PDA

View Full Version : Install openssl 1.0.2 in SLES for SAP 11 SP3



misaelcun
09-Nov-2017, 03:33
Hi to all,

How to install openssl 1.0.2 in SLES for SAP 11 SP3, I am already installed curl-openssl1 and wget-openssl1 using the directions from https://www.suse.com/documentation/suse-best-practices/singlehtml/securitymodule/securitymodule.html, but I am still have openssl version 9.08.

Please any workaround?

Best regards.

smflood
09-Nov-2017, 12:01
On 09/11/17 02:54, misaelcun wrote:

> How to install openssl 1.0.2 in SLES for SAP 11 SP3, I am already
> installed curl-openssl1 and wget-openssl1 using the directions from
> https://www.suse.com/documentation/suse-best-practices/singlehtml/securitymodule/securitymodule.html,
> but I am still have openssl version 9.08.

Firstly a correction for anyone else finding this thread in the future,
"openssl version 9.08" above is a typo - it's OpenSSL version 0.9.8.

> Please any workaround?

Did you install the curl-openssl1 and wget-openssl1 packages through the
Security Module or download them from SUSE's Patch Finder? I think from
your recent thread
https://forums.suse.com/showthread.php?10143-Error-14094410-SSL-when-run-zypper-ref
that it's through the Security Module.

Whilst you've posted in the SLES for SAP Applications forum what I've
not got from either this or your other thread is why you're using SLES
for SAP Applications especially since you reference "regular" SLES.
Whilst SLES for SAP Applications is based on the corresponding version
of "regular" SLES there are differences though I expect the Security
Module should still apply (though whether the SAP-specific bits use it
is another matter).

You should also note that simply installing curl-openssl1 and/or
wget-openssl1 doesn't mean that when using curl and/or you'll get the
openSSL 1.0x versions - you also need to use the update-alternatives
command to change the version which will be used. See section 5.1.1 in
the documentation you linked.

HTH.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------

misaelcun
09-Nov-2017, 14:53
Hi Smoflood,

Thank you for your words, we are using SLES for SAP due we are using SAP R3 and sure I am followed the steps from Security Model page, in my server the update-alternatives --show for curl and wget show points towards to curl-openssl1 and wget-openssl1, today after read your post I made this test:

When run:
#openssl
openssl>version --> shows OpenSSL 0.9.8j-fips 07 Jan 2009


#openssl1
openssl1>version --> shows OpenSSL 1.0.1g 7 Apr 2014

As you pointed to my other Thread, I think the zypper command still using openssl instead openssl1 and my command zypper add repo fails when using packages.microsoft.com.

There is a way to force to zypper use openssl1 or may be I am missing an additional step when following https://www.suse.com/documentation/suse-best-practices/singlehtml/securitymodule/securitymodule.html?

Best regards.

smflood
12-Nov-2017, 23:45
misaelcun Wrote in message:

> Thank you for your words, we are using SLES for SAP due we are using SAP
> R3 and sure I am followed the steps from Security Model page, in my
> server the update-alternatives --show for curl and wget show points
> towards to curl-openssl1 and wget-openssl1, today after read your post I
> made this test:
>
> When run:
> #openssl
> openssl>version --> shows OpenSSL 0.9.8j-fips 07
> Jan 2009
>
>
> #openssl1
> openssl1>version --> shows OpenSSL 1.0.1g 7 Apr
> 2014
>
> As you pointed to my other Thread, I think the zypper command still
> using openssl instead openssl1 and my command zypper add repo fails when
> using packages.microsoft.com.
>
> There is a way to force to zypper use openssl1 or may be I am missing an
> additional step when following
> https://www.suse.com/documentation/suse-best-practices/singlehtml/securitymodule/securitymodule.html?

I don't think zypper is one of those apps that can use OpenSSL
1.0.1 which makes sense as you don't want to break
zypper!

Let me try installing SLES for SAP Applications on a test server
and see where I get to adding the Microsoft repository as per
your previous ticket.

HTH.
--
Simon Flood
SUSE Knowledge Partner


----Android NewsGroup Reader----
http://usenet.sinaapp.com/

misaelcun
13-Nov-2017, 17:50
Hi Simon,

As I mentioned the version used in my System is SLES for SAP 11 SP3, I hope you will success with your tests.

Best regards.

smflood
14-Nov-2017, 16:01
On 13/11/17 16:54, misaelcun wrote:

> As I mentioned the version used in my System is SLES for SAP 11 SP3, I
> hope you will success with your tests.

Having installed and fully patched a test SLES for SAP Applications 11
SP3 server I've got the same results as yourself when trying to add the
Microsoft repo.

What I did see though when trying to install curl-openssl1 from the
Security Module is the following error

--begin--
sles11sp3sap:~ # zypper in curl-openssl1
Loading repository data...
Reading installed packages...
Resolving package dependencies...

