Upgrading OpenSSL in CentOS 5.3

If you've simply over-written the rpm-provided files you may have... some pain later on; at the very least it's misleading for anyone who looks at the system.

In your position I'd do one of two things:

1/ Download the srpm for Centos, do an rpm -i openssl-whatever.srpm

Edit the /usr/src/redhat/SPEC/openssl.spec file to update the version and source file to the version of openssl you want to build.

Do an rpmbuild -ba /usr/src/redhat/SPEC/openssl.spec to build a newer version of the RPM. If all goes well you'll end up with some shiny new RPMs in /usr/src/redhat/RPMS/$arch and you can just drop them in.

or

2/ Nab the openssl srpm from a newer release (such as Fedora 12), and do an rpmbuild --rebuild openssl-whatever.srpm

Again, all going well you'll get some RPMs, although this is probably less reliable (in the sense that the ABI and dependencies may have changed from RHEL 5 to Fedora 12, for example).


The best action is probably to compile OpenSSL 0.9.8k targeted to another directory, /usr/local or /opt, then compiling an appropriate version of Apache against that new OpenSSL rather than the one provided by the system. Unfortunately you'd lose the convenience of being able to upgrade via RPM, but it would give you the capability without causing problems with the other 100+ applications which depend on the current CentOS version of OpenSSL.