On 27.10.2017 10:07, @lbutlr wrote:
On Oct 27, 2017, at 12:33 AM, Aki Tuomi aki.tuomi@dovecot.fi wrote:
On 27.10.2017 00:53, krzf83@gmail.com wrote:
I got multiple versions of openssl in my system. I compile dovecot with PKG_CONFIG_PATH=/usr/openssl-1.0.2l-fpic/lib/pkgconfig ./configure
How do I check which version of openssl got compiled in? configure script does not show version. There seem to be no way to check it in compiled binary (?)
My dovecot is still seen vulnerable by tls testing tools so I'm guessing wrong version of openssl got compiled it but there seem to be no way to check it. You can check with ldd /usr/lib/dovecot/imap-login (or libexec)
Just check which SSL library has been linked to it. That is not immediately helpful, though.
libssl.so.9 => /usr/local/lib/libssl.so.9 (0x28313000
No version info there…
I was kinda assuming you'd know which library it should link into. But..
$ strings /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 | grep OpenSSL OpenSSLDie SSLv3 part of OpenSSL 1.0.1t 3 May 2016 TLSv1 part of OpenSSL 1.0.1t 3 May 2016 DTLSv1 part of OpenSSL 1.0.1t 3 May 2016 OpenSSL 1.0.1t 3 May 2016
works at least for me. maybe this helps you?
Aki