I want to use one IP to host many domains with individual SSL certificates (requires SNI). In CentOS 5.3, the latest version of OpenSSL I can find an RPM for is 0.9.8e, which does not support SNI.
I want to upgrade to 0.9.8k but I can't find an RPM. I could compile from source, but if I try to remove the existing OpenSSL package through yum, it wants me to remove all packages that depend on OpenSSL (100+ packages).
EDIT: I ended up installing 0.9.8k without overwriting the previous version. Now I both avoid breaking dependencies and can use SNI. Was this the best action?
Best Answer
If you've simply over-written the rpm-provided files you may have... some pain later on; at the very least it's misleading for anyone who looks at the system.
In your position I'd do one of two things:
1/ Download the srpm for Centos, do an rpm -i openssl-whatever.srpm
Edit the /usr/src/redhat/SPEC/openssl.spec file to update the version and source file to the version of openssl you want to build.
Do an rpmbuild -ba /usr/src/redhat/SPEC/openssl.spec to build a newer version of the RPM. If all goes well you'll end up with some shiny new RPMs in /usr/src/redhat/RPMS/$arch and you can just drop them in.
or
2/ Nab the openssl srpm from a newer release (such as Fedora 12), and do an rpmbuild --rebuild openssl-whatever.srpm
Again, all going well you'll get some RPMs, although this is probably less reliable (in the sense that the ABI and dependencies may have changed from RHEL 5 to Fedora 12, for example).