I am trying to configure SSL on an old opensuse server: openSUSE 11.4 (x86_64) VERSION = 11.4 CODENAME = Celadon I enabled the apache SSL module: apache2ctl -M Loaded Modules: core_module (static) mpm_prefork_module (static) http_module (static) so_module (static) actions_module (shared) alias_module (shared) auth_basic_module (shared) authn_file_module (shared) authz_host_module (shared) authz_groupfile_module (shared) authz_default_module (shared) authz_user_module (shared) autoindex_module (shared) cgi_module (shared) dir_module (shared) env_module (shared) expires_module (shared) include_module (shared) log_config_module (shared) mime_module (shared) negotiation_module (shared) setenvif_module (shared) ssl_module (shared) userdir_module (shared) php5_module (shared) reqtimeout_module (shared) deflate_module (shared) headers_module (shared) rewrite_module (shared) Syntax OK And configured the virtual host providing the SSL certificates (by copying and editing the vhost-ssl.template and renaming it https.xxxxxxxx.conf) and restarted apache. When I try to connect I get this error: openssl s_client -connect localhost:443 connect: Connection refused connect:errno=111 This is the openssl version installed: OpenSSL 1.0.1p 9 Jul 2015 (Library: OpenSSL 1.0.0c 2 Dec 2010) If it can help this is my iptables config: iptables -L -vn Chain INPUT (policy ACCEPT 4641 packets, 815K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1691 packets, 4745K bytes) pkts bytes target prot opt in out source destination Can you help me understand why I am not able to connect in localhost to the 443 port? EDIT: I believe it is a problem with apache and the additional https.xxxxxxx.conf file: httpd2 -S VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: *:80 is a NameVirtualHost default server xxxxxxxx.it (/etc/apache2/vhosts.d/xxxxxxxx.conf:3) port 80 namevhost xxxxxxxx.it (/etc/apache2/vhosts.d/xxxxxxxx.it.conf:3) port 80 namevhost XXX.XXX.XXX.XXX (/etc/apache2/vhosts.d/xxxxxxxx.it.conf:9) In my listen.conf it seems that if the SSL module is enabled it should Listen 443: Listen 80 Listen 443 This is the output of netstat: netstat -tulpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 8105/mysqld tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1847/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2179/master tcp 0 0 :::80 :::* LISTEN 13330/httpd2-prefor tcp 0 0 :::21 :::* LISTEN 1930/vsftpd tcp 0 0 :::22 :::* LISTEN 1847/sshd tcp 0 0 ::1:25 :::* LISTEN 2179/master I have modified the /etc/sysconfig/apache2 file to turn on the SSL module APACHE_SERVER_FLAGS="SSL" Now it seems to respond correctly bot locally and remotely: openssl s_client -connect localhost:443 CONNECTED(00000003) depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify return:1 I still have problems since I get from the browser: This site can’t be reached xxxxxxxx.it unexpectedly closed the connection. Try: Checking the connection Checking the proxy and the firewall Running Network Diagnostics ERR_CONNECTION_CLOSED However I believe the problem is not related

I am building a RHEL8 instance and when installing openssl-devel and python36-devel I get the error > [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old > [0.23], expected [0.24] for domain implicit_files! > > Higher version of database is expected! In order to upgrade the > database, you must run SSSD. > > Removing cache files in /var/lib/sss/db should fix the issue, but note > that removing cache files will also remove all of your cached > credentials. I added *sss_cache -E* before the openssl-devel install step but that didn't help.. I also tried restarting the sssd service and the error still appears every time

I am trying to run an executable that makes use of the libcrypto and libsll libraries. When I run the executable I get the following error PROGRAM: error while loading shared libraries: libcrypto.so.10: cannot open shared object file: No such file or directory I understand that the above message is because the executable cannot find the associated library. The system has both pairs of libraries included in "/usr/lib/x86_64-linux-gnu", which I installed using the synaptic package manager. I have tried to generate the symbolic links ln -s /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 /usr/lib/x86_64-linux-gnu/libcrypto.so.10 ln -s /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 /usr/lib/x86_64-linux-gnu/libcrypto.so.10 ln -s /usr/lib/x86_64-linux-gnu/libcrypto.so /usr/lib/x86_64-linux-gnu/libcrypto.so.10 but in all these cases I get the following error message: PROGRAM: /usr/lib/x86_64-linux-gnu/libcrypto.so.10: version `libcrypto.so.10' not found (required by PROGRAM) I am currently using Ubuntu 20.0, and the executable I am trying to use was compiled for RHEL 6.6. My question is: Should I install RHEL (or centOS) to be able to use that executable?, or, the error is due to the fact that I am using the wrong version of the libraries.

