Log-in | en

Flag Day for OpenSSL upgrade a


Date: Fri, 17 Jul 2009 20:02:19 +0200
From: Mark Phalan <Mark.Phalan at sun dot com>
To: onnv-gate at onnv dot eng dot sun dot com, on-all at sun dot com
Subject: Flag Day for OpenSSL upgrade a

This is a flag day for BFU users and ON developers.
OpenSSL was upgraded with the following putback:

6806386 Upgrade OpenSSL to 0.9.8k

If upgrading via BFU from builds prior to 118, SUNWopensslr and
SUNWopenssl-include should be upgraded before running BFU.

The following (internal) script will update OpenSSL to the latest
available version.

/ws/onnv-gate/public/bin/update_openssl

OpenSSL can otherwise be upgraded before running BFU by running

pkgadd -d <path to snv_118+ packages> <pkg>

Where <pkg> is "SUNWopenssl-include SUNWopenssl-commands
SUNWopenssl-libraries SUNWopensslr SUNWopenssl-man"

If SUNWopensslr is not upgraded and the binaries from the BFU archives
were built against the newer OpenSSL (build machine 118+) some
applications (including ssh) will complain about missing symbols and
fail to run.

If SUNWopenssl-include is not upgraded along with SUNWopensslr then
nightly's link check will fail with many warnings against
OpenSSL-related #include files.
For example:

"/export/builds/onnv-gate/usr/src/common/net/wanboot/auxutil.c", line
403: warning: argument used inconsistently: X509_check_private_key(arg
1) in llib-lcrypto:x509.h(1057) struct x509_st * and auxutil.c(403)
struct x509_st * (E_INCONS_ARG_USED2)
"/export/builds/onnv-gate/usr/src/common/net/wanboot/auxutil.c", line
414: warning: value type used inconsistently: PKCS12_get_attr_gen in
llib-lcrypto:pkcs12.h(209) struct asn1_type_st *() and auxutil.c(414)
struct asn1_type_st *() (E_INCONS_VAL_TYPE_USED2)
...

If BFU'ing from build 104 or earlier you should be aware of

6861019 BFU should remove /usr/sfw/lib/libcrypto.so.0.9.8,
        /usr/sfw/lib/libssl.so.0.9.8

and apply the documented workaround.

ON sources which have not been updated since 05/28/09 (or are at hg
tag onnv_116 or earlier) and hence don't include the fix for 6806387
(Move OpenSSL from ON to SFW) will fail to build on Nevada build 118+
with many errors about missing symbols in libcrypto.
For example:

Undefined                       first referenced
symbol                             in file
EVP_MD_size                         /usr/lib/libtspi.so
EVP_CIPHER_iv_length                /usr/lib/libtspi.so
...

This can be avoided by updating your ON workspace (hg pull -u) or by not
upgrading your build machine to Nevada build 118+.

Any problem or questions, please contact the interest list
openssl-interest at sun dot com
last modified by alanbur on 2009/11/20 23:48
 
Collectives
Project

Subsites
Code Reviews
Code Repositories
Package Search
Bugster
Bugzilla
Test Machines
Planet
Mailing Lists
Elections & Polls
ARC Case Logs
Source Juicer
Package Factory
User Authentication
Community Group on Pages

© Sun Microsystems Inc. 2009
XWiki Enterprise 1.8.2.19075 - Documentation
Terms Of Use | Privacy | Trademarks | Copyright Policy | Site Guidelines | Site map | Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.