ImportError: /lib64/libldap.so.2: undefined symbol: EVP_md2, version OPENSSL_3.0.0

Question

54 views6 hours agoLinux

0

Tech Junction2.33K 7 hours ago 0 Comments

My server is throwing this error when i try to run the “yum” command:

# yum
Traceback (most recent call last):
File “/usr/bin/yum”, line 61, in <module>
from dnf.cli import main
File “/usr/lib/python3.9/site-packages/dnf/__init__.py”, line 30, in <module>
import dnf.base
File “/usr/lib/python3.9/site-packages/dnf/base.py”, line 29, in <module>
import libdnf.transaction
File “/usr/lib64/python3.9/site-packages/libdnf/__init__.py”, line 12, in <module>
from . import conf
File “/usr/lib64/python3.9/site-packages/libdnf/conf.py”, line 13, in <module>
from . import _conf
ImportError: /lib64/libldap.so.2: undefined symbol: EVP_md2, version OPENSSL_3.0.0

Spread the word:

Tech Junction Answered question 6 hours ago

3 Answers

You are viewing 1 out of 3 answers, click here to view all answers.

score 0 · Answer 1 · 2025-04-28T13:38:22+00:00

Guide to Fix yum ImportError on CentOS Stream 9 This guide provides step-by-step instructions to resolve the ImportError: /lib64/libldap.so.2: undefined symbol: EVP_md2, version OPENSSL_3.0.0 error when running yum on CentOS Stream 9. The issue stems from a mismatch between the openldap library (used by libdnf, which yum depends on) and the OpenSSL 3.0.0 library, where the EVP_md2 symbol is disabled by default for security reasons. Prerequisites

Root privileges (use sudo or switch to root with su).
An internet connection to download packages.
The rpm command (since yum and dnf are currently broken).
The wget or curl command to download RPMs.

Step-by-Step Resolution Step 1: Identify the Problematic Packages Determine which packages provide the affected libraries: libldap.so.2 (from openldap) and the libdnf module.

Check the package for libldap.so.2:

# rpm -qf /lib64/libldap.so.2

Expected output (example): openldap-2.6.2-1.el9.x86_64. Note the exact version.

Check the package for libdnf: The error occurs in /usr/lib64/python3.9/site-packages/libdnf/_conf.so. Find its package:

# rpm -qf /usr/lib64/python3.9/site-packages/libdnf/_conf.so

Expected output (example): libdnf-0.67.0-1.el9.x86_64.

List all dnf-related packages:

# rpm -qa | grep dnf

Example output:

   libdnf-0.67.0-1.el9.x86_64
   dnf-4.14.0-1.el9.noarch
   python3-dnf-4.14.0-1.el9.noarch
   dnf-data-4.14.0-1.el9.noarch

Record the versions of openldap, libdnf, dnf, and python3-dnf. Step 2: Verify the OpenSSL Version Confirm the OpenSSL version, as the error relates to OpenSSL 3.0.0:

# openssl version

CentOS Stream 9 typically uses OpenSSL 3.0.0 or later, where EVP_md2 is disabled, causing the compatibility issue. Step 3: Locate Updated Packages Since yum and dnf are broken, manually download updated RPMs for openldap, libdnf, dnf, and python3-dnf that are compatible with OpenSSL 3.0.0. CentOS Stream 9 is actively maintained, so updates are available in its repositories. Repository mirrors for CentOS Stream 9: Use the official CentOS mirrors, such as mirror.stream.centos.org. The main repositories are:

BaseOS: Contains core system packages (e.g., openldap).
AppStream: Contains additional software (e.g., libdnf, dnf, python3-dnf).