I have spent some time searching online but none of what I found seems to help. I'm running CentOS 6 64bit and would like to compile Apache with mod_ssl and need to link it to my own OpenSSL build (which is newer than the OS provided version). OpenSSL 1.1.0i is configured with: ./config --prefix=/opt/openssl-1.1.0 --openssldir=/opt/openssl-1.1.0 shared Apache 2.4 is configured with: ./configure --enable-layout=mycustomlayout \ --prefix=/opt/httpd-2.4.34 \ --exec-prefix=/opt/httpd-2.4.34 \ --with-mpm=prefork \ --enable-so \ --enable-ssl \ --with-ssl=/opt/openssl-1.1.0 \ --enable-cgi \ --enable-http2 \ --enable-proxy-http2 \ --with-included-apr It appears to compile just fine but mod_ssl isn't aware of where OpenSSL 1.1.0 is installed: [root@host .libs]# ldd ./mod_ssl.so | grep -iP 'ssl|crypto' libssl.so.1.1 => not found libcrypto.so.1.1 => not found And so only works when you explicitly tell it where to look: [root@host .libs]# export LD_LIBRARY_PATH=/opt/openssl-1.1.0/lib:$LD_LIBRARY_PATH [root@host .libs]# ldd ./mod_ssl.so | grep -iP 'ssl|crypto' libssl.so.1.1 => /opt/openssl-1.1.0/lib/libssl.so.1.1 (0x00007f069149a000) libcrypto.so.1.1 => /opt/openssl-1.1.0/lib/libcrypto.so.1.1 (0x00007f069100a000) Even building mod_ssl statically into httpd binary with --enable-mods-static=ssl doesn't help. I tried --enable-ssl, --enable-ssl --enable-ssl-staticlib-deps, and --enable-ssl --enable-ssl-staticlib-deps --enable-mods-static=ssl and still the same result: libssl.so.1.1 => not found libcrypto.so.1.1 => not found Also tried, without luck, setting these variables before ./configure: export PKG_CONFIG_PATH=/opt/openssl-1.1.0/lib/pkgconfig:$PKG_CONFIG_PATH \ LD_LIBRARY_PATH=/opt/openssl-1.1.0/lib:$LD_LIBRARY_PATH \ LDFLAGS="-L/opt/openssl-1.1.0/lib" I know I can just add to /etc/ld.so.conf.d to autoload the new OpenSSL library or adjust Apache's init script to add to LD_LIBRARY_PATH but I'd much prefer to have it working properly, have the program where to look for libssl.so / libcrypto.so, just like my PHP build: [root@host php]# export PKG_CONFIG_PATH=/opt/openssl-1.1.0/lib/pkgconfig:$PKG_CONFIG_PATH \ LD_LIBRARY_PATH=/opt/openssl-1.1.0/lib:$LD_LIBRARY_PATH \ LDFLAGS="-L/opt/openssl-1.1.0/lib" \ PHP_PREFIX=/opt/php-7.2.9 \ EXTENSION_DIR=$PHP_PREFIX/usr/lib64/php/modules [root@host php]# ./configure […] \ --with-imap=shared \ --with-imap-ssl \ --with-openssl=shared \ --with-openssl-dir=/opt/openssl-1.1.0/bin [root@host php]# make [root@host php]# unset PKG_CONFIG_PATH LD_LIBRARY_PATH LDFLAGS [root@host modules]# ldd ./openssl.so | grep -iP 'ssl|crypto' libssl.so.1.1 => /opt/openssl-1.1.0/lib/libssl.so.1.1 (0x00007fc2220a6000) libcrypto.so.1.1 => /opt/openssl-1.1.0/lib/libcrypto.so.1.1 (0x00007fc221c17000) What am I doing wrong? Could this be a bug?

I'm running on Centos 6.2 x86_64 Trying to install ruby 2.1.2 ---> Package libselinux-devel.x86_64 0:2.0.94-5.2.el6 will be installed --> Processing Dependency: libsepol-devel >= 2.0.32-1 for package: libselinux-devel-2.0.94-5.2.el6.x86_64 --> Processing Dependency: pkgconfig(libsepol) for package: libselinux-devel-2.0.94-5.2.el6.x86_64 ---> Package zlib.i686 0:1.2.3-29.el6 will be installed --> Running transaction check ---> Package keyutils-libs.i686 0:1.4-3.el6 will be installed ---> Package libselinux.i686 0:2.0.94-5.2.el6 will be installed ---> Package libsepol-devel.x86_64 0:2.0.41-4.el6 will be installed ---> Package nss-softokn-freebl.i686 0:3.12.9-11.el6 will be installed --> Finished Dependency Resolution Error: Protected multilib versions: openssl-1.0.0-20.el6.i686 != openssl-1.0.1e-16.el6_5.7.x86_64 You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest If I get the installed packages: [root@test tmp]# rpm -qa | grep openssl openssl-1.0.1e-16.el6_5.7.x86_64 openssl098e-0.9.8e-17.el6.centos.x86_64 I didn't see that openssl-1.0.0-20.el6.i686 How can I remove it?

