--On Wednesday, August 17, 2022 2:11 PM +0530 Vijay Maidarkar vmaidarkar@gmail.com wrote:

Hi Quanah,

Hi, please keep replies on the list.

Find below answers.

Where is it installed? $ which openssl

/usr/local/bin/openssl

$ ldd /usr/local/bin/openssl linux-vdso.so.1 =>  (0x00007fff931e6000) libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007f7f7a570000) libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007f7f7a087000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f7f79e83000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f7f79c67000) libc.so.6 => /lib64/libc.so.6 (0x00007f7f79899000) /lib64/ld-linux-x86-64.so.2 (0x00007f7f7a802000)

How was it installed? I've downloaded the archive & done compilation from below cmds.

$ ./config $ make $ make install

So, you built it yourself so there will be no development package. I'm not sure why you built such an ancient version of OpenSSL (you listed OpenSSL 1.1.1g when 1.1.1q is the most recent), since it's vulnerable to multiple critical CVEs.

I'd strongly advise using the packages from EPEL if you insist on staying on CentOS7 (which is near end of life).

If you are going to use your own OpenSSL build, I can't emphasize enough the importance of using a current release. Since you're doing this in an unpackaged way, maintenance is going to be a nightmare.

Since you've built it yourself into its own location, you have to tell the configure script where to find the development headers, like:

CPPFLAGS="/usr/local/include" LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib" ./configure ...

However, I would again strongly advise you not go the route of building the software yourself unless you're going to do it in a packaged way (I.e. make RPMs) so that you can upgrade whenever there's a new vulnerability.

Even more, I'd strongly advise just using the pre-built packages provided by either Symas (Which offers current builds of both OpenLDAP 2.5 and OpenLDAP 2.6 + supporting libraries) or the LTB project.

https://repo.symas.com/ https://ltb-project.org/

Regards, Quanah