sshd: [ OK ]

Seeing that Red Hat and CentOS now provides a current version of openssl, and IUS's openssl10 is causing breakage. We are going to go ahead and EOL openssl10. All openssl10 packages will still be available in the archive repos for the time being. An official announcement will be coming soon.

-Ben

Hello Michael,

I was able to recreate the behavior you reported.  I spun up a CentOS 6.4 server and switched it to use IUS's openssl10.  Then I upgraded to 6.5:

# cat /etc/issue
CentOS release 6.4 (Final)
Kernel \r on an \m

# rpm -qa |grep openssl
openssl10-libs-1.0.1e-2.ius.centos6.x86_64
openssl10-1.0.1e-2.ius.centos6.x86_64

# yum upgrade
...

# ssh localhost
ssh: relocation error: ssh: symbol SSLeay_version, version OPENSSL_1.0.1 not defined in file libcrypto.so.10 with link time reference

and from a remote machine:

$ ssh root@test.server
ssh_exchange_identification: read: Connection reset by peer

After switching back to stock openssl, I was able to connect.

# yum replace openssl10 --replace-with openssl
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
 * epel: mirror.steadfast.net
 * ius: mirror.rackspace.hk
Replacing packages takes time, please be patient...

WARNING: Unable to resolve all providers: ['config(openssl10-libs)', 'openssl-libs', 'openssl-libs(x86-64)', 'openssl10-libs', 'openssl10-libs(x86-64)', 'openssl10', 'openssl10(x86-64)']

This may be normal depending on the package.  Continue? [y/N] y
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-15.el6 will be installed
---> Package openssl10.x86_64 0:1.0.1e-2.ius.centos6 will be erased
---> Package openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================
 Package                        Arch                   Version                              Repository            Size
=======================================================================================================================
Installing:
 openssl                        x86_64                 1.0.1e-15.el6                        base                 1.5 M
Removing:
 openssl10                      x86_64                 1.0.1e-2.ius.centos6                 @ius                 1.5 M
 openssl10-libs                 x86_64                 1.0.1e-2.ius.centos6                 @ius                 2.2 M

Transaction Summary
=======================================================================================================================
Install       1 Package(s)
Remove        2 Package(s)

Total download size: 1.5 M
Is this ok [y/N]: y
Downloading Packages:
openssl-1.0.1e-15.el6.x86_64.rpm                                                                | 1.5 MB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : openssl-1.0.1e-15.el6.x86_64                                                                        1/3 
  Erasing    : openssl10-1.0.1e-2.ius.centos6.x86_64                                                               2/3 
  Erasing    : openssl10-libs-1.0.1e-2.ius.centos6.x86_64                                                          3/3 
  Verifying  : openssl-1.0.1e-15.el6.x86_64                                                                        1/3 
  Verifying  : openssl10-1.0.1e-2.ius.centos6.x86_64                                                               2/3 
  Verifying  : openssl10-libs-1.0.1e-2.ius.centos6.x86_64                                                          3/3

Removed:
  openssl10.x86_64 0:1.0.1e-2.ius.centos6                 openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6

Installed:
  openssl.x86_64 0:1.0.1e-15.el6

I spun up another test server, switched to openssl10, updated to 6.5 and got the follow when I attempted to restart sshd:

# /etc/init.d/sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd: /usr/sbin/sshd: relocation error: /usr/sbin/sshd: symbol SSLeay_version, version OPENSSL_1.0.1 not defined in file libcrypto.so.10 with link time reference
                                                           [FAILED]

My connection did not drop even though sshd was not running.  Switching back to stock openssl, I was able to start sshd:

# yum replace openssl10 --replace-with openssl
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
 * epel: mirror.steadfast.net
 * ius: ord.mirror.rackspace.com
Replacing packages takes time, please be patient...

WARNING: Unable to resolve all providers: ['config(openssl10-libs)', 'openssl-libs', 'openssl-libs(x86-64)', 'openssl10-libs', 'openssl10-libs(x86-64)', 'openssl10', 'openssl10(x86-64)']

This may be normal depending on the package.  Continue? [y/N] y
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-15.el6 will be installed
---> Package openssl10.x86_64 0:1.0.1e-2.ius.centos6 will be erased
---> Package openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

Transaction Summary
=======================================================================================================================
Install       1 Package(s)
Remove        2 Package(s)

Removed:
  openssl10.x86_64 0:1.0.1e-2.ius.centos6                 openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6

Installed:
  openssl.x86_64 0:1.0.1e-15.el6

Complete!

# /etc/init.d/sshd restart
Stopping sshd:                                             [FAILED]
Starting sshd:                                             [  OK  ]

Seeing that Red Hat and CentOS now provides a current version of openssl, and IUS's openssl10 is causing breakage.  We are going to go ahead and EOL openssl10.  All openssl10 packages will still be available in the archive repos for the time being.  An official announcement will be coming soon.

-Ben