I run dovecot and Postfix and lets encrypt.
When I ssh into my postfix and run openssl for check mail such as:
openssl s_client -crlf -connect mail.pahlevanzadeh.org:995 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = E5 verify return:1 depth=0 CN = pahlevanzadeh.org verify return:1 --- Certificate chain 0 s:CN = pahlevanzadeh.org i:C = US, O = Let's Encrypt, CN = E5 a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA384 v:NotBefore: Jul 3 13:19:48 2025 GMT; NotAfter: Oct 1 13:19:47 2025 GMT 1 s:C = US, O = Let's Encrypt, CN = E5 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: id-ecPublicKey, 384 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDjzCCAxagAwIBAgISBfAG6EnNBxwMyTgidyRdr+nmMAoGCCqGSM49BAMDMDIx CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF NTAeFw0yNTA3MDMxMzE5NDhaFw0yNTEwMDExMzE5NDdaMBwxGjAYBgNVBAMTEXBh aGxldmFuemFkZWgub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErVtD0AA6 BaATfUTG7qWpleN88HHQZ+SmlWlcEMLgYwKa6DPAhHfrHEZAjrU6+mk+lrBdTSpr RuKgOCyOcDYIb6OCAiAwggIcMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUTaP3tk8u 8H1nH/BbBfySDX/nRY8wHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0w MgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAChhZodHRwOi8vZTUuaS5sZW5jci5v cmcvMBwGA1UdEQQVMBOCEXBhaGxldmFuemFkZWgub3JnMBMGA1UdIAQMMAowCAYG Z4EMAQIBMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9lNS5jLmxlbmNyLm9yZy8x MDMuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYA7TxL1ugGwqSiAFfbyyTi OAHfUS/txIbFcA8g3bc+P+AAAAGX0KcM/wAABAMARzBFAiEAzluaHjtzA30ftQDU +Cb5dnH+bXxGkjMD2WehMwyGGjkCIEurvvw15crGFbUFgNsicXHh8bp50KzjwNUU gzzKDX+CAHYAzPsPaoVxCWX+lZtTzumyfCLphVwNl422qX5UwP5MDbAAAAGX0Kcc swAABAMARzBFAiEA3fVi/nyjaImFY6+onDBAI+1+jOieXzyQJUJ0ZEVYWZUCIGSF eP99MnyuXu+5TVK0VKGV+PL6kOw49f5ej7zdZA1DMAoGCCqGSM49BAMDA2cAMGQC MD/W3lbNC5UvdxL2tKGBJtIgSJtapSqe+GUNmZ3zfIw79pKB5DFwy1+EgO3xDzhu pQIwFkI9ZX0vn9SGhEnQ+2C4bopBmzApij454cU8rGNi7WmUMiksVoj0DkxVWbyb LWQL -----END CERTIFICATE----- subject=CN = pahlevanzadeh.org issuer=C = US, O = Let's Encrypt, CN = E5 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 2410 bytes and written 408 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 256 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: DD436BF44CDC6F2C7046EC7A42DE9A97EA379E51902323A34A009F4539FF1B5C Session-ID-ctx: Resumption PSK: C056509B8FCB34CAB041316D294F993D21093841461563833DF5DDC59682FDF8E50A040AF00089B164278E15075BD0BC PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 72 06 8e a4 63 84 11 12-1d 78 ff 11 5f 40 ef d0 r...c....x.._@.. 0010 - 38 3b 02 93 5c e9 ae 5f-bd 74 b4 42 6b 9b 01 cd 8;..\.._.t.Bk... 0020 - e2 05 85 33 55 1b 6f e7-a1 bb 5b f6 fb 95 25 af ...3U.o...[...%. 0030 - a9 1d f3 79 c8 5d b6 10-04 fa ee 5b bf ac c7 bb ...y.].....[.... 0040 - e7 39 5a 49 c3 e4 b1 2d-0d a9 fe cf 5f 18 01 76 .9ZI...-...._..v 0050 - f0 74 31 51 94 36 b8 0f-70 5e 35 8e b4 fc 4a 25 .t1Q.6..p^5...J% 0060 - 75 bc 6e b6 6d 02 2e a1-63 13 a8 ae aa 21 5e 14 u.n.m...c....!^. 0070 - 9e a7 94 95 6f ac 4d df-bb 9b 0d 3a ba a6 37 3a ....o.M....:..7: 0080 - 09 59 26 a9 62 89 e0 f5-4a da 76 8d 41 f9 70 02 .Y&.b...J.v.A.p. 0090 - b6 0c bf 56 76 1a a7 99-a0 86 1c e0 e3 55 7f 2b ...Vv........U.+ 00a0 - 2b 70 b7 ae d3 dd c2 67-fb 2d 61 c3 f7 2f 6f bb +p.....g.-a../o. 00b0 - c0 76 7c a6 16 de 05 3c-16 e3 2a 26 75 30 17 54 .v|..........5.. 0060 - ba 5b 12 2b ff 44 0e e7-52 7a c7 42 5a f1 71 27 .[.+.D..Rz.BZ.q' 0070 - b4 bb d0 44 fe da 63 cf-e4 4e 4d d7 50 1f 09 55 ...D..c..NM.P..U 0080 - ac 92 b1 11 02 63 0d 12-e4 51 13 2c db a9 e8 7e .....c...Q.,...~ 0090 - 54 72 7c eb 35 b9 36 d3-05 7a e6 df 44 b6 7c 78 Tr|.5.6..z..D.|x 00a0 - c3 74 d6 ac 04 a4 9a 6d-6c 46 df 34 80 e0 8f ce .t.....mlF.4.... 00b0 - 52 39 2f 37 ec 43 8c 65-f2 29 d3 7d c0 4d c3 02 R9/7.C.e.).}.M.. 00c0 - a8 fc a5 4d c4 55 77 31-34 20 e5 4a d8 10 95 c6 ...M.Uw14 .J.... 00d0 - a5 25 c3 57 d6 92 df 7a-b7 e3 90 ce 8b 99 e7 8c .%.W...z........ Start Time: 1751891526 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK +OK MDA server ready. It means everything is okey and ready to get USER , PASS and another verbs of POP3 protocol.
In machine B : mohsen@m:~$ openssl s_client -crlf -connect mail.pahlevanzadeh.org:995 40772B28757F0000:error:8000006E:system library:BIO_connect:Connection timed out:../crypto/bio/bio_sock2.c:114:calling connect() 40772B28757F0000:error:10000067:BIO routines:BIO_connect:connect error:../crypto/bio/bio_sock2.c:116: connect:errno=110 And in machine C: mohsen@debian:~$ openssl s_client -crlf -connect mail.pahlevanzadeh.org:995 Connecting to 54.37.192.44 CONNECTED(00000003) depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1 verify return:1 depth=1 C=US, O=Let's Encrypt, CN=E5 verify return:1 depth=0 CN=pahlevanzadeh.org verify return:1 --- Certificate chain 0 s:CN=pahlevanzadeh.org i:C=US, O=Let's Encrypt, CN=E5 a:PKEY: EC, (prime256v1); sigalg: ecdsa-with-SHA384 v:NotBefore: Jul 3 13:19:48 2025 GMT; NotAfter: Oct 1 13:19:47 2025 GMT 1 s:C=US, O=Let's Encrypt, CN=E5 i:C=US, O=Internet Security Research Group, CN=ISRG Root X1 a:PKEY: EC, (secp384r1); sigalg: sha256WithRSAEncryption v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDjzCCAxagAwIBAgISBfAG6EnNBxwMyTgidyRdr+nmMAoGCCqGSM49BAMDMDIx CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF NTAeFw0yNTA3MDMxMzE5NDhaFw0yNTEwMDExMzE5NDdaMBwxGjAYBgNVBAMTEXBh aGxldmFuemFkZWgub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErVtD0AA6 BaATfUTG7qWpleN88HHQZ+SmlWlcEMLgYwKa6DPAhHfrHEZAjrU6+mk+lrBdTSpr RuKgOCyOcDYIb6OCAiAwggIcMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUTaP3tk8u 8H1nH/BbBfySDX/nRY8wHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0w MgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAChhZodHRwOi8vZTUuaS5sZW5jci5v cmcvMBwGA1UdEQQVMBOCEXBhaGxldmFuemFkZWgub3JnMBMGA1UdIAQMMAowCAYG Z4EMAQIBMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9lNS5jLmxlbmNyLm9yZy8x MDMuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYA7TxL1ugGwqSiAFfbyyTi OAHfUS/txIbFcA8g3bc+P+AAAAGX0KcM/wAABAMARzBFAiEAzluaHjtzA30ftQDU +Cb5dnH+bXxGkjMD2WehMwyGGjkCIEurvvw15crGFbUFgNsicXHh8bp50KzjwNUU gzzKDX+CAHYAzPsPaoVxCWX+lZtTzumyfCLphVwNl422qX5UwP5MDbAAAAGX0Kcc swAABAMARzBFAiEA3fVi/nyjaImFY6+onDBAI+1+jOieXzyQJUJ0ZEVYWZUCIGSF eP99MnyuXu+5TVK0VKGV+PL6kOw49f5ej7zdZA1DMAoGCCqGSM49BAMDA2cAMGQC MD/W3lbNC5UvdxL2tKGBJtIgSJtapSqe+GUNmZ3zfIw79pKB5DFwy1+EgO3xDzhu pQIwFkI9ZX0vn9SGhEnQ+2C4bopBmzApij454cU8rGNi7WmUMiksVoj0DkxVWbyb LWQL -----END CERTIFICATE----- subject=CN=pahlevanzadeh.org issuer=C=US, O=Let's Encrypt, CN=E5 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ecdsa_secp256r1_sha256 Peer Temp Key: X25519, 253 bits --- SSL handshake has read 2409 bytes and written 1644 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- I have 2 serious question:
1. Why I have 2 result in 2 machine B and C? 2. Why I can't connect to mail.pahlevanzadeh.org from machine C completely?

