We were securing down our freebsd box last night and I'm not sure if a compile of openssl went wrong or something else happened...but in the mix of upgrading openssl to the latest version we started getting "/usr/libexec/ld-elf.so.1: Shared object 'receiving libcrypto.so.3' not found". We found a couple of posts on different forums suggesting it could be programs currently running trying to use an an old version of the library and it's been moved/deleted/udpated or what not.

So we send the server down for a reboot and after it comes back up, we cannot ssh in to further diagnose this problem. It's in the hands of the techs and I am hoping we do not need another restore on this system because we just had one done yesterday!

Anybody have any advice or suggestions on this error that I may enlighten the techs if they are unsure how to proceed to fix it?

We are using a custom compiled kernel with the only changes from generic being quotas enabled and we are using ipfw. I do not think its a firewall rule issues because this was working perfectly smooth before any of this happens.

To top it off i telnet'd to our ip (since we havent disabled it yet) and received this message immediately "/usr/libexec/ld-elf.so.1: Shared object 'libcrypto.so.3' not found" following with a "connection to host lost". SSH'ing into the server just returns with a "connection refused". I have a bad feeling that it has to do with this libcrypt.so.3 file since ssh depends on openssl does it not?

Thank you in advance for any light that could be shed on this!

Update: We had to resort to a restore as the techs could not resolve the issue even with any suggestions we have given them.

I would still be curious to know more about this issue incase it happens in the future again.

I have the exact same problem ... Did you ever figure out later how you could fix this problem without having to do a restore?

Sadly we were not able to resolve the situation because we were unable to gain shell access to the system with any advice/suggestions we gave the techs to try.

This is usually the result of installing the openssl port with OPENSSL_OVERWRITE_BASE set, and then subsequently deinstalling the port. The port overwrites the files from the base system version of openssl, and then when you deinstall the port you're left without any version of openssl on the system.

Best solution? Don't Do That. OPENSSL_OVERWRITE_BASE is a horrible option which should never have existed.

If you get yourself into this mess,
1. Do NOT reboot the machine.
2. Do NOT close any existing ssh connections, since you may not be able to open them again.
3. Contact me or someone else with FreeBSD fu who can help you get the necessary files back onto the system.

Colin in frustration I decided to execute:

cd /usr/ports
make clean perl

Twelve hours later I realized something was terribly wrong and suspended the command which was still cleaning. Next I executed:

cd /usr/ports/lang
make clean

This took less than 10 minutes. I then executed:

make

However this compilation is taking forever. Of course now that I know how to fix the original problem I have created more. The following fixed this same problem on another machine:

cd /usr/ports/security/openssl
make clean
make
cp work/openssl-0.9.7e/libssl.so.3 /usr/lib/
cp work/openssl-0.9.7e/libcrypto.so.3 /usr/lib/
make install
/scripts/bsdldconfig
/scripts/exim4 --source

Am I doomed to wait another 12+ hours for make to compile before I can execute 'make install' and deploy the fix? Or is there a better way?

I'm not surprised that it's taking a long time, but why are you trying to build all the lang/* ports? (And why were you trying to build perl, for that matter?)

The problem is to get a working copy of openssl installed again.



That should fix the problem, assuming that you have the openssl distfile on your machine already.



Unless you have a very very slow machine, it shouldn't take 12+ hours to build openssl... 5 minutes is more likely.

The other option is to copy those files (libssl.so.3, libcrypto.so.3) from another machine.

That was not openssl that took so long it was
cd /usr/ports/lang
make

I believe specifying src=all in my last cvsup caused 'make' to take so long. In any event I am now trying to execute:

cd /usr/ports/lang/perl5.8
make install

Running this returned:

=> Attempting to fetch from ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/.
fetch: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/d...-5.8.6.tar.bz2: Host not found
=> Couldn't fetch it - please try to retrieve this
=> port manually into /usr/ports/distfiles/ and try again.
*** Error code 1

Stop in /usr/ports/lang/perl5.8.


I checked my /etc/resolv.conf and found it to be in order thus I do not understand why I am getting the above error? Assuming of course the ftp server at FreeBSD.org is up and running ...