httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jorge Schrauwen" <jorge.schrau...@gmail.com>
Subject Re: Thoughts on Camillia in openssl binaries?
Date Thu, 20 Sep 2007 08:36:58 GMT
On 9/20/07, William A. Rowe, Jr. <wrowe@rowe-clan.net> wrote:
>
> Tom Donovan wrote:
> > William A. Rowe, Jr. wrote:
> >>
> >> But if mod_deflate doesn't use it, and openssl is built zlib-dynamic,
> >> they simply pitched compression from ssl sessions as well with no other
> >> adverse effects.
> > Yes, exactly. openssl doesn't select gzip compression if zlib-dynamic
> > and zlib1.dll is missing.
> >>
> >> The other aspect, if a zlib1.dll replacement is needed for some
> critical
> >> decryption flaw in zlib again, it will be nice not to force users to
> >> entirely replace openssl or mod_deflate.  So I expect we'll leave it
> >> as-is.
> >>
> > I think mod_deflate on Windows links statically (zlib.lib) while openssl
> > is linked dynamically (zdll.lib).  At 40-60kb it's no big deal either
> > way - but the "security flaw in zlib" argument would seem to apply to
> > both equally.  Both static or both dynamic would be more consistent.
>
> You were right, we weren't linking to zdll.lib for mod_deflate, I'll be
> fixing that shortly, and working up the two patches to share, one for the
> APR_NO_FILE tweak, one for the stderr quirk with modperl.
>
> Had to push out these binaries first, and also now am struggling very
> deep inside MSVCR80/OpenSSL/ActiveState Perl on x64 and a host of bugs
> that some of the perl packages have, assuming they can pack pointers
> into int's and back out again.  Sorry that mess left me distracted from
> the issues you raised for most of this week.


I found ActivePerl to not work to well on x64... I compiled the original
perl source with MSVC70 and it works ok with extensions compiled with
MSVC80... I never manged to get perl itself on MSVC80. I had no luck with
ActiveState Perl.

Bill
>



-- 
~Jorge

Mime
View raw message