I'm trying to install apache2.4.23 on centos 6.8 and i'm getting this : ab.c: In function 'main': ab.c:2398: warning: implicit declaration of function 'SSLv2_client_method' ab.c:2398: warning: assignment makes pointer from integer without a cast ab.c:2412: warning: 'TLSv1_1_client_method' is deprecated (declared at /usr/local/include/openssl/ssl.h:1604) ab.c:2414: warning: 'TLSv1_2_client_method' is deprecated (declared at /usr/local/include/openssl/ssl.h:1610) ab.c:2417: warning: 'TLSv1_client_method' is deprecated (declared at /usr/local/include/openssl/ssl.h:1598) ab.c:2468: warning: implicit declaration of function 'CRYPTO_malloc_init' /usr/share/apr-1/build/libtool --silent --mode=link gcc -std=gnu99 -g -O2 -pthread -L/opt/httpd-2.4.25/lib -lssl -lcrypto -lrt -lcrypt -lpthread \ -o ab ab.lo /usr/lib64/libaprutil-1.la -ldb-4.7 -lexpat -ldb-4.7 /usr/lib/libapr-1.la -lrt -lcrypt -lpthread -lm ab.o: In function `main': /opt/httpd-2.4.25/support/ab.c:2468: undefined reference to `CRYPTO_malloc_init' /opt/httpd-2.4.25/support/ab.c:2398: undefined reference to `SSLv2_client_method' collect2: ld returned 1 exit status make: *** [ab] Erreur 1 make: quittant le répertoire « /opt/httpd-2.4.25/support » make: *** [all-recursive] Erreur 1 make: quittant le répertoire « /opt/httpd-2.4.25/support » make: *** [all-recursive] Erreur I tried installing openssl 1.1.0 and reconfigure the installation of apache with : ./configure --enable-layout=admin --enable-mpms-shared=all --with-ssl=/usr/local/bin/openssl Still getting the same problem, any ideas ?

