How to fix missing OpenSSL libraries on Linux

Started by Mike King, November 05, 2019, 02:45:20 PM

Previous topic - Next topic

Mike King

On Linux, if you are finding you are having trouble connecting to a secure server using TCP, it may be because the system is not able to find the OpenSSL system libraries.  This can manifest itself in having problems running the online registration process, getting updates, or any form of network/internet request using a secure connection.

The easiest way to test if the libraries can be found is to try and open a secure connection to the target system or to any Internet server,   To do this simply issue the following command from the PxPlus command line:

OPEN (1) "[tcp]www.pvxplus.com;443;secure"

If the libraries are not found you will get the following error:

Error #13: File access mode invalid
Last IO to [tcp]www.pvxplus.com;443;secure, channel 1
Unable to locate SSL library (ssleay or libssl) (err/ret=9/9)

This indicates the OpenSSL libraries cannot be found, however on most Linux system they do exist but the OS may not have created the proper linkage to the version of OpenSSL you are running.   The library files often are suffixed with the specific version of OpenSSL being used and for PxPlus to use them, it needs a link to the correct library.

Since we ship a 'generic' version of PxPlus for multiple versions of Linux, we use generic names (without the version number) in the SSL interface. Most Linux systems include these by default, but some don't so you have to define which OpenSSL library version to use. 

NOTE: Because OpenSSL changes regularly many Linux distros already have these generic links defined so they
can change when a new version comes out without having to re-compile all applications.

If the generic link does not exist, you can fix this by first finding the installed SSL libraries (libssl.so and libcrypto.so) on your Linux server.  Generally they will be in one of the following locations:


  • 32 bit systems: /lib -or- /usr/lib
  • 64 bit systems: /lib64 -or- /usr/lib64

To find which libraries are installed you can use the OS 'ls' command as in:

ls -l /usr/lib/libssl*

This will display something like:

-rwxr-xr-x 1 root root 470376 Aug 8 21:38 /usr/lib/libssl.so.1.0.2k

This indicates that you have version 1.0.2k of the OpenSSL libraries installed.

In order for PxPlus to find this library you need to create a symbolic link within the system library files to the .so file.  This can be done as follows:

ln -s /lib/libssl.so.1.0.2k /lib/libssl.so
ln -s /lib/libcrypto.so.1.0.2k /lib/libcrypto.so

To give you an idea of what this will look like, here is the 'ls' of a Centos 7 library directory:

[root@v1153828 ~]# ls -la /usr/lib64/libssl*
-rwxr-xr-x 1 root root 370584 Aug 12 11:55 /usr/lib64/libssl3.so
lrwxrwxrwx 1 root root     16 Sep 18 00:49 /usr/lib64/libssl.so -> libssl.so.1.0.2k
lrwxrwxrwx 1 root root     16 Sep 18 00:47 /usr/lib64/libssl.so.10 -> libssl.so.1.0.2k
-rwxr-xr-x 1 root root 470376 Aug  8 21:38 /usr/lib64/libssl.so.1.0.2k

You can see it is set to use OpenSSL version 1.0.2k

Mike King
President - BBSysco Consulting
eMail: mike.king@bbsysco.com