I also see ssleay32.dll with a April 2015 date in your assp.mod disty. On Mon, Jun 15, 2015 at 10:14 AM, K Post <nntp.p...@gmail.com> wrote:
> ssleay32.dll (note the 32) is generally included with windows OpenSSL > distros. > > I misunderstood what you were saying about the .dll in the distro and that > its build process creates the ssleay.dll vs. relying on one from the > openssl distro. > > If Net-SSLeay is using 1.0.2a code, I worry that there's a potential > security hole there, being that is't now on the C revision. I guess I just > need to wait for the module to be updated. Again, I'd rather ask and know > and understand instead of just blindly assuming that all is okay... > > > On Mon, Jun 15, 2015 at 1:45 AM, Thomas Eckardt < > thomas.ecka...@thockar.com> wrote: > >> > > >Can we safely replace the >> > > SSLeay.dll in C:\Perl\site\lib\auto\Net\SSLeay with one from >> > > https://slproweb.com/products/Win32OpenSSL.html? >> >> IMHO, there is no such file in the openssl software! What answer you >> expect to get? >> >> >Interesting! So you think we could remove the ssleay.dll from the folder >> >and be fine? >> >> You want to remove code from the perl distro? Where should Perl now get >> the removed code from? >> >> >I don't understand the relationship.... >> >The description of the package indicates that it's for OpenSSL 1.0.2a >> ,but what does that mean? >> >> The module is compiled/linked 'static' against the openssl version 1.0.2a >> and does not require an openssl installation. >> >> Thomas >> >> >> >> >> >> >> >> >> >> Von: K Post <nntp.p...@gmail.com> >> An: ASSP development mailing list <assp-test@lists.sourceforge.net> >> Datum: 14.06.2015 15:57 >> Betreff: Re: [Assp-test] OpenSSL update? >> >> >> >> Interesting! So you think we could remove the ssleay.dll from the folder >> and be fine? >> >> I don't understand the relationship between the module and the openssl >> software. I'm trying to figure that out. The description of the package >> indicates that it's for OpenSSL 1.0.2a ,but what does that mean? >> >> Hopefully, I'm worried about nothing, but I'd rather be overly cautious >> for >> nothing, than regret not having done more.... >> >> On Sun, Jun 14, 2015 at 1:43 AM, Thomas Eckardt >> <thomas.ecka...@thockar.com> >> wrote: >> >> > >Wouldn't the old DLL cause problems with the newer version >> > of the module? >> > >> > IMHO the Net:::SSLeay module is compiled 'static'. So the .DLL's from >> > openssl are not used by this module. >> > >> > Thomas >> > >> > >> > Von: K Post <nntp.p...@gmail.com> >> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> >> > Datum: 13.06.2015 16:08 >> > Betreff: Re: [Assp-test] OpenSSL update? >> > >> > >> > >> > The problem is that the module is up to date (1.68), but OpenSSL is >> still >> > from February. Wouldn't the old DLL cause problems with the newer >> > version >> > of the module? >> > >> > 1.0.2c was released yesterday to patch yet another vulnerability. >> > >> > I don't have the tools installed to compile the dll from Source on >> > Windows, >> > but supposed I could. I really don't know what I'm doing in that >> respect >> > though and worry that it wouldn't be 100% right causing instability or >> > worse. >> > >> > On Sat, Jun 13, 2015 at 1:52 AM, Thomas Eckardt >> > <thomas.ecka...@thockar.com> >> > wrote: >> > >> > > >Can we safely replace the >> > > SSLeay.dll in C:\Perl\site\lib\auto\Net\SSLeay with one from >> > > https://slproweb.com/products/Win32OpenSSL.html? >> > > >> > > NEVER replace any .DLL file in a Perl installation by hand! This will >> > > break the related module! >> > > >> > > Update the module using PPM. If you know what and how to do, you can >> use >> > > CPAN and compile the module XS code with your (for example) OpenSSL >> > source >> > > and header files, >> > > >> > > Thomas >> > > >> > > >> > > >> > > >> > > Von: K Post <nntp.p...@gmail.com> >> > > An: ASSP development mailing list >> <assp-test@lists.sourceforge.net> >> > > Datum: 12.06.2015 22:48 >> > > Betreff: [Assp-test] OpenSSL update? >> > > >> > > >> > > >> > > Thomas- >> > > >> > > Back at the end of February you published a complete X86 Perl 5.20 >> > > installation. It's working wonderfully, but since then there's been a >> > > bunch of OpenSSL updates, the most recent being published yesterday to >> > > 1.0.2b. >> > > >> > > PPM shows that I have version 1.68 of Net-SSLeay installed in SITE >> (for >> > > OpenSSL 1.0.2a, that's a, not b, but at least it's close). >> > > >> > > The info page of the GUI shows 1.68 too. Good. >> > > >> > > What worries me is that the SSLeay.dll file in >> > > C:\Perl\site\lib\auto\Net\SSLeay is still dated Feb 25, 2015, the same >> > > date >> > > as the one in your Perl 5.20 installation. Can we safely replace the >> > > SSLeay.dll in C:\Perl\site\lib\auto\Net\SSLeay with one from >> > > https://slproweb.com/products/Win32OpenSSL.html? If so, are there >> other >> > > files that need updating? >> > > >> > > Also, PPM shows v1.55 of Net-SSLeay as being installed in PERL (no >> > update >> > > available). I can't seem to remove the v1.55 from PPM, nor do I know >> if >> > I >> > > should want to. >> > > >> > > Thank you for the guidance as always. >> > > >> > > >> > >> > >> >> ------------------------------------------------------------------------------ >> > > _______________________________________________ >> > > Assp-test mailing list >> > > Assp-test@lists.sourceforge.net >> > > https://lists.sourceforge.net/lists/listinfo/assp-test >> > > >> > > >> > > >> > > >> > > >> > > >> > > DISCLAIMER: >> > > ******************************************************* >> > > This email and any files transmitted with it may be confidential, >> > legally >> > > privileged and protected in law and are intended solely for the use of >> > the >> > > >> > > individual to whom it is addressed. >> > > This email was multiple times scanned for viruses. There should be no >> > > known virus in this email! >> > > ******************************************************* >> > > >> > > >> > > >> > >> > >> >> ------------------------------------------------------------------------------ >> > > _______________________________________________ >> > > Assp-test mailing list >> > > Assp-test@lists.sourceforge.net >> > > https://lists.sourceforge.net/lists/listinfo/assp-test >> > > >> > >> > >> >> ------------------------------------------------------------------------------ >> > _______________________________________________ >> > Assp-test mailing list >> > Assp-test@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/assp-test >> > >> > >> > >> > >> > >> > >> > DISCLAIMER: >> > ******************************************************* >> > This email and any files transmitted with it may be confidential, >> legally >> > privileged and protected in law and are intended solely for the use of >> the >> > >> > individual to whom it is addressed. >> > This email was multiple times scanned for viruses. There should be no >> > known virus in this email! >> > ******************************************************* >> > >> > >> > >> >> ------------------------------------------------------------------------------ >> > _______________________________________________ >> > Assp-test mailing list >> > Assp-test@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/assp-test >> > >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> Assp-test mailing list >> Assp-test@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/assp-test >> >> >> >> >> >> >> DISCLAIMER: >> ******************************************************* >> This email and any files transmitted with it may be confidential, legally >> privileged and protected in law and are intended solely for the use of the >> >> individual to whom it is addressed. >> This email was multiple times scanned for viruses. There should be no >> known virus in this email! >> ******************************************************* >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> Assp-test mailing list >> Assp-test@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/assp-test >> > > ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