I want to generate a self-signed certificate with SHA256 or SHA512, but I have problems with it. I have created a script, which should does this automatically: #!/bin/bash set -e echo "WORKSPACE: $WORKSPACE" SSL_DIR=$(pwd)/httpd_ssl_certs OPENSSL_CNF=$(pwd)/openssl.cnf if [ -d "$SSL_DIR" ]; then rm -rvf "$SSL_DIR" fi mkdir -vp "$SSL_DIR" pushd "$SSL_DIR" # check if openssl.cnf exists if [ ! -f "$OPENSSL_CNF" ]; then echo "Could not find $OPENSSL_CNF. Build will be exited." exit 1 fi echo " - create private key" openssl genrsa -out server.key.template 2048 echo " - create signing request" openssl req -nodes -new -sha256 -config $OPENSSL_CNF -key server.key.template -out server.csr.template echo " - create certificate" openssl x509 -req -in server.csr.template -signkey server.key.template -out server.crt.template -extfile $OPENSSL_CNF And I have a openssl.cnf file with configuration for it: [ ca ] default_ca = CA_default [ CA_default ] # how long to certify default_days = 365 # how long before next CRL default_crl_days = 30 # use public key default MD default_md = sha256 # keep passed DN ordering preserve = no policy = policy_anything [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = optional emailAddress = optional [ req ] default_bits = 2048 default_keyfile = server.key.template distinguished_name = req_distinguished_name prompt = no encrypt_key = no # add default_md to [ req ] for creating certificates with SHA256 default_md = sha256 [ req_distinguished_name ] countryName = "AB" stateOrProvinceName = "CD" localityName = "Some town" organizationName = "XXX Y" organizationalUnitName = "XXX Y" commonName = "localhost" emailAddress = "somemail@some.org" When I run the script with this openssl.cnf, then I get a certifiacte, but this certificate is always encrypted with SHA1. I checked it with this command: openssl x509 -in server.crt.template -text -noout | grep 'Signature. I always get this output: Signature Algorithm: sha1WithRSAEncryption Signature Algorithm: sha1WithRSAEncryption Can someone give me a hint, whats false there?

I have the following directory structure: nchambers@nchambers-305E4A-305E5A-305E7A:~/mini-bin$ la 2to3 cpp-5.3.0 gcov-5.3.0 grmid-5.3.0 objcopy-2.25.1 python3.5-config .sources 2to3-3.5 elfedit-2.25.1 gcov-tool-5.3.0 grmiregistry-5.3.0 objdump-2.25.1 python3.5m strings-2.25.1 addr2line-2.25.1 g++-5.3.0 gfortran-5.3.0 gserialver-5.3.0 pydoc python3.5m-config strip-2.25.1 aot-compile-5.3.0 gappletviewer-5.3.0 gij-5.3.0 gtnameserv-5.3.0 pydoc3 python3-config x86_64-unknown-linux-gnu-c++-5.3.0 ar-2.25.1 gc-analyze-5.3.0 gjar-5.3.0 idle pydoc3.5 python-config x86_64-unknown-linux-gnu-g++-5.3.0 .archives gcc-5.3.0 gjarsigner-5.3.0 idle3 python pyvenv x86_64-unknown-linux-gnu-gcc-5.3.0 as-2.25.1 gcc-ar-5.3.0 gjavah-5.3.0 idle3.5 python2 pyvenv-3.5 x86_64-unknown-linux-gnu-gcc-ar-5.3.0 bash gcc-nm-5.3.0 gkeytool-5.3.0 jcf-dump-5.3.0 python2.7 ranlib-2.25.1 x86_64-unknown-linux-gnu-gcc-nm-5.3.0 .binaries gcc-ranlib-5.3.0 gnative2ascii-5.3.0 jv-convert-5.3.0 python2.7-config readelf-2.25.1 x86_64-unknown-linux-gnu-gcc-ranlib-5.3.0 .build gcj-5.3.0 gorbd-5.3.0 ld-2.25.1 python2-config rebuild-gcj-db-5.3.0 x86_64-unknown-linux-gnu-gcj-5.3.0 c++-5.3.0 gcj-dbtool-5.3.0 gprof-2.25.1 ld.bfd-2.25.1 python3 size-2.25.1 x86_64-unknown-linux-gnu-gfortran-5.3.0 c++filt-2.25.1 gcjh-5.3.0 grmic-5.3.0 nm-2.25.1 python3.5 smtpd.py nchambers@nchambers-305E4A-305E5A-305E7A:~/mini-bin$ la .sources/ bash-4.4-beta binutils-2.25.1 boost_1_60_0 gcc-5.3.0 Python-2.7.11 Python-3.5.1 nchambers@nchambers-305E4A-305E5A-305E7A:~/mini-bin$ la .build/ bash-4.4-beta binutils-2.25.1 boost_1_60_0 gcc-5.3.0 Python-2.7.11 Python-3.5.1 nchambers@nchambers-305E4A-305E5A-305E7A:~/mini-bin$ la .binaries/ bash-4.4-beta binutils-2.25.1 boost_1_60_0 gcc-5.3.0 Python-2.7.11 Python-3.5.1 nchambers@nchambers-305E4A-305E5A-305E7A:~/mini-bin$ Generally, tar balls go in .archives, unpacked sources go in .sources, building happens in .build, and the final binaries are store in .binaries. I then symlink the binaries from .binaries to ~/mini-binwhich is on my $PATH.I know its a weird workflow, but it works for me. Anyways, I am looking to rebuild python-2.7.11 (and 3.4.0, but am starting with 2.7.11) from source. It builds fine on my system, but I need it to build with ncurses, readline, ssl, etc support. Do I have to compile these libraries from source? If so, where would I put the libraries? How do I tell python to build with them. Thank you and have a good day!

