I want to use one IP to host many domains with individual SSL certificates (requires SNI). In CentOS 5.3, the latest version of OpenSSL I can find an RPM for is 0.9.8e, which does not support SNI.
I want to upgrade to 0.9.8k but I can't find an RPM. I could compile from source, but if I try to remove the existing OpenSSL package through yum, it wants me to remove all packages that depend on OpenSSL (100+ packages).
EDIT: I ended up installing 0.9.8k without overwriting the previous version. Now I both avoid breaking dependencies and can use SNI. Was this the best action?
If you've simply over-written the rpm-provided files you may have... some pain later on; at the very least it's misleading for anyone who looks at the system.
In your position I'd do one of two things:
1/ Download the srpm for Centos, do an rpm -i openssl-whatever.srpm
Edit the /usr/src/redhat/SPEC/openssl.spec file to update the version and source file to the version of openssl you want to build.
Do an rpmbuild -ba /usr/src/redhat/SPEC/openssl.spec to build a newer version of the RPM. If all goes well you'll end up with some shiny new RPMs in /usr/src/redhat/RPMS/$arch and you can just drop them in.
or
2/ Nab the openssl srpm from a newer release (such as Fedora 12), and do an rpmbuild --rebuild openssl-whatever.srpm
Again, all going well you'll get some RPMs, although this is probably less reliable (in the sense that the ABI and dependencies may have changed from RHEL 5 to Fedora 12, for example).
The best action is probably to compile OpenSSL 0.9.8k targeted to another directory, /usr/local or /opt, then compiling an appropriate version of Apache against that new OpenSSL rather than the one provided by the system. Unfortunately you'd lose the convenience of being able to upgrade via RPM, but it would give you the capability without causing problems with the other 100+ applications which depend on the current CentOS version of OpenSSL.
How did you end up installing the new version? As long as your applications didn't break and they know the path the new version of SSL you installed it should be fine.
This is an old answer.
But there are a lot of people still running RHEL 5 / CentOS 5 for several reasons. Unfortunately RHEL 5 is out of support and additionally there was never a package with OpenSSL >= 1 for RHEL 5.
If you don't have any concerns about using a foreign repo then you can use "tuxad repo". It provides a different and more easy way to update OpenSSL of RHEL 5 to the one of RHEL 6 (which is still supported):
More details can be found here:
www.tuxad.de/blog/archives/2014/11/19/openssl_updatesenhancements_for_rhel__centos_5 www.tuxad.de/blog/archives/2018/07/21/tuxad_rh5_repo_now_with_phpopenssl1
This repo contains several packages which are rebuild against OpenSSL 1: