System-upgrade 40 to 41 error: openssl.cnf conflicts between ca-certificates and libressl

Hello!

This past summer I got a new laptop and installed Fedora 40 on it. Today I tried to upgrade to 41 with “dnf system-upgrade.” All the downloads and key-import worked fine. However, I got a transaction error:

file /etc/ssl/openssl.cnf conflicts between attempted installs of ca-certificates-2024.2.69_v8.0.401-1.0.fc41.noarch and libressl-3.7.3-1.x86_64

My Fedora 40 system doesn’t have libressl installed, but it is on the list of packages downloaded for the upgrade. I am not sure what is pulling it in. The ca-certificates package is a necessary system package, so it must be upgraded.

I did just update all the 40 packages before attempting. I also tried the “–best --allowerasing --skip-broken” options, but still the error remains. I am not sure what I can do about this conflict.

It appears that libressl is not a fedora package.

With f41

# dnf list libressl
Updating and loading repositories:
Repositories loaded.
No matching packages to list

and with f40

# dnf list libressl --releasever=40
Updating and loading repositories:
 Fedora 40 - x86_64 - Updates Archive                                                       100% |   9.9 KiB/s |   3.4 KiB |  00m00s
 RPM Fusion for Fedora 40 - Free tainted                                                    100% |   9.1 KiB/s |   3.3 KiB |  00m00s
 Fedora 40 - x86_64 - Updates                                                               100% |  45.8 KiB/s |  29.8 KiB |  00m01s
 Fedora 40 - x86_64 - Updates Archive                                                       100% |   2.7 MiB/s |  15.6 MiB |  00m06s
 Fedora 40 - x86_64 - Updates                                                               100% |   7.3 MiB/s |  11.1 MiB |  00m02s
Repositories loaded.
No matching packages to list

What repo was it being pulled from?

You probably could remove that package before downloading or exclude it from the download to solve this issue.

I am guessing that you may have one or more non-fedora repos enabled and packages installed that pull libressl in.

1 Like

What do you get for dnf info libressl? Are you using RPM Sphere?

I did a quick search for libressl and found that it was forked from openssl in 2014. https://www.libressl.org/
It is not surprising that there are conflicts.

Okay, those answers were helpful. When I disabled rpmsphere and re-ran the command, openssl was pulled in rather than libressl. The upgrade could then proceed and it went fine.

Thanks for the quick leads!

1 Like