OpenSSL not upgrading to 1.0.1j while recompiling Ruby.
I had my system running on ubuntu 14.04, Ruby 1.9.3p550, OpenSSL 1.0.1f. After MITM vulnerability when I tried to update my system level openssl its been upgraded to 1.0.1j.
But when I check
ruby -r openssl -e 'puts OpenSSL::OPENSSL_VERSION' to check latest version of openssl used by system's ruby services. It still shows old version i.e. 1.0.1f.
The workaround I find is to recompile ruby. But after recompiling ruby
ruby -r openssl -e 'puts OpenSSL::OPENSSL_VERSION' raising :-
/usr/local/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': /usr/local/lib/ruby/1.9.1/x86_64-linux/openssl.so: undefined symbol: SSLv2_method - /usr/local/lib/ruby/1.9.1/x86_64-linux/openssl.so (LoadError)
I have tried:-
- using --with-openssl-dir while compiling ruby but its not a valid option.
- recompiling a package with fPIC flag :- http://stackoverflow.com/questions/13812185/how-to-recompile-with-fpic
- Tried recompiling extconf.rb from ruby source as well :- http://stackoverflow.com/questions/9732591/rails-loaderror-with-openssl-so-undefined-symbol-d2i-ecpkparameters
Updated by jaredbeck (Jared Beck) about 5 years ago
As Pramod said,
--with-openssl-dir is not an option in 1.9.3.
configure: WARNING: unrecognized options: --with-openssl-dir
I'm not sure when that option was added, but it is available in 2.1.5. Is there an alternative option in 1.9.3?
Updated by usa (Usaku NAKAMURA) about 5 years ago
The configure warning is false positive.
The option is passed to the ext/openssl. You can just ignore the warning.
I guess that openssl 1.0.1j is installed at non-standard path, or 1.0.1f is still remain in the library search path before 1.0.1j.
lddwill help you.
Updated by rhenium (Kazuki Yamaguchi) over 3 years ago
- Status changed from Feedback to Rejected
The version string in OpenSSL::OPENSSL_VERSION is not the version running with but the OpenSSL version compiled with. Current versions of Ruby have OpenSSL::OPENSSL_LIBRARY_VERSION for the actual loaded version.