You can check with ldd /usr/lib/dovecot/imap-login (or libexec)
No, I cant because I'm compiling dovecot with openssl compiled as FPIC which means that its not getting dynamicly linked.
When I try to compile against non-fpic openssl I just got
/usr/openssl-1.0.2l/lib/libssl.a(s23_srvr.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
2017-10-27 8:33 GMT+02:00 Aki Tuomi <aki.tuomi@dovecot.fi>:
On 27.10.2017 00:53, krzf83@gmail.com wrote:
I got multiple versions of openssl in my system. I compile dovecot with PKG_CONFIG_PATH=/usr/openssl-1.0.2l-fpic/lib/pkgconfig ./configure
How do I check which version of openssl got compiled in? configure script does not show version. There seem to be no way to check it in compiled binary (?)
My dovecot is still seen vulnerable by tls testing tools so I'm guessing wrong version of openssl got compiled it but there seem to be no way to check it. You can check with ldd /usr/lib/dovecot/imap-login (or libexec)
Just check which SSL library has been linked to it.
Aki