Linux узнать версию openssl

Open SSL

OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR, OPENSSL_VERSION_PATCH, OPENSSL_VERSION_PRE_RELEASE, OPENSSL_VERSION_BUILD_METADATA, OPENSSL_VERSION_TEXT, OPENSSL_VERSION_PREREQ, OPENSSL_version_major, OPENSSL_version_minor, OPENSSL_version_patch, OPENSSL_version_pre_release, OPENSSL_version_build_metadata, OpenSSL_version, OPENSSL_VERSION_NUMBER, OpenSSL_version_num, OPENSSL_info — get OpenSSL version number and other information

SYNOPSIS

#include #define OPENSSL_VERSION_MAJOR x #define OPENSSL_VERSION_MINOR y #define OPENSSL_VERSION_PATCH z /* The definitions here are typical release values */ #define OPENSSL_VERSION_PRE_RELEASE "" #define OPENSSL_VERSION_BUILD_METADATA "" #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx" #define OPENSSL_VERSION_PREREQ(maj,min) #include unsigned int OPENSSL_version_major(void); unsigned int OPENSSL_version_minor(void); unsigned int OPENSSL_version_patch(void); const char *OPENSSL_version_pre_release(void); const char *OPENSSL_version_build_metadata(void); const char *OpenSSL_version(int t); const char *OPENSSL_info(int t); /* from openssl/opensslv.h */ #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnL /* from openssl/crypto.h */ unsigned long OpenSSL_version_num();

DESCRIPTION

Macros

The three macros OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR and OPENSSL_VERSION_PATCH represent the three parts of a version identifier, MAJOR.MINOR.PATCH.

The macro OPENSSL_VERSION_PRE_RELEASE is an added bit of text that indicates that this is a pre-release version, such as «-dev» for an ongoing development snapshot or «-alpha3» for an alpha release. The value must be a string.

The macro OPENSSL_VERSION_BUILD_METADATA is extra information, reserved for other parties, such as «+fips» , or «+vendor.1» ). The OpenSSL project will not touch this macro (will leave it an empty string). The value must be a string.

OPENSSL_VERSION_STR is a convenience macro to get the short version identifier string, «MAJOR.MINOR.PATCH» .

OPENSSL_FULL_VERSION_STR is a convenience macro to get the longer version identifier string, which combines OPENSSL_VERSION_STR, OPENSSL_VERSION_PRE_RELEASE and OPENSSL_VERSION_BUILD_METADATA.

OPENSSL_VERSION_TEXT is a convenience macro to get a full descriptive version text, which includes OPENSSL_FULL_VERSION_STR and the release date.

OPENSSL_VERSION_PREREQ is a useful macro for checking whether the OpenSSL version for the headers in use is at least at the given pre-requisite major (maj) and minor (min) number or not. It will evaluate to true if the header version number (OPENSSL_VERSION_MAJOR.OPENSSL_VERSION_MINOR) is greater than or equal to maj.min.

OPENSSL_VERSION_NUMBER is a combination of the major, minor and patch version into a single integer 0xMNN00PP0L, where:

is the number from OPENSSL_VERSION_MAJOR, in hexadecimal notation

is the number from OPENSSL_VERSION_MINOR, in hexadecimal notation

is the number from OPENSSL_VERSION_PATCH, in hexadecimal notation

Functions

OPENSSL_version_major(), OPENSSL_version_minor(), OPENSSL_version_patch(), OPENSSL_version_pre_release(), and OPENSSL_version_build_metadata() return the values of the macros above for the build of the library, respectively.

OpenSSL_version() returns different strings depending on t:

The value of OPENSSL_VERSION_TEXT

The value of OPENSSL_VERSION_STR

The value of OPENSSL_FULL_VERSION_STR

The compiler flags set for the compilation process in the form compiler: . if available, or compiler: information not available otherwise.