Problem: nothing provides curl >= 7.19.7-1.51.1 needed by
curl-openssl1-7.19.7-1.70.3.1.x86_64
Solution 1: do not install curl-openssl1-7.19.7-1.70.3.1.x86_64
Solution 2: break curl-openssl1-7.19.7-1.70.3.1.x86_64 by ignoring
some of its dependencies

Choose from above solutions by number of cancel [1/2/c] (c):
---end---

which makes me wonder how you installed curl-openssl1 on SLES for SAP
Applications 11 SP3? Did you choose solution 2?

Checking the available patches for SLES11 SP3 I believe
curl-7.19.7-1.46.1 is the latest and last release of curl available for
SLES11 SP3 including the SAP Applications variant.

I'm now downloading the ISO for SLES for SAP Applications 11 SP4 to see
where I get to installing and playing with that and will report back.

HTH.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------

misaelcun
14-Nov-2017, 16:25
Hi smflood,

No, when I trying to reach a solution, I start the process to prepare our servers to install SP4 with yast2 wagon, this process enables more repositories and I think with those new repositories the curl-openssl1 and wget-openssl1 loads all requiered and not shows to me the options you mentioned, I installed with success, In SP4 the same result when installing curl-openssl1 and wget-openssl1 with success, but fails when adding the Microsoft Repo.

Regards.

smflood
14-Nov-2017, 17:40
On 14/11/17 15:34, misaelcun wrote:

> No, when I trying to reach a solution, I start the process to prepare
> our servers to install SP4 with yast2 wagon, this process enables more
> repositories and I think with those new repositories the curl-openssl1
> and wget-openssl1 loads all requiered and not shows to me the options
> you mentioned, I installed with success, In SP4 the same result when
> installing curl-openssl1 and wget-openssl1 with success, but fails when
> adding the Microsoft Repo.

Okay so I have now installed and updated SLES for SAP Applications 11
SP4. This also failed to add the Microsoft repo.

I then successfully installed curl-openssl1 and could use that to access
the Microsoft repo file (with curl-openssl0 still failing). However
zypper still fails which leads me to think it's hard-coded to OpenSSL
0.9.8 code and I haven't found any option to change that.

Interestingly all the Microsoft documentation I've found pointing at
their repos refers to SLES12 SP2 (and later) with nothing for SLES11 SPx
which makes me think they've forgotten to remove their SLES11 repo. Sorry.

My thoughts now are that instead of adding Microsoft repo you just grab
the necessary files using curl-openssl1 then use "rpm -Uvh <file>" to
install them manually. Alternatively set up a local SMT server on SLES12
which mirrors the SLES11 repo then point your SLES11 SP3/4 servers at that.

HTH.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------

misaelcun
14-Nov-2017, 18:46
Hi,

Actually it was I did, I mean downloading from microsoft sles 12 repo these files and install as follows:

msodbcsql-13.1.9.1-1.x86_64.rpm
unixODBC-2.3.1-3.2.x86_64.rpm
unixODBC-devel-2.3.1-3.2.x86_64.rpm

- Se instala en el siguiente orden:
zypper in unixODBC-2.3.1-3.2.x86_64.rpm
zypper in unixODBC-devel-2.3.1-3.2.x86_64.rpm
zypper in msodbcsql-13.1.9.1-1.x86_64.rpm

Now my concern is when I run zypper update shows to me a message saying, some components change to vendor unixODBC to SuSE....

At least the msodbcsql is running in our servers.

I am really appreciate all the support provided in this forum, Thank you very much all involved in the thread.

Best Regards.

smflood
14-Nov-2017, 19:17
On 14/11/17 17:54, misaelcun wrote:

> Actually it was I did, I mean downloading from microsoft sles 12 repo
> these files and install as follows:

Hopefully that "sles 12" is a typo, at least in relation to your SLES11
servers - use Microsoft's SLES 12 repo for your SLES 12 servers (which I
think you should be able to add as a repo to your SLES12 servers without
issues) and the files from the SLES 11 repo on your SLES 11 servers
(possibly via your own local SLES 12-based SMT server).

> msodbcsql-13.1.9.1-1.x86_64.rpm
> unixODBC-2.3.1-3.2.x86_64.rpm
> unixODBC-devel-2.3.1-3.2.x86_64.rpm
>
> - Se instala en el siguiente orden:
> zypper in unixODBC-2.3.1-3.2.x86_64.rpm
> zypper in unixODBC-devel-2.3.1-3.2.x86_64.rpm
> zypper in msodbcsql-13.1.9.1-1.x86_64.rpm
>
> Now my concern is when I run zypper update shows to me a message saying,
> some components change to vendor unixODBC to SuSE....

There are two "to"s there, I think you mean change from SUSE to unixODBC
because that's the only thing that makes sense here ... ?

> At least the msodbcsql is running in our servers.

:-)

> I am really appreciate all the support provided in this forum, Thank you
> very much all involved in the thread.

No problem, glad to help.

HTH.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------