Re: 1.3.6 + 2.2.6 PB with openssl < 0.9.2
GOMEZ Henri wrote: > > > Yes, mostly all problems until now were with older OpenSSL versions. > > > [GOMEZ Henri] Most of us are ready to switch to OpenSSL now.. > > > Although I personally don't understand why people feel such dependent > > on > > existsing RPMS (hey, it's open source, you can compile it yourself in > > 10 > > minutes!), maybe you're right. But why is there still no such RPM > > stuff > > available? > > Because the shared library support using shell scripts breaks too easily... > [GOMEZ Henri] The RPM is a great stuff when you want to install > and preload many systems. > It's really a kind of InstallShield (but many time powerfull). > Also I personnaly think > it's one of the best way to have an 'industrial process' for > software production. > > > Yes and no. Except for the security fix (the session tagging call) the > > >= > > 0x0920 stuff is either consistency (the ciphers), cleanness (the > > SSL_clean > > call) or not imporant. At least because of this nothing should fail > > with older > > version. > [GOMEZ Henri] We have to wait so for OpenSSL 0.9.2 RPM... > Well, at http://www.engelschall.com/sw/mod_ssl/contrib/ there are intel binaries now. Two points of caution to it: - they are built from CVS snapshots. Steve Henson is working on PKCS12 support which might break the standalone pkcs12 utility he published. - there is no corresponding source package because I did not automate the complete build into a real spec file. When I've found time to solve the second point, I'll upload new binary and source packages with a higher release number and built from the 'official' frozen 0.9.2 sources. Because of that, the 'release number' is 0_0328 to reflect the CVS snapshot it is made from. 'rpm -q --changelog openssl' will show the top of the cvs CHANGES log. -- Niels Poppe - org.net bv <[EMAIL PROTECTED]> __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: 1.3.6 + 2.2.6 PB with openssl < 0.9.2
> Yes, mostly all problems until now were with older OpenSSL versions. > [GOMEZ Henri] Most of us are ready to switch to OpenSSL now.. > Although I personally don't understand why people feel such dependent > on > existsing RPMS (hey, it's open source, you can compile it yourself in > 10 > minutes!), maybe you're right. But