Installing a third party application package on CentOS 6.4 fails due to missing dependencies libcrypto.so.10 and libssl.so.10

by

The root cause of this issue is that Red Hat broke binary compatibility of their OpenSSL packages between 6.4 and 6.5, something that they promised that they would not do.

Resolving this problem is straightforward, but depending on the applications you may have deployed, may take some yelling at your application vendors. Be sure to reserve most of your ire for your Red Hat rep (if you have RHEL).

Cause

Red Hat upgraded the version of OpenSSL in EL6 from 1.0.0 to 1.0.1 in the 6.5 update, in order to resolve a years-old feature request to add elliptic curve cryptograhpy support. This package is no longer binary compatible, and programs that were built against OpenSSL 1.0.0 must be rebuilt from source against 1.0.1.

Unless you’re installing third party applications, of course, which almost everyone does. Those have to be recompiled, too, and at this point most third parties have done so, and built new packages against 6.5. It is these packages that third parties are generally shipping today.

Resolution

Identify all of the impacted third party packages and contact the third-party package vendors for updates. Once updates are available for all packages, you can safely update your system to 6.5, installing the third party package updates at the same time, which will complete the resolution.

For packages installed through the package manager and yum repositories, this is trivial; simply attempting to upgrade and being able to do so without dependency problems means that the packages are ready.

For packages manually installed, you will need to check these yourself and apply whatever updates the vendors have provided. You should also pressure these vendors to supply proper RPM packages and yum repositories in these cases.

Most users can update to 6.5 with a command such as:

yum --disableexcludes=all --obsoletes update

RHEL users who have set a specific minor release must first set 6.5 as their release target before running the above update:

subscription-manager release --set=6.5

At this point you should be able to install the third party package(s) you were trying to install.

Other issues

Users of CentOS and other RHEL clones on certain VPS or cloud providers may find that they are unable to update to 6.5. The yum command will state that no packages are marked for update. So far I have seen this on Windows Azure and some low-end VPS providers.

In these cases, the provider of the CentOS image in use has modified /etc/yum.repos.d/CentOS-Base.repo in the image to point to repositories other than the official CentOS mirrors.

This can be resolved by either manually editing the repo file to restore the official CentOS mirrors, or by locating the official centos-release RPM on a CentOS mirror and reinstalling it. For example (this URL is only good today and may go out of date later; check your mirror first):

yum update http://mirror.centos.org/centos/6/os/x86_64/Packages/centos-release-6-5.el6.centos.11.2.x86_64.rpm

Leave a Comment