XenServer, Patch 22 and Crypto

The What

I am using XenServer as my private solution for my network. It’s fast, reliable, open-source and free (as in free beer). I am sort of a fanboy. That said we are using XenServer at work, too.

Somewhat recently Citrix, maker of XenServer released hotfix XS65ESP1022 aka Patch 22, release notes:

This hotfix supports the upgrade of OpenSSL package to version 1.0.1.

Files Updated

stunnel-4.15-17.x86_64.rpm
make-3.81-3.el5.x86_64.rpm
openssl-wrapper-0.1-59.x86_64.rpm
openssl-xs-1.0.1e-42.xs15.x86_64.rpm
ca-certificates-2012.87-1.noarch.rpm
openssl-xs-libs-1.0.1e-42.xs15.x86_64.rpm
openvswitch-2.1.3-13.7579.x86_64.rpm
xenserver-transfer-vm-6.5.0-116122c.noarch.rpm

The bold one however, introduces some issues. If you (like everyone) installed extra packages in the Dom0 (the hypervisor) and maybe even used packages from epel then stuff will break apart. For example:

(more…)