Bug #10479


OpenSSL not upgrading to 1.0.1j while recompiling Ruby.

Added by pramod-sharma (Pramod Sharma) about 8 years ago. Updated over 6 years ago.

Target version:
ruby -v:


I had my system running on ubuntu 14.04, Ruby 1.9.3p550, OpenSSL 1.0.1f. After MITM vulnerability when I tried to update my system level openssl its been upgraded to 1.0.1j.
But when I check ruby -r openssl -e 'puts OpenSSL::OPENSSL_VERSION' to check latest version of openssl used by system's ruby services. It still shows old version i.e. 1.0.1f.
The workaround I find is to recompile ruby. But after recompiling ruby ruby -r openssl -e 'puts OpenSSL::OPENSSL_VERSION' raising :-
/usr/local/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': /usr/local/lib/ruby/1.9.1/x86_64-linux/ undefined symbol: SSLv2_method - /usr/local/lib/ruby/1.9.1/x86_64-linux/ (LoadError)

I have tried:-

  1. using --with-openssl-dir while compiling ruby but its not a valid option.
  4. recompiling a package with fPIC flag :-
  5. Tried recompiling extconf.rb from ruby source as well :-

Updated by jaredbeck (Jared Beck) about 8 years ago

As Pramod said, --with-openssl-dir is not an option in 1.9.3.

./configure --with-openssl-dir=/usr/local/Cellar/openssl/1.0.1j
configure: WARNING: unrecognized options: --with-openssl-dir

I'm not sure when that option was added, but it is available in 2.1.5. Is there an alternative option in 1.9.3?

Updated by pramod-sharma (Pramod Sharma) about 8 years ago

no i am still not able to find an alternative. Please help me if there's any

Updated by usa (Usaku NAKAMURA) about 8 years ago

  1. The configure warning is false positive.
    The option is passed to the ext/openssl. You can just ignore the warning.

  2. I guess that openssl 1.0.1j is installed at non-standard path, or 1.0.1f is still remain in the library search path before 1.0.1j.
    Check it. ldd will help you.

Updated by hsbt (Hiroshi SHIBATA) about 8 years ago

  • Status changed from Open to Feedback
  • Priority changed from 6 to Normal
Actions #6

Updated by zzak (Zak Scott) over 7 years ago

  • Assignee set to 7150

Updated by rhenium (Kazuki Yamaguchi) over 6 years ago

  • Status changed from Feedback to Rejected

The version string in OpenSSL::OPENSSL_VERSION is not the version running with but the OpenSSL version compiled with. Current versions of Ruby have OpenSSL::OPENSSL_LIBRARY_VERSION for the actual loaded version.


Also available in: Atom PDF