For at least a week now i have been trying to install Bettercap on my Raspberry PI using gem but whenever i type in: sudo gem install bettercap i receive an error message that says ERROR: While executing gem ... (Gem::Exception) Unable to require openssl, install OpenSSL and rebuild ruby (preferred) or use non-HTTPS sources Every fix that has been suggested to other people yields no results: **Option 1: "http option"** According to the answer by Filippo De Bortoli in this thread on the same issue, disabling the https protocol will solve it. However after running these commands: gem source -r https://rubygems.org/ gem source -a http://rubygems.org/ I still get this error: ERROR: While executing gem ... (Gem::Exception) Unable to require openssl, install OpenSSL and rebuild ruby (preferred) or use non-HTTPS sources **Option 2: rebuild** As suggested by Filippo De Bortoli in the same thread he reinstalled ruby after installing OpenSSL, however my raspbian came with OpenSSL and running sudo apt-get install openssl only confirms i have the latest version. I have also re-built ruby 3 times since i started getting this. **Option 3: install locally** After finding out that you could install the gems locally i installed the source and ran. sudo gem install --local bettercap-1.6.2b.gem and got the output: ERROR: Could not find a valid gem 'em-proxy' (>= 0.1.8, ~> 0.1) in any repository I am guessing since it is only searching the local disk it can not find the dependencies it needs, so i decided to locally install "em-proxy" only to find it needed dependencies, which also needed dependencies. Great. So i decided to leave it for the sake of my sanity and it was overall impractical. ---------- To wrap up, **how do i get rid of this error or at the very least bypass it?** Just in case you wanted to know here is the output of gem -v: 2.4.5 and the output of ruby -v: ruby 2.2.2p95 (2015-04-13 revision 50295) [armv6l-linux-eabihf]

Now I have a cluster with Rocks 5.4 based on CentOS 5.6. When I git push the code to *github.com*, I run into the errors: >error: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version while accessing http://github.com/ related link: https://unix.stackexchange.com/questions/438504/compile-git-to-use-openssl-library-libssl-so-1-0-1/444718#444718 https://githubengineering.com/crypto-removal-notice/ Hope someone give a solution. Thank you very much! Qiang

I have OpenSSL installed from source and linked the GLIB_LIBS and GLIB_CFLAGS to the correct directories during configure and configured with-SSL When I try to start syslog-ng (Version 3.6.4) on Ubuntu Server 14.04, I get the following errors: [2017-04-20T12:39:18.252222] Error opening plugin module; module='afsocket', error='/linux1/lib/syslog-ng/libsyslog-ng-crypto.so: undefined symbol: SSL_library_init' [2017-04-20T12:39:18.253205] Error opening plugin module; module='dbparser', error='/linux1/lib/syslog-ng/libsyslog-ng-crypto.so: undefined symbol: SSL_library_init' [2017-04-20T12:39:18.255387] Error opening plugin module; module='afsocket-tls', error='/linux1/lib/syslog-ng/libsyslog-ng-crypto.so: undefined symbol: SSL_library_init' [2017-04-20T12:39:18.256429] Error opening plugin module; module='cryptofuncs', error='/linux1/lib/syslog-ng/libsyslog-ng-crypto.so: undefined symbol: SSL_library_init' [2017-04-20T12:39:18.256964] Error opening plugin module; module='syslog-ng-crypto', error='/linux1/lib/syslog-ng/libsyslog-ng-crypto.so: undefined symbol: SSL_library_init'

## Context I am trying to build a small demo application that passes data between RTI DDS Connext topics and Kafka topics. This involves running RTI's Routing Service utility, which in turn runs a [kafka adapter] also provided by RTI. When I run the routing service application, I get the following error: librtikafkaadapter.so: /lib64/libldap.so.2: undefined symbol: EVP_md2, version OPENSSL_3.0.0 ## Question How do I get this kafka adapter to work with the version of OpenSSL that I have on my OS (Rocky 9.5, OpenSSL 3.2.2)? ## What I've Tried Through many hours of googling, I have been lead to believe that my OS (Rocky 9.5) uses a version of OpenSSL that has deprecated the use of this EVP_md2 algorithm. To fix this, I edited the /etc/ssl/openssl.cnf file to enable legacy providers, and verified in two different ways that legacy support is enabled: Firstly, I run openssl list -providers and see the support is activated:

Providers:
  default
    name: OpenSSL Default Provider
    version: 3.2.2
    status: active
  legacy
    name: OpenSSL Legacy Provider
    version: 3.2.2
    status: active

Second, I found (thanks google) that I can call the md2 algorithm from the command line: echo -n "aaa" | openssl md2 -provider legacy I then re-built the RTI kafka adapter library, but still receive the same error. I don't understand why I can run this md2 algorithm from the command line but that the code for this adapter can't call it. I have also tried installing a so-called compatibility engine compat-openssl11 that is supposed to provide backwards compatibility for old applications running on systems with newer versions of OpenSSL, but that also did not work. Any help would be appreciated. **Edit: Information requested in comments** rpm/dnf version of openldap: 2.6.6-3.el9

I'm trying to create an SSL certificate using the following command on Rocky Linux:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/shaserver.bungkus.org.key -out /etc/pki/tls/certs/shaserver.bungkus.org.pem

However, I’m getting the following errors:

