httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luke Swihart <Luke.Swih...@nashfinch.com>
Subject RE: [users@httpd] list serv for mod_ssl and other Apache modules
Date Wed, 16 Mar 2011 17:51:48 GMT
Just so everyone remembers in the OpenSSL world that OpenSSL versions in 
the 0.9.x tree from letter to letter are *NOT* binary compatible. There 
are lots of writeups on this. If you're going to update OpenSSL this means 
you are most likely going to need to recompile.   They are suposedly 
trying to do something in the 1.0.0 tree to make this better. This is the 
whole reasoning behind the project : OpenTLS  (www.opentls.org)  On this 
page it explains more about the versioning issues in OpenSSL.





"Edwards, Denise" <Denise.Edwards@Bowne.com> 
03/14/2011 02:05 PM
Please respond to
users@httpd.apache.org


To
<users@httpd.apache.org>
cc

Subject
RE: [users@httpd] list serv for mod_ssl and other Apache modules






Thanks Nick.

I don't want to recompile anything. The extent of my Apache HTTPD
knowledge centers on installing, configuring and running it. I usually
get this package, including the ssl, from the site.

If I'm not mistaken, the 'openssl' version referenced in the install
filename is the version that the mod_ssl module was compiled against.
I'm not sure it makes much of a difference but... to plug that
'potential' security hole we need the module compiled against the later
version.

I downloaded the openssl version required, and it's a lib. Not sure
where to go from there (as I don't want to compile the web server) and I
only see docs on ssl certs, which I already know how to do. Will check
again though.

Not sure if this can actually be done separately -->upgrade mod_ssl
separately.


-----Original Message-----
From: Nick Kew [mailto:nick@webthing.com] 
Sent: Monday, March 14, 2011 11:35 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] list serv for mod_ssl and other Apache
modules

On Mon, 14 Mar 2011 10:22:04 -0400
"Edwards, Denise" <Denise.Edwards@Bowne.com> wrote:

> Thanks Eric.
> 
> I've installed the latest Apache with SSL (v2.2.17 and openSSL
0.9.8o).
> We have a security issue that is fixed with openSSL 0.9.8p. How do you
> update this latest Apache release to accommodate this (without having
to
> re-build Apache altogether)?

How do you know you need to recompile?  Do the OpenSSL release notes
tell you it breaks binary compatibility?  Or did you link it statically
(in which case, whoever built it knows about custom builds)?

If you really need to recompile, see the docs for apxs.

-- 
Nick Kew

Available for work, contract or permanent.
http://www.webthing.com/~nick/cv.html

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

CONFIDENTIALITY NOTICE: The information in this Internet email is 
confidential and may be legally privileged. It is intended solely for the 
addressee. Access to this email by anyone else is unauthorized. 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



**************************************************************************************
This email may contain information proprietary to Nash Finch Company and is intended
only for the use of the recipient(s).If you have received this email in error, any
review, dissemination, distribution or copying of this message is strictly prohibited.
If you are not the intended recipient(s),please notify the sender immediately.
*************************************************************************************


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message