Matt has raised this question also with support: the short answer here is that the OpenSSL binaries shipped with a Uniface patch (e.g. 10.3.02.049) should not be replaced with binaries from higher patches or versions.
When the lab upgraded the OpenSSL version used by Uniface from version 1.0 to 1.1 it became very quickly clear that this will also affect several other dependencies (like e.g. libcurl). Simply replacing some binaries was not enough. Uniface needed to be rebuild using the upgraded versions of the external dependencies (such as OpenSSL and libcurl). The best way to use the updated OpenSSL version is by installing the Service Pack
10.3.03.000 or one of the patches available for version 10.3.03 (e.g. patch
10.3.03.002). A list of available patches can be found (e.g.) here:
Alternatively one, of course, could also consider migrating to Uniface 10.4.
I hope this helps.
Regards
------------------------------
Daniel Iseli
Rocket Internal - All Brands
Geneva Switzerland
------------------------------
Original Message:
Sent: 10-15-2021 03:53
From: Matt Dennison
Subject: Issues with the OpenSSL Version Shipped with Uniface 10.3.02.049
Hi
The version of OpenSSL (libssl.so) with this version of Uniface is 1.0.2n. We are experiencing a known issue due to the version of OpenSSL being below 1.1.0. The only fix would be to replace libssl.so with a newer version, which we have as we are testing Uniface 10.4.01.001 (OpenSSL 1.1.1i).
Is it as simple as switching out the file? or would we need a Q Patch incorporating an updated libssl.so? whichever route we take we would be carrying out testing before releasing to our own customer base.
Link to information on why it needs to be above 1.1.0 here.
Regards
Matt Dennison
------------------------------
Matt Dennison
Rocket Forum Shared Account
------------------------------