Please i have one more question.
Suppose we have AIX 7.1 partition on wich we have
openssl-1.0.1g-1 package.
We are working on AIX 7.2 migration.
When the AIX 7.2 will be successfull we will install YUM packages.
We know we will have to remove the
openssl-1.0.1g-1 package.
What is the best practise ? Should we remove the openssl-1.0.1g-1 package BEFORE or AFTER AIX 7.2 migration ?And what about the open ssl configuration file ?arcci064(root) /var/ssl #
arcci064(root) /var/ssl #
oslevel -s7100-03-06-1543arcci064(root) /var/ssl #
arcci064(root) /var/ssl #
rpm -qi opensslName : openssl Relocations: (not relocateable)
Version :
1.0.1g Vendor: (none)
Release : 1 Build Date: Tue Apr 8 18:49:04 DFT 2014
Install date: Wed Jul 9 16:48:39 DFT 2014 Build Host: aix51.perzl.org
Group : System Environment/Libraries Source RPM: openssl-1.0.1g-1.src.rpm
Size : 56530184 License: OpenSSL License
URL :
http://www.openssl.org/Summary : Secure Sockets Layer and cryptography libraries and tools
Description :
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols as well as a full-strength general purpose cryptography library.
The project is managed by a worldwide community of volunteers that use the
Internet to communicate, plan, and develop the OpenSSL tookit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
and Tim J. Hudson. OpenSSL is licensed under the OpenSSL License, included in
this package.
This package contains the base OpenSSL cryptography and SSL/TLS libraries and
tools.
You should also install a pseudo-random number generator such as EGD or prngd
if you do not have a /dev/urandom and /dev/random.
The library is available as 32-bit and 64-bit.
arcci064(root) /var/ssl #
arcci064(root) /var/ssl #
arcci064(root) /var/ssl #
lslpp -l | grep -i openssl openssl.base 1.0.1.513 COMMITTED Open Secure Socket Layer
openssl.license 1.0.1.513 COMMITTED Open Secure Socket License
openssl.man.en_US 1.0.1.513 COMMITTED Open Secure Socket Layer
openssl.base 1.0.1.513 COMMITTED Open Secure Socket Layer
arcci064(root) /var/ssl #
arcci064(root) /var/ssl #
arcci064(root) /var/ssl #
ls -rtltotal 24
drwxr-x--- 2 root system 256 Apr 08 2014 private
drwxr-xr-x 2 root system 256 Apr 08 2014 certs
-rw-r--r-- 1 root system 11485 Jul 09 2014 openssl.cnfdrwxr-xr-x 2 root system 256 Apr 26 2017 misc
arcci064(root) /var/ssl #
------------------------------
christophe derouet
------------------------------
Original Message:
Sent: Mon June 29, 2020 09:21 AM
From: christophe derouet
Subject: open ssl configuration file ?
Hello Sanket,
We got the open ssl config file from another AIX 7.2 LPAR.
Our development team says it is ok now.
But you mean we may have more missing files ?
------------------------------
christophe derouet
Original Message:
Sent: Mon June 29, 2020 09:11 AM
From: SANKET RATHI
Subject: open ssl configuration file ?
I think best is you install/re-install latest openssl fileset. It is available at following location.
https://www-01.ibm.com/marketing/iwm/mrs/packageList?source=aixbp&lang=en_IN
------------------------------
SANKET RATHI
Original Message:
Sent: Mon June 29, 2020 06:46 AM
From: christophe derouet
Subject: open ssl configuration file ?
Our AIX LPAR adcci034 has been migrated in AIX 7.2
Before migration the package openssl-1.0.1e-2.ppc was installed.
After migration the package openssl-1.0.1e-2.ppc was still available.
Then i started working on the new installation of YUM.
Then i had to remove the openssl-1.0.1e-2.ppc package. Because we have to use open ssl AIX fileset.
This is where our troubles start i think !
------------------------------
christophe derouet
Original Message:
Sent: Mon June 29, 2020 06:31 AM
From: christophe derouet
Subject: open ssl configuration file ?
Can this file /var/ssl/openssl.cnf be suppressed when removing open ssl rpm package ?
adcci034(root) /var/ssl # ls -rtl
total 80
-rw-r--r-- 1 root system 10023 Jun 13 2014 openssl.cnf.rpmorig
drwxr-xr-x 2 root system 28672 Jun 24 09:26 certs
adcci034(root) /var/ssl #
------------------------------
christophe derouet
Original Message:
Sent: Mon June 29, 2020 06:29 AM
From: christophe derouet
Subject: open ssl configuration file ?
Hello Ayappan,
I have the following error :
adcci034(root) / # /usr/bin/openssl version -a
WARNING: can't open config file: /var/ssl/openssl.cnf
OpenSSL 1.0.2r 26 Feb 2019
built on: reproducible build, date unspecified
platform: aix-xlc_r
options: bn(64,32) rc4(ptr,char) des(idx,cisc,2,long) blowfish(idx)
compiler: cc -I. -I.. -I../include -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -DSSL_ALLOW_ADH -DAIXSSL_IBM_VERSION=1.0.2.1800 -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM
OPENSSLDIR: "/var/ssl"
adcci034(root) / #
adcci034(root) / #
adcci034(root) / # lslpp -l | grep -i openssl
openssl.base 1.0.2.1801 COMMITTED Open Secure Socket Layer
openssl.license 1.0.2.1801 COMMITTED Open Secure Socket License
openssl.man.en_US 1.0.2.1801 COMMITTED Open Secure Socket Layer
openssl.base 1.0.2.1801 COMMITTED Open Secure Socket Layer
adcci034(root) / #
What is wrong on our side ? Did me missed something ?
------------------------------
christophe derouet
Original Message:
Sent: Mon June 29, 2020 04:25 AM
From: Ayappan P
Subject: open ssl configuration file ?
" /usr/bin/openssl version -a " shows OPENSSLDIR: "/var/ssl"
So it should be /var/ssl/openssl.cnf
------------------------------
Ayappan P
Original Message:
Sent: Mon June 29, 2020 04:10 AM
From: christophe derouet
Subject: open ssl configuration file ?
Hello,
We know we have to work with the openssl AIX fileset NOT with the "old" open ssl rpm package.
Could you confirm what is the name of the openssl configuration file we have to use please ?
Have a nice day,
------------------------------
christophe derouet
------------------------------