Bosse_B
Posts: 1136
Joined: Thu Jan 30, 2014 9:53 am

Copying openssl from one Rpi to another?

Wed May 05, 2021 9:20 pm

I have a program that is supposed to be able to send email with SSL connection to the mailserver on port 665.
But it requires openssl 1.0.1 and this can not be installed anymore via apt AFAIK.
I have located one of my RPi units, which has not been updated in some time and on this device openssl is version 1.0.1t

Question:
Is it possible to copy openssl from this older RPi and place it on the newer RPi so that the program will find it?
On windows what could be done is to place the openssl dll files in the same dir as the executable itself, but this may be different on Linux?
If it can be copied over, then which files should be moved and to what location on the new RPi? (Preferably only the old program should use the old openssl)
Bo Berglund
Sweden

pidd
Posts: 2051
Joined: Fri May 29, 2020 8:29 pm
Location: Wirral, UK
Contact: Website

Re: Copying openssl from one Rpi to another?

Thu May 06, 2021 1:41 am

What operating system are you using?

Heater
Posts: 18201
Joined: Tue Jul 17, 2012 3:02 pm

Re: Copying openssl from one Rpi to another?

Thu May 06, 2021 4:42 am

Openssl 1.0.1 famously has the Heartbleed bug which is a major security vulnerability.
https://en.wikipedia.org/wiki/OpenSSL
https://heartbleed.com/

As such downgrading to that ancient version of OpenSSL seems like a really bad idea.

Whatever mysterious program you have that demands using OpenSSL 1.0.1 should not be used for anything.

What is it by the way? And is there any chance of getting it's developers to fix it?
Memory in C++ is a leaky abstraction .

User avatar
rpdom
Posts: 18696
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Copying openssl from one Rpi to another?

Thu May 06, 2021 6:11 am

Heater wrote:
Thu May 06, 2021 4:42 am
Openssl 1.0.1 famously has the Heartbleed bug which is a major security vulnerability.
Versions later than 1.0.1f are not vulnerable to Heartbleed.
Unreadable squiggle

Bosse_B
Posts: 1136
Joined: Thu Jan 30, 2014 9:53 am

Re: Copying openssl from one Rpi to another?

Thu May 06, 2021 6:53 am

pidd wrote:
What operating system are you using?
The target RPi3 is running the latest Pi-OS.
The source RPi3 is running this:

Code: Select all

$ lsb_release -a
Distributor ID: Raspbian
Description:    Raspbian GNU/Linux 8.0 (jessie)
Release:        8.0
Codename:       jessie
Heater wrote:
Whatever mysterious program you have that demands using OpenSSL 1.0.1 should not be used for anything.
What is it by the way? And is there any chance of getting it's developers to fix it?
So the program is an environment monitoring program I have ported from Windows where it was developed back in 2004 using Delphi (ObjectPascal).
It was untenable to keep it on Windows since MS is constantly changing the base.
So I have used FreePascal with the Lazarus IDE to port it over to the Rpi.
The problem arose when I did a test run where the monitor result was going to be emailed as a zipfile.
The email server I used for the SMTP send is on my ISP and requires an SSL connection with user login to accept a send.
So I enabled SSL in the mailer function in the code, but when I run the test I get an exception where it cannot load openssl.
After some investigation in the FreePascal community I found that the latest supported openssl version is 1.0.2, so that is why it fails.
I have looked at all of my accessible RPi units and found the one that has a compatible openssl installed. It is:

Code: Select all

$ openssl version -v
OpenSSL 1.0.1t  3 May 2016
So this is why I am asking how to extract the openssl from this RPi and put it on my development machine.
It should be done such that only the ported application uses it.
rpdom wrote:
Heater wrote: ↑2021-05-06 06:42:53
Openssl 1.0.1 famously has the Heartbleed bug which is a major security vulnerability.

Versions later than 1.0.1f are not vulnerable to Heartbleed.
Exactly, and since the version I want to extract is later than that it does not contain the vulnerability...

So back to the issue:
Which files do I extract from where and which destination can I use to make the compiled application use this version of openssl?
I have located openssl itself here: /usr/bin/openssl
So I copied it over and tried to run it but it complained about not finding a libssl* file
So I searched for it:

Code: Select all

$ find /usr/ -name "libssl*"
/usr/lib/arm-linux-gnueabihf/libssl3.so
/usr/lib/arm-linux-gnueabihf/libssl.so
/usr/lib/arm-linux-gnueabihf/libssl.a
/usr/lib/arm-linux-gnueabihf/pkgconfig/libssl.pc
/usr/lib/arm-linux-gnueabihf/libssl.so.1.0.0
/usr/share/doc/libssl-doc
/usr/share/doc/libssl-dev
/usr/share/doc/libssl1.0.0
Then I did:

Code: Select all

$ ls -la /usr/lib/arm-linux-gnueabihf/libssl.so*
lrwxrwxrwx 1 root root     15 Sep 26  2019 /usr/lib/arm-linux-gnueabihf/libssl.so -> libssl.so.1.0.0
-rw-r--r-- 1 root root 300868 Sep 26  2019 /usr/lib/arm-linux-gnueabihf/libssl.so.1.0.0
So it seems like libssl.so is a symlink to libssl.so.1.0.0

The question then is:
Can I move the files libssl.so.1.0.0 and openssl from the source RPi to the destination RPi into the application dir and they will be used or is there another caveat for this to happen?
Should the so file go into the /usr/lib/arm-linux-gnueabihf/ dir instead?
Bo Berglund
Sweden

Return to “General discussion”