Wrong openssl version into Squid -v info

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Wrong openssl version into Squid -v info

Alvaro SGAD

Hi List!!

My name is Alvaro, from Spain, and i would like to know if you can help me about a problem with my new squid version. 

In my company, we want to update our squid version to 4.12 because our actual version has a vulnerability problem. Our openssl version is 1.1.1g.

When i update squid version and want to know if the process has finished correctly, i run squid -v into and this is that i receive.

Squid Cache: Version 4.12
Service Name: squid

This binary uses OpenSSL 1.0.2k-fips  26 Jan 2017. For legal restrictions on distribution seehttps://www.openssl.org/source/license.html
(Here is the problem, this is my old OpenSSL version)

configure options:  '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--verbose' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--disable-dependency-tracking' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,NCSA,NIS,POP3,RADIUS,SMB,getpwnam,fake' '--enable-auth-ntlm=fake,SMB_LM' '--enable-auth-digest=file' '--enable-auth-negotiate=kerberos,wrapper' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,SQL_session,unix_group,wbinfo_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi' '--enable-ssl-crtd' '--enable-icmp' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl=/usr/local/ssl' '--with-pthreads' '--with-included-ltdl' '--disable-arch-native' '--enable-ecap' '--without-nettle' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' '–enable-ltdl-convenience' 'LIBOPENSSL_CFLAGS=-I/opt/openssl/include/openssl' 'target_alias=–enable-ltdl-convenience' --enable-ltdl-convenience


My openssl version is.

openssl version -a
OpenSSL 1.1.1g  21 Apr 2020
built on: Thu Jul  9 12:28:11 <a href="x-apple-data-detectors://4" dir="ltr" x-apple-data-detectors="true" x-apple-data-detectors-type="calendar-event" x-apple-data-detectors-result="4" style="color: rgba(0, 0, 0, 0); text-decoration-color: rgba(128, 128, 128, 0.38);">2020 UTC
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/opt/openssl/lib/engines-1.1"

I have CentOS 7.

If you need more info ill send you ASAP.

Regards


-- 
Álvaro Javier Gasco Fernández
Sistemas Correo
Secretaría General de Administración Digital

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Wrong openssl version into Squid -v info

Alex Rousskov
On 7/31/20 9:50 AM, Alvaro SGAD wrote:
> Our openssl version is 1.1.1g.

> When i update squid version and want to know if the process has finished
> correctly, i run *squid -v* into and this is that i receive.

> Squid Cache: Version 4.12
> This binary uses OpenSSL 1.0.2k-fips 26 Jan 2017.

How did you obtain your Squid binary? If you built it from sources, then
the build picked up a different OpenSSL version than you expected. If
you downloaded a binary Squid package, then that Squid binary was built
against a different OpenSSL version than you have on your box. In either
case, your Squid may work just fine, but YMMV. IMHO, it is best when the
build uses an OpenSSL version that matches the installed one.

Please note that you may have multiple OpenSSL versions installed.

Alex.

> configure options: ...
> '--with-openssl=/usr/local/ssl'
...
> 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
...
> 'LIBOPENSSL_CFLAGS=-I/opt/openssl/include/openssl'

> My openssl version is.
>
> *openssl version -a*
> OpenSSL 1.1.1g  21 Apr 2020
> built on: Thu Jul  9 12:28:11 2020 UTC <x-apple-data-detectors://4>
> platform: linux-x86_64
> options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
> compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3
> -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ
> -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
> -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
> -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
> -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG
> OPENSSLDIR: "/usr/local/ssl"
> ENGINESDIR: "/opt/openssl/lib/engines-1.1"
>
> I have CentOS 7.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users