Issue #10479 has been updated by Pramod Sharma.


no i am still not able to find an alternative. Please help me if there's any

----------------------------------------
Bug #10479: OpenSSL not upgrading to 1.0.1j while recompiling Ruby.
https://bugs.ruby-lang.org/issues/10479#change-49996

* Author: Pramod Sharma
* Status: Open
* Priority: Urgent
* Assignee: 
* Category: ext/openssl
* Target version: 
* ruby -v: 1.9.3p550
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
I had my system running on ubuntu 14.04, Ruby 1.9.3p550, OpenSSL 1.0.1f. After MITM vulnerability when I tried to update my system level openssl its been upgraded to 1.0.1j.
But when I check `ruby -r openssl -e 'puts OpenSSL::OPENSSL_VERSION'` to check latest version of openssl used by system's ruby services. It still shows old version i.e. 1.0.1f.
The workaround I find is to recompile ruby. But after recompiling ruby  `ruby -r openssl -e 'puts OpenSSL::OPENSSL_VERSION'` raising :-
/usr/local/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': /usr/local/lib/ruby/1.9.1/x86_64-linux/openssl.so: undefined symbol: SSLv2_method - /usr/local/lib/ruby/1.9.1/x86_64-linux/openssl.so (LoadError)

I have tried:-
1. using --with-openssl-dir while compiling ruby but its not a valid option.
2.  http://stackoverflow.com/questions/8206546/undefined-symbol-sslv2-method
3.  http://aaronparecki.com/articles/2014/04/08/1/how-to-test-and-confirm-openssl-is-updated-for-nginx-and-ruby-on-ubuntu-12-04
4. recompiling a package with fPIC flag :- http://stackoverflow.com/questions/13812185/how-to-recompile-with-fpic
5. Tried recompiling extconf.rb from ruby source as well :- http://stackoverflow.com/questions/9732591/rails-loaderror-with-openssl-so-undefined-symbol-d2i-ecpkparameters



-- 
https://bugs.ruby-lang.org/