Error: No object specified in config file

and

Error making certificate request

**Debian 8 Jessie, OpenSSL version 1.1.0, cURL version: 7.50.2** I am trying to build curl on a Linux Debian system. All stages go well up until trying to build with make command. The linking stage fails with the following error below: CC ../lib/curl-nonblock.o CC ../lib/curl-warnless.o CCLD curl ../lib/.libs/libcurl.so: undefined reference to 'RAND_egd' collect2: error: ld returned 1 exit status Makefile:771: recipe for target 'curl' failed make: *** [curl] Error 1 RAND_egd function is part of the OpenSSL library so I ran ldd on the libcurl.so file to make sure the OpenSSL library is found, and it is judging by the output from ldd below. linux-vdso.so.1 (0x00007ffceb5a1000) libnghttp2.so.14 => /usr/lib/x86_64-linux-gnu/libnghttp2.so.14 (0x00007ff9ffc05000) libidn.so.11 => /usr/lib/x86_64-linux-gnu/libidn.so.11 (0x00007ff9ff9d1000) libssh2.so.1 => /usr/lib/x86_64-linux-gnu/libssh2.so.1 (0x00007ff9ff7a8000) libssl.so.1.1 => /usr/local/lib/libssl.so.1.1 (0x00007ff9ff53a000) libcrypto.so.1.1 => /usr/local/lib/libcrypto.so.1.1 (0x00007ff9ff0af000) liblber-2.4.so.2 => /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2 (0x00007ff9feea0000) libldap_r-2.4.so.2 => /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 (0x00007ff9fec4e000) libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007ff9fea33000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007ff9fe688000) libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007ff9fe3a6000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007ff9fe1a2000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007ff9fdf85000) libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007ff9fdd6e000) libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007ff9fdb52000) libgnutls-deb0.so.28 => /usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28 (0x00007ff9fd833000) /lib64/ld-linux-x86-64.so.2 (0x00007ffa0009e000) libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007ff9fd621000) libp11-kit.so.0 => /usr/lib/x86_64-linux-gnu/libp11-kit.so.0 (0x00007ff9fd3db000) libtasn1.so.6 => /usr/lib/x86_64-linux-gnu/libtasn1.so.6 (0x00007ff9fd1c7000) libnettle.so.4 => /usr/lib/x86_64-linux-gnu/libnettle.so.4 (0x00007ff9fcf95000) libhogweed.so.2 => /usr/lib/x86_64-linux-gnu/libhogweed.so.2 (0x00007ff9fcd66000) libgmp.so.10 => /usr/lib/x86_64-linux-gnu/libgmp.so.10 (0x00007ff9fcae3000) libffi.so.6 => /usr/lib/x86_64-linux-gnu/libffi.so.6 (0x00007ff9fc8db000) So the library is there. I also checked the rand.h file in the include directory of OpenSSL and of course the function declaration is there, so it should be defined in the library. How can I find the cause of and resolve this error?

I have a RHEL 9 server and our vulnerability scanner found the following two cipher suites on the server which we need to disable. TLS 1.2 ciphers: - TLS_RSA_WITH_AES_256_CCM - TLS_RSA_WITH_AES_256_GCM_SHA384 I'm having trouble on finding where to actually find these or disable them. I'm not very experienced in Linux. As far as I know, this is not a web server. I checked the below locations: - The /etc/crypto-policies/config file just lists FUTURE. - Output of the command update-crypto-policies --show is FUTURE - /etc/crypto-policies/policies/ lists nothing except a modules folder which also lists nothing. - /etc/crypto-policies/state has a file called CURRENT.pol with the following info:

# Policy FUTURE dump
#
# Do not parse the contents of this file with automated tools,
# it is provided for review convenience only.
#
# Baseline values for all scopes:
cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CTR
group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192
hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHAKE-256
key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS
mac = AEAD HMAC-SHA2-256 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512
protocol =
sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512
arbitrary_dh_groups = 1
min_dh_size = 3072
min_dsa_size = 3072
min_rsa_size = 3072
sha1_in_certs = 0
ssh_certs = 1
min_ec_size = 256
etm = ANY
__ems = DEFAULT
# Scope-specific properties derived for select backends:
cipher@gnutls = AES-256-GCM AES-256-CCM CHACHA20-POLY1305
protocol@gnutls = TLS1.3 TLS1.2 DTLS1.2
cipher@java-tls = AES-256-GCM AES-256-CCM CHACHA20-POLY1305
protocol@java-tls = TLS1.3 TLS1.2 DTLS1.2
cipher@krb5 = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC
mac@krb5 = HMAC-SHA2-384 HMAC-SHA2-256 AEAD UMAC-128 HMAC-SHA2-512
protocol@libreswan = IKEv2
cipher@nss = AES-256-GCM AES-256-CCM CHACHA20-POLY1305
protocol@nss = TLS1.3 TLS1.2 DTLS1.2
cipher@openssl = AES-256-GCM AES-256-CCM CHACHA20-POLY1305
protocol@openssl = TLS1.3 TLS1.2 DTLS1.2

This is the only file I see that lists ciphers and other information. I tried commenting out AES-256-GCM and AES-256-CCM in the cipher statement and restarted the server. But the vulnerability scanner is still recognizing those two cipher suites. I tried the same thing cipher@openssl statement as well. Appreciate any help on disabling these ciphers.

Having TLS certificate in local file, I can display its details using syntax like: openssl x509 -text -noout -in cert_filename Is there any way to display remote SMTP/POP3/HTTP server's TLS certificate in this same format in bash terminal?

According to the [Apache docs](http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslciphersuite) I can configure the cipher suite with (a.o.) two different keywords and examples on Internet often use both (but not necessarily identical to below example). What is the difference between SSLProtocol and SSLCipherSuite, should I use them either or both? SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ALL:!SSLv2:!SSLv3 Or is it better to list individual ciphers for SSLCipherSuite? SSLCipherSuite ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:RC4-SHA ... Are both keywords fundamentally different in what they configure? I have this feeling I am overlooking something essential here. Above configurations are not necessarily good practice, they're just an example to explain my doubt.