The date of the build process in the form built on: . if available or built on: date not available otherwise. The date would not be available in a reproducible build, for example.

The «Configure» target of the library build in the form platform: . if available, or platform: information not available otherwise.

The OPENSSLDIR setting of the library build in the form OPENSSLDIR: «. » if available, or OPENSSLDIR: N/A otherwise.

The ENGINESDIR setting of the library build in the form ENGINESDIR: «. » if available, or ENGINESDIR: N/A otherwise. This option is deprecated in OpenSSL 3.0.

The MODULESDIR setting of the library build in the form MODULESDIR: «. » if available, or MODULESDIR: N/A otherwise.

The current OpenSSL cpu settings. This is the current setting of the cpu capability flags. It is usually automatically configured but may be set via an environment variable. The value has the same syntax as the environment variable. For x86 the string looks like CPUINFO: OPENSSL_ia32cap=0x123:0x456 or CPUINFO: N/A if not available.

For an unknown t, the text not available is returned.

OPENSSL_info() also returns different strings depending on t:

The configured OPENSSLDIR , which is the default location for OpenSSL configuration files.

The configured ENGINESDIR , which is the default location for OpenSSL engines.

The configured MODULESDIR , which is the default location for dynamically loadable OpenSSL modules other than engines.

The configured dynamically loadable module extension.

The separator between a directory specification and a filename. Note that on some operating systems, this is not the same as the separator between directory elements.

The OpenSSL list separator. This is typically used in strings that are lists of items, such as the value of the environment variable $PATH on Unix (where the separator is : ) or %PATH% on Windows (where the separator is ; ).

The current OpenSSL cpu settings. This is the current setting of the cpu capability flags. It is usually automatically configured but may be set via an environment variable. The value has the same syntax as the environment variable. For x86 the string looks like OPENSSL_ia32cap=0x123:0x456 .

For an unknown t, NULL is returned.

OpenSSL_version_num() returns the value of OPENSSL_VERSION_NUMBER.

RETURN VALUES

OPENSSL_version_major(), OPENSSL_version_minor() and OPENSSL_version_patch() return the version number parts as integers.

OPENSSL_version_pre_release() and OPENSSL_version_build_metadata() return the values of OPENSSL_VERSION_PRE_RELEASE and OPENSSL_VERSION_BUILD_METADATA respectively as constant strings. For any of them that is undefined, the empty string is returned.

OpenSSL_version() returns constant strings.

SEE ALSO

HISTORY

The macros and functions described here were added in OpenSSL 3.0, except for OPENSSL_VERSION_NUMBER and OpenSSL_version_num().

COPYRIGHT

Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the «License»). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

master manpages

This manpage

Please report problems with this website to webmaster at openssl.org.

Copyright © 1999-2023 The OpenSSL Project Authors. All Rights Reserved.

Источник

Как обновить OpenSSL на Linux

Обновлено: 27.02.2023 Опубликовано: 20.01.2017

Данная инструкция протестирована на CentOS 6, 7, 8 и Ubuntu.

Посмотреть текущую версию

Узнать текущую версию openssl в Linux можно следующей командой:

Мы увидим что-то на подобие:

OpenSSL 1.0.2k-fips 26 Jan 2017

* в данном примере используется версия openssl 1.0.2k от 26 января 2017 года.

openssl: command not found

. значит пакет openssl не установлен в системе.

Обновить/установить openssl можно из репозитория операционной системы или собрав его из исходника. Мы рассмотрим оба варианта.

Из пакетов

Самый простой способ — воспользоваться репозиторием. Однако, в нем может находиться далеко не последняя версия.

В зависимости от типа Linux, наши команды будут немного отличаться.

а) Для DEB-систем (Debian, Ubuntu, Astra Linux):

б) Для RPM-систем (Rocky Linux, CentOS):

* также можно ввести yum update openssl.

Если будет найдено обновление, система предложит обновить пакет — отвечаем Y.

