httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Hansen <joe.hansen...@gmail.com>
Subject [users@httpd] Re: Delivery Status Notification (Failure)
Date Tue, 29 Jan 2013 21:25:23 GMT
Thanks for the super quick responses, Tony and Richard.

I did not use --with-ssl while running configure. I thought the
configure script will find the latest version intalled on the machine
because the openssl script is in the PATH (/usr/bin).

Before building and installing the new version of OpenSSL (1.0.1c), I
did not remove the previous version. However after building and
installing OpenSSL, the previous openssl script in /usr/bin was
overridden by the newer version.

Here are the outputs of various commands

$ uname -a
Linux my-redhat-box 2.6.32-276.el6.x86_64 #1 SMP

$ rpm -qa | grep openssl
openssl-1.0.0-25.el6_3.1.x86_
64
openssl-devel-1.0.0-25.el6_3.1.x86_64

$ openssl version
OpenSSL 1.0.1c 10 May 2012

$ HEAD localhost
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/1.0.0-fips mod_jk/1.2.37

As you can see from above, the OpenSSL versions given by different
commands is inconsitent.

$ whereis openssl
openssl: /usr/bin/openssl /usr/lib64/openssl /usr/include/openssl
/usr/share/man/man1/openssl.1ssl.gz


Tony, if I need to use --with-ssl parameter (for the configure
script), I do not understand which directory that I need to use.

We use TrustWave for PCI compliance. I do not know how to check RedHat
CVEs. We use Amazon EC2 platform for our RedHat 6 server. Thanks for
your help!

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message