Upgrading OpenSSL 0.9.7e-p1 to 0.9.8i: What precautions should I take prior to upgrade? What are the procedures to upgrade?


    I have recently been assigned the job of upgrading OpenSSL0.9.7e-p1 to 0.9.8i on our FreeBSD 5.5 server. Apache 2.2.3 is currently running as well as Perl 5.8.8 with mod_perl2 2.000003. It looks as though the keys are self-assigned. Openssh version: OpenSSH_3.8.1p1 FreeBSD-20060123

    What precautions are needed prior to upgrading OpenSSL?

    Does Apache 2.2.3 need to be upgraded as well?

    Does mod_perl have to be upgraded as well?

    What commands do I need to perform to upgrade OpenSSL?

    Thank you in advance.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

1) upgrade sources using csup (Which is not present in outdated 5.x and you should install cvsup)
supfile could look like this:
*default host=cvsup.freebsd.org
*default base=/usr
*default prefix=/usr
*default release=cvs delete use-rel-suffix compress
*default tag=RELENG_5

ports-all tag=RLEASE_5_EOL

2) after you are done:
pkg_add -r portupgrade
portupgrade -r portupgrade
portupgrade -Rf openssl  

You can install openssl from ports and it will be of 0.9.8 series. Basically 0.9.7->0.9.8 update requires everything depending on it to be rebuilt
Given EOL status of 5.x let me suggest updating (via clean reinstall) to 7.x. Once you get to 7.x or 6.x replace ports-all tag=. to get latest ports. Otherwise they will contain all the security holes over last year as evident when you install portaudit and run portaudit -Fda

Some more commands for your for experts' entertainment:
pkg_info -R openssl
openssl version
uname -a
http -V
perl -V
supercell29Author Commented:
Well, unfortunately the admin prior did not use ports! Not sure why, but he didn't.


pkg_info -R openssl :  pkg_info: can't find package 'openssl' installed or in a file!

openssl version : OpenSSL 0.9.7e-p1 25 Oct 2004

uname -a : FreeBSD (fqdn) 5.5-RELEASE FreeBSD 5.5-RELEASE #0: Tue Dec 19 11:54:59 CST 2006    email @ fqdn :/usr/src/sys/i386/compile/ZXYNG01  i386

http -V : http: Command not found.

perl -V : (see attachment)

There is a lot running on this server presently: 40G MySQL database, RT ticketing, mrtg, PHP MyAdmin and NO ports! Sounds as though this won't be a very easy process! :(

Actually then it does not matter if you install some sort of Linux with all used packages included or install fresh FreeBSD.

1) thats normal
2) system's default openssl, replacing that will break ssh and leave you out for good.
3) -RELEASE means: never patched sources.
4) my misspelling - httpd -V
5) Thanks, normal perl without exotic wonders.

If you can afford 3-4 hours of downtime and somebody to look over your shoulder (like Windows admin) reinstall is easy:
0) choose system: ubuntu server or opensuse or mandriva or freebsd
1) create some tar backup of unique data.
2) use g4u to transfer disk image to FTP server
3) Install recent OS in minimalistic configuration
4) Install packages you know and restore data from copies (1)
5) if (4) fails - use loop mount over NFS or SMB and copy files over from old system
6) If hopeless after planned time - restore (2)

Or alternatively bring apps one by one to new server with maintainable OS...
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

supercell29Author Commented:
So g4u "ghosts" any OS including FreeBSD?

httpd -V gives the same result:

httpd -V httpd: Command not found.

I will have to test g4u on a test server before trying this on a live ticketing system.

You have to test your FTP server with files >4GB

I just wanted to know if apache is "worker" or "prefork" type
supercell29Author Commented:
Is there any other way of checking this?

I will check my FTP for files >4GB.

Thank you.
To check apache you have to look at its startup scripts, at ps auxww, locate httpd, locate error.log and so on.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.