Если обновлений нет или будет установлена не последняя версия, выполняем установку из исходника.

Из исходника

Устанавливаем пакеты, необходимые для сборки пакета. Команда зависит от дистрибутива Linux.

а) Для DEB-систем:

apt install make gcc wget tar perl

б) Для RPM-систем:

yum install make gcc wget tar perl

Переходим по ссылке https://www.openssl.org/source/ и находим в описании LTS версию openssl:

* как видим, на момент написания обновления инструкции это была версия 1.1.1.

И копируем ссылку на ее скачивание:

На CentOS скачиваем исходник с использованием найденной ссылки:

И распаковываем его с последующим удалением:

tar -xvf openssl-*.tar.gz && rm -f openssl-*.tar.gz

Переходим в папку с распакованным исходником:

./config —prefix=/usr —openssldir=/usr

Система вернет полные сведения об openssl, например:

OpenSSL 1.1.1t 7 Feb 2023
built on: Mon Feb 27 11:17:07 2023 UTC
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,—noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG
OPENSSLDIR: «/usr»
ENGINESDIR: «/usr/lib/engines-1.1»
Seeding source: os-specific

Возможные ошибки

libssl.so.1.1: cannot open shared object file

При запуске команды openssl, система возвращает ошибку:

openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

Причина: openssl не может найти нужную ей библиотеку (libssl.so), так как она распологается в нестандартном для операционной системы месте.

Решение: необходимо добавить в ldconfig правильный путь до libssl.so. Сначала найдем библиотеку, которой не хватает openssl:

Значит, путь до библиотеки /usr/lib64 — его и добавляем в ldconfig. Для это создаем файл:

Источник

How to Check the OpenSSL Version Number

OpenSSL is an open-source cryptographic library and SSL toolkit. The applications contained in the library help create a secure communication environment for computer networks.

OpenSSL contains an implementation of SSL and TLS protocols, meaning that most servers and HTTPS websites use its resources.

In this tutorial, learn how to find the OpenSSL version with a single command.

OpenSSL Version Command

The openssl version command allows you to determine the version your system is currently using. This information is useful if you want to find out if a particular feature is available, verify whether a security threat affects your system, or perhaps report a bug. Type in:

The resulting data will consist of the OpenSSL version designation and the date of its initial release.

The output is clear and easy to understand. We can break down the version format to get valuable insight. Additionally, using flags can help structure the data.

OpenSSL Releases

The format of the version provides a lot of information. The position of the numbers represent the release type:

• Major Releases – You can recognize a major release if one or both of the first two digits change. This type of release can break compatibility with previous versions. For example: 1.1.0g vs. 1.2.0
• Minor Releases – A minor release changes the last number of the version designation, e.g., 1.1.0 vs. 1.1.1. These releases are likely to contain new features; however, they should not break binary compatibility. You do not need to recompile applications to benefit from them.
• Letter Releases – The release designation in our example 1.1.0g contains bug and security fixes exclusively. No new features were added.

Note: The next planned version of OpenSSL is 3.0.0. Once the new version is released, the versioning scheme is going to change to a more contemporary format: MAJOR.MINOR.PATCH

OpenSSL Flags

By using a general flag –help we can see an overview of all valid options for openssl version.

There are eight (8) valid options that allow you to narrow your search. The option that provides the most comprehensive set of information is:

This command compiles all the information contained under the individual flags into a single output.

This option is convenient, especially when troubleshooting or composing a bug report.

The OPENSSLDIR line is especially interesting, as it will tell you where OpenSSL will look for its configurations and certificates. You can print out that specific line by using the following command:

In this example, the configuration files and certificates are located at /usr/lib/ssl

Now you have learned how to check the OpenSSL version.

You should now understand how to interpret that data. And how it can be used to improve server security, troubleshoot or submit a bug request.

The flags presented in the article provided you with the necessary tools to help you make an informed decision and administer your system effectively.

Источник