OPENSSLDIR path is not the same after applying openssl patch for Access Gateway
search cancel

OPENSSLDIR path is not the same after applying openssl patch for Access Gateway

book

Article ID: 369850

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

Access Gateway's Openssl upgraded based on KB -->  https://knowledge.broadcom.com/external/article?articleNumber=280151

After upgrade,  when running openssl version -a, the OPENSSLDIR is not the same 

* Older version --> OPENSSLDIR: "/etc/pki/tls"    (prior of upgrading the openssl )

* New Version --> OPENSSLDIR: "/tmp/openssl-1.0.2zj/Release/ssl" (after  upgrading the openssl )

Environment

12.8.x Access Gateway 

Cause

The Openssl delivered with the Access Gateway and within the Patch from the KB are compiles exactly the same which means the OPENSSLDIR will point to the /tmp directory.

The OPENSSLDIR: "/etc/pki/tls" from the Results hints that the Redhat openssl is the one being picked up from the command line.

Resolution

Please use the Full path of the Access Gateway's openssl when checking the version as follows 

full_path_of_AG/SSL/bin/openssl version -a   to ensure you are checking the correct openssl version.