Repairing replaced OpenSSL installation

Question

I previously replaced openssl on my centos box with openssl10, using something like these instructions:

rpm -Uvh http://dl.iuscommunity.org/pub/ius/stable/CentOS/6/...
     ...x86_64/ius-release-1.0-11.ius.centos6.noarch.rpm
yum install yum-plugin-replace
# Edit /etc/yum.repos.d/ius-archive.repo and 
# enable the ius-archive repo by changing enabled=0 to enabled=1.
yum replace openssl --replace-with openssl10

Then when I do a general yum update I get errors because of openssl, so instead I do:

yum update -x openssl -x postfix

This seems to work fine, but in actual fact, I can no longer reconnect over ssh to the box:

me@local $ ssh -S none root@the_server
ssh_exchange_identification: Connection closed by remote host

Any ideas on how to recover from this situation?

Edit: When I run sshd on the server (I still have an open connection), I get the following error:

ssh: relocation error: ssh: symbol SSLeay_version, version OPENSSL_1.0.1 
    not defined in file libcrypto.so.10 with link time reference

score 4 · Accepted Answer · answered Mar 09 '14 at 18:35

There has been a bug when using IUS repositories and using it to replace openssl with openssl10 and then trying to upgrade to CentOS 6.5.

Basically what you have to do is go back to the stock openssl - which now is anyway on version 1.0.1:

yum replace openssl10 --replace-with openssl

Use of openssl10 is unnecessary now and unsupported.
That is also why it is only available in the archive repo.

For more information see: https://lists.launchpad.net/ius-community/msg00807.html and https://bugs.launchpad.net/ius/+bug/1034961/comments/60

EoghanM · Answer 2 · 2014-04-09T11:49:50.457

Answer from @faker should be tried first, but if that doesn't work I found the following instructions at rpm.org

If you want to be on the safe side, also download rpms of yum and all it's dependencies

(Replace with the exact one appropriate for your installation)

wget http://mirror.centos.org/centos/6/os/x86_64/Packages/openssl-<version>.rpm
wget http://mirror.centos.org/centos/6/os/x86_64/Packages/openssl-devel-<version>.rpm

rpm -i openssl-*
    file /usr/lib64/libcrypto.so.1.0.1e from install of openssl-1.0.1e-16.el6_5.4.x86_64 conflicts with file from package openssl10-libs-1.0.1e-1.ius.el6.x86_64
    .... lots more lines

Now take a backup of all those conflicting files in such a way as you can reinstate them to their correct folder if something goes wrong.

Finally, you can take a leap and do:

rpm  -iv --replacepkgs --replacefiles openssl-*

If all goes well yum update should work.

Edit: also erase the packages so that they don't conflict on future updates:

rpm -qa |grep ius
... lists packages
rpm -e openssl10-libs-1.0.1e-1.ius.el6.x86_64
rpm -e openssl10-devel-1.0.1e-1.ius.el6.x86_64

score 0 · Answer 3 · edited Oct 16 '17 at 10:35

0

Easier solution to the above issue

yum update openssl openssl-devel

edited Oct 16 '17 at 10:35

Alexander Tolkachev

4,666

answered Jan 18 '16 at 13:06

Sajumon Joseph

11

Repairing replaced OpenSSL installation

3 Answers3