Opensslfixer-1.0.2j-0-linux-x64 fails

Installing the 2016-09-22 OpenSSL OCSP Status Request Extension Unbounded Memory Growth (CVE-2016-6304) patch fails. I select to not have it restore so I could see the error message when Apache restarts:

Error: Error running /opt/bitnami/ctlscript.sh restart apache: httpd: Syntax
error on line 131 of /opt/bitnami/apache2/conf/httpd.conf: Cannot load
modules/mod_ssl.so into server: /opt/bitnami/apache2/modules/mod_ssl.so: symbol
X509_INFO_free, version OPENSSL_1.0.0 not defined in file libcrypto.so.1.0.0
with link time reference
httpd: Syntax error on line 131 of /opt/bitnami/apache2/conf/httpd.conf: Cannot
load modules/mod_ssl.so into server: /opt/bitnami/apache2/modules/mod_ssl.so:
symbol X509_INFO_free, version OPENSSL_1.0.0 not defined in file
libcrypto.so.1.0.0 with link time reference

1 Like

Hello @alex_lewis

We need more information in order to help you. Could you please answer the questions below?

  • What stack are you trying to apply the patch at?
  • What is the version of the Stack?
  • Are you using a Native Installer, a Cloud Image or a Virtual Machine?
  • What steps did you perform to apply the patch?

Best Regards,

Juan Ariza

Bitnami Tomcat 7.0.54-0 on Ubuntu 12.04 on AWS.

I followed the instructions at https://docs.bitnami.com/aws/security:

wget https://downloads.bitnami.com/files/opensslfixer/bitnami-opensslfixer-1.0.2j-0-linux-x64-installer.run
chmod +x ./bitnami-opensslfixer-1.0.2j-0-linux-x64-installer.run
sudo ./bitnami-opensslfixer-1.0.2j-0-linux-x64-installer.run

Hello @alex_lewis

We have been able to reproduce your issue, thanks for reporting it. We need more time to look into this issue. In the meantime, you can restore the backup that was done while you were applying the patch and come back to your previous situation. You can restore it running the commands below:

sudo cp /opt/bitnami/opensslfix/backup/bin/openssl.bin /opt/bitnami/common/bin/
sudo cp -rf /opt/bitnami/opensslfix/backup/lib/* /opt/bitnami/common/lib/
sudo /opt/bitnami/ctlscript.sh restart 

Thanks in advance for your consideration and patience. We will notify you about our progress.

Best Regards,

Juan Ariza

1 Like

Hello @alex_lewis

Our engineering team has fixed the issue. Could you try using the following patch?

https://downloads.bitnami.com/files/opensslfixer/bitnami-opensslfixer-1.0.2j-1-linux-x64-installer.run
md5: d1a619be6f37e1ddab779e41f5482a44

The doc system will also be updated including the new patch.

Thanks again for your consideration.

Best Regards,

Juan Ariza

1 Like

Hello @jariza,

I had the exact same problem.
The new patch seems to work fine.

Thank you!

We are glad that you were able to fix the issue.

Best regards,
David Barranco