Bug 71544 - OpenSSL RPM version numbering confusing
Summary: OpenSSL RPM version numbering confusing
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: openssl   
(Show other bugs)
Version: 1.0
Hardware: i386 Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2002-08-14 23:35 UTC by Maurice Volaski
Modified: 2007-04-18 16:45 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-08-14 23:35:48 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Maurice Volaski 2002-08-14 23:35:43 UTC
Can you please explain definitively what the current status regarding OpenSSL rpm versions? The version numbering used in your rpm appears to be intentionally out of date with the what OpenSSL provides.

It is not clear for example if your rpms are actually up to date.

The OpenSSL FAQ affirms that your version numbering is wrong but doesn't explain the rationale..

Red Hat Linux (release 7.0 and later) include a preinstalled limited
version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
is disabled in this version. The same may apply to other Linux distributions.
Users may therefore wish to install more or all of the features left out.

To do this you MUST ensure that you do not overwrite the openssl that is in
/usr/bin on your Red Hat machine. Several packages depend on this file,
including sendmail and ssh. /usr/local/bin is a good alternative choice. The
libraries that come with Red Hat 7.0 onwards have different names and so are
not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
/lib/libcrypto.so.2 respectively).

Please note that we have been advised by Red Hat attempting to recompile the
openssl rpm with all the cryptography enabled will not work. All other
packages depend on the original Red Hat supplied openssl package. It is also
worth noting that due to the way Red Hat supplies its packages, updates to
openssl on each distribution never change the package version, only the
build number. For example, on Red Hat 7.1, the latest openssl package has
version number 0.9.6 and build number 9 even though it contains all the
relevant updates in packages up to and including 0.9.6b.

Comment 1 Joe Orton 2002-11-25 13:04:29 UTC
What are you confused about?  The FAQ is not quite right in the last paragraph,
the package version does always reflect the version of OpenSSL used, though we
do backport security fixes from newer versions.

Note You need to log in before you can comment on or make changes to this bug.