I have configured my openldap server in ldaps mode. But after configuring I am not able to connect it on 636 port where as I am able to connect on 389 port [root@testldap certs]# ldapsearch -x -LLL -h testldap.india.airwave.com -p 636 -D cn=Manager,dc=india,dc=airwave,dc=com -w whopee -b "ou=Users,dc=india,dc=airwave,dc=com" ldap_result: Can't contact LDAP server (-1) [root@testldap certs]# ldapsearch -x -LLL -h testldap.india.airwave.com -p 389 -D cn=Manager,dc=india,dc=airwave,dc=com -w whopee -b "ou=Users,dc=india,dc=airwave,dc=com" dn: ou=users,dc=india,dc=airwave,dc=com objectClass: organizationalUnit ou: users dn: cn=Sandeep Lade,ou=users,dc=india,dc=airwave,dc=com cn: Sandeep Lade sn: Lade objectClass: inetOrgPerson userPassword:: d2hvcGVl uid: vlade dn: cn=Engineering,ou=users,dc=india,dc=airwave,dc=com cn: Engineering objectClass: groupOfNames member: cn=Sandeep Lade,ou=users,dc=india,dc=airwave,dc=com Both 389 and 636 are listening [root@testldap certs]# netstat -an | grep 389 tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN tcp 0 0 :::389 :::* LISTEN unix 2 [ ] DGRAM 19389 [root@testldap certs]# netstat -an | grep 636 tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN tcp 0 0 :::636 :::* LISTEN unix 3 [ ] STREAM CONNECTED 13636 [root@testldap certs]# Able to connect to 636 port using openssl connect [root@localhost sandeeplade]# openssl s_client -connect 10.22.156.157:636 -showcerts -CAfile cacert.pem CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 307 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1516769274 Timeout : 300 (sec) Verify return code: 0 (ok) --- [root@localhost sandeeplade]# ldap.conf file [root@testldap certs]# cat /etc/openldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never PORT 636 #TLS_CACERTDIR /etc/openldap/certs TLS_CACERTDIR /etc/openldap/certs TLS_REQCERT allow ssl start_tls tls_checkpeer yes tls_cacertfile /etc/openldap/certs/cacert.pem [root@testldap certs]# slapd.conf file [root@testldap certs]# cat /etc/openldap/slapd.conf TLSCACertificateFile /etc/openldap/certs/cacert.pem TLSCertificateFile /etc/openldap/certs/server.crt TLSCertificateKeyFile /etc/openldap/certs/server.key # Use the following if client authentication is required #TLSVerifyClient demand # ... or not desired at all TLSVerifyClient never [root@testldap certs]# certificates are available in /etc/openldap/certs and they are generated using openssl [root@testldap certs]# cd /etc/openldap/certs/ [root@testldap certs]# ls -lrt total 96 -r--------. 1 root root 45 Jan 23 21:59 password -rw-r--r--. 1 root root 16384 Jan 23 21:59 secmod.db -rw-r--r--. 1 root root 65536 Jan 23 21:59 cert8.db -rw-r--r--. 1 root root 16384 Jan 23 21:59 key3.db -rw-------. 1 ldap ldap 1743 Jan 23 23:57 server.key.pass -rw-r--r--. 1 root root 1094 Jan 23 23:59 server.csr -rw-r--r--. 1 root root 4718 Jan 24 00:02 server.crt -rw-r--r--. 1 root root 1675 Jan 24 00:38 server.key -rw-r--r--. 1 root root 4537 Jan 24 05:18 cacert.pem [root@testldap certs]# ldaps enabled in /etc/sysconfig/ldap [root@testldap certs]# cat /etc/sysconfig/ldap # Options of slapd (see man slapd) #SLAPD_OPTIONS= # At least one of SLAPD_LDAP, SLAPD_LDAPI and SLAPD_LDAPS must be set to 'yes'! # # Run slapd with -h "... ldap:/// ..." # yes/no, default: yes SLAPD_LDAP=yes # Run slapd with -h "... ldapi:/// ..." # yes/no, default: yes SLAPD_LDAPI=yes # Run slapd with -h "... ldaps:/// ..." # yes/no, default: no SLAPD_LDAPS=yes # Run slapd with -h "... $SLAPD_URLS ..." # This option could be used instead of previous three ones, but: # - it doesn't overwrite settings of $SLAPD_LDAP, $SLAPD_LDAPS and $SLAPD_LDAPI options # - it isn't overwritten by settings of $SLAPD_LDAP, $SLAPD_LDAPS and $SLAPD_LDAPI options # example: SLAPD_URLS="ldapi:///var/lib/ldap_root/ldapi ldapi:/// ldaps:///" # default: empty #SLAPD_URLS="" # Maximum allowed time to wait for slapd shutdown on 'service ldap stop' (in seconds) #SLAPD_SHUTDOWN_TIMEOUT=3 # Parameters to ulimit, use to change system limits for slapd #SLAPD_ULIMIT_SETTINGS="" [root@testldap certs]# I am struggling to get the openldap worked from past two days. Any help is highly appreciated

I am trying to use afl-fuzz with openssl in Ubuntu. A normal usage of afl-fuzz would be: afl-gcc test.c //-- this will produce a.out mkdir testcases echo "Test case here." > testcases/case1 afl-fuzz -i testcases -o findings ./a.out Now for openssl it would be something like: afl-gcc ./config make //-- not sure of this :) afl-fuzz -i test -o findings where "test" is the folder with testcases for openssl My question is what is the parameter for "exe_name" for openssl? And please correct me if i'm wrong with the rest of the code. Thank you