Join the community today
Register Now

Beta Branch fix inc/openssl_install.inc for no-tls1_3 openssl 1.1.0 bug

Discussion in 'Centmin Mod Github Commits' started by eva2000, May 11, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    3:22 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  2. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    3:22 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Fix for Nginx compiled OpenSSL has been committed to 123.09beta01 latest code. This bug will affect fresh 123.09beta01 installs PHP compilations as it's picking up incorrect OpenSSL compilation at /usr/local/include/openssl due to a bug I introduced in commits from May 10th, 2018. You can see inc/openssl_install.inc file's github blame history which line by line links the current state to the commit that made that line. Which was specifically related to commit here.

    If it's a completely fresh CentOS Centmin Mod install made in past 24hrs of May 10th, 2018, it would be easier to just reload fresh CentOS OS and do a new Centmin Mod install to be 100% certain. Though not necessary if you don't want to.

    If you have an existing Centmin Mod 123.09beta01 install with this issue, you will need to update code via command = cmupdate, and then recompile Nginx's OpenSSL first via centmin.sh menu option 4. You can verify that is fixed using command below which lists all nginx_upgrade logs in reverse ascending data order and does a fgrep for the clean up markers I introduced. If you see these 3 lines, then Nginx OpenSSL is fixed.
    Code (Text):
    ls -rt /root/centminlogs/ | grep nginx_upgrade | while read l; do fgrep 'clean up no-tls1_3 bug' $l; done 
    clean up no-tls1_3 bug /usr/local/ssl
    clean up no-tls1_3 bug /usr/local/lib/engines-1.1
    clean up no-tls1_3 bug /usr/local/include/openssl