Example mirror URLs:

BaseOS: http://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/Packages/
AppStream: http://mirror.stream.centos.org/9-stream/AppStream/x86_64/os/Packages/

Find newer package versions: Visit the mirror URLs or use a browser to check for newer versions of:

openldap (e.g., openldap-2.6.2-3.el9.x86_64.rpm)
libdnf (e.g., libdnf-0.67.0-3.el9.x86_64.rpm)
dnf (e.g., dnf-4.14.0-3.el9.noarch.rpm)
python3-dnf (e.g., python3-dnf-4.14.0-3.el9.noarch.rpm)

Compare these to the versions from Step 1. If newer versions exist, they may include fixes for the OpenSSL compatibility issue. Step 4: Download Updated RPMs Use wget to download the latest RPMs from the CentOS Stream 9 repositories. Replace the version numbers below with the latest ones you found. Example commands:

# wget http://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/Packages/openldap-2.6.2-3.el9.x86_64.rpm
# wget http://mirror.stream.centos.org/9-stream/AppStream/x86_64/os/Packages/libdnf-0.67.0-3.el9.x86_64.rpm
# wget http://mirror.stream.centos.org/9-stream/AppStream/x86_64/os/Packages/dnf-4.14.0-3.el9.noarch.rpm
# wget http://mirror.stream.centos.org/9-stream/AppStream/x86_64/os/Packages/python3-dnf-4.14.0-3.el9.noarch.rpm
# wget http://mirror.stream.centos.org/9-stream/AppStream/x86_64/os/Packages/dnf-data-4.14.0-3.el9.noarch.rpm

Dependencies: If rpm later complains about missing dependencies (e.g., libcrypto.so.3 from openssl-libs), download those RPMs from the same mirror. For example:

# wget http://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/Packages/openssl-libs-3.0.7-1.el9.x86_64.rpm

Step 5: Install the Updated Packages Install all downloaded RPMs together to handle dependencies:

# rpm -Uvh openldap-*.rpm libdnf-*.rpm dnf-*.rpm python3-dnf-*.rpm dnf-data-*.rpm

The -Uvh flags mean: --upgrade (installs or upgrades), --verbose, and --hash (shows progress). If you encounter dependency errors, include the missing RPMs (e.g., openssl-libs-*.rpm) and retry:

# rpm -Uvh *.rpm

Note: Avoid using --nodeps to force installation, as it may cause further issues. Step 6: Verify the Fix Test yum and dnf to confirm the error is resolved:

# yum --version
# dnf --version

If these commands run without the ImportError, the fix worked. Test a package operation:

# yum check-update

Step 7: Clean Up Remove the downloaded RPM files to free up space:

# rm *.rpm

If Updates Don’t Resolve the Issue If no compatible updates are available or the error persists:

Check for known bugs: Search for “libldap.so.2: undefined symbol: EVPmd2, version OPENSSL3.0.0” on the CentOS bug tracker (https://issues.redhat.com/) or community forums.
Reinstall dnf and dependencies: As a last resort, force-remove and reinstall the affected packages:

# rpm -e --nodeps libdnf dnf python3-dnf openldap
# rpm -ivh openldap-*.rpm libdnf-*.rpm dnf-*.rpm python3-dnf-*.rpm dnf-data-*.rpm

Contact support: If you’re stuck, ask for help on the CentOS mailing list or forums, providing your error details and OS version (CentOS Stream 9).

Example Workflow Here’s how the process might look on CentOS Stream 9:

Run rpm -qf /lib64/libldap.so.2 → Output: openldap-2.6.2-1.el9.x86_64.
Run rpm -qa | grep dnf → Output: libdnf-0.67.0-1.el9.x86_64, dnf-4.14.0-1.el9.noarch, etc.
Check http://mirror.stream.centos.org/9-stream/ and find newer versions (e.g., openldap-2.6.2-3.el9, libdnf-0.67.0-3.el9).
Download RPMs with wget (as shown in Step 4).
Install with rpm -Uvh *.rpm.
Verify with yum --version and yum check-update.

Additional Notes

CentOS Stream 9 is a rolling-release distribution, so staying up-to-date with dnf update (once fixed) prevents similar issues.
Avoid downgrading OpenSSL or enabling MD2, as it introduces security risks.
If you need further assistance, provide the exact versions from Step 1 or any new error messages.

Spread the word: