Bug 44817 – openssl not working as expected

Bug 44817 - openssl not working as expected


Summary:	openssl not working as expected

Status:	RESOLVED WORKSFORME

Product:	UCS
Classification:	Unclassified
Component:	Third party
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:	UCS maintainers

URL:
Keywords:

Depends on:	44751
Blocks:
	Show dependency tree / graph

Reported:	2017-06-19 13:42 CEST by Mathias Radtke
Modified:	2017-06-20 12:04 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	6: Setup Problem: Issue for the setup process
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	5: Blocking further progress on the daily work
User Pain:	0.171
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mathias Radtke 2017-06-19 13:42:07 CEST

Hi
Currently we from uib are trying to install our client agent on an UCS4.2 system

We need to create a certificate for this task. The following command is executed
openssl req -new -x509 -days 1000 -nodes -config /tmp/opsiclientd.cert.conf -out /etc/opsi-client-agent/opsiclientd.pem -keyout /etc/opsi-client-agent/opsiclientd.pem

This is the output of this command

 openssl: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0: version `OPENSSL_1.0.1s' not found (required by openssl) 

dpkg-l | grep openssl

ii  libcrypt-openssl-random-perl 0.04-2+b1                                      amd64        module to access the OpenSSL pseudo-random number generator
ii  libgnutls-openssl27:amd64 3.3.8-6+deb8u4                                 amd64        GNU TLS library - OpenSSL wrapper
ii  libxmlsec1-openssl 1.2.20-2+b1                                    amd64 Openssl engine for the XML security library
ii  openssl 1.0.2k-1~bpo8+1A~4.2.0.201706081143            amd64        Secure Sockets Layer toolkit - cryptographic utility
ii  openssl-blacklist 0.5-3.19.201403211036                          all Blacklists for  OpenSSL RSA keys and tools
ii  python-openssl 0.14-1                                         all          Python 2 wrapper around the OpenSSL library

Comment 1 Philipp Hahn

2017-06-20 12:04:55 CEST

Works-for-me:
 DEFAULT_CRL_DAYS=30 DEFAULT_MD=sha512 DEFAULT_BITS=2048 openssl req -new -x509 -days 1000 -nodes -config /etc/univention/ssl/$HOSTNAME/openssl.cnf -out /tmp/req.pem -keyout /tmp/key.pem

Please make sure that you also updated "libssl1.0.0":

# dpkg-query -W openssl libssl1.0.0
libssl1.0.0:amd64       1.0.2k-1~bpo8+1A~4.2.0.201706081143
openssl 1.0.2k-1~bpo8+1A~4.2.0.201706081143

# apt-cache policy libssl1.0.0 openssl
libssl1.0.0:
  Installiert:           1.0.2k-1~bpo8+1A~4.2.0.201706081143
  Installationskandidat: 1.0.2k-1~bpo8+1A~4.2.0.201706081143
  Versionstabelle:
 *** 1.0.2k-1~bpo8+1A~4.2.0.201706081143 0
        500 http://updates.software-univention.de/4.2/maintained/component/ 4.2-0-errata/amd64/ Packages
        100 /var/lib/dpkg/status
...
openssl:
  Installiert:           1.0.2k-1~bpo8+1A~4.2.0.201706081143
  Installationskandidat: 1.0.2k-1~bpo8+1A~4.2.0.201706081143
  Versionstabelle:
 *** 1.0.2k-1~bpo8+1A~4.2.0.201706081143 0
        500 http://updates.software-univention.de/4.2/maintained/component/ 4.2-0-errata/amd64/ Packages
        100 /var/lib/dpkg/status

If the error persists, please re-open this bug and attach the following output:

 command -v openssl
 dpkg-query -W openssl libssl[^-]\*
 ldd /usr/bin/openssl
 md5sum /usr/bin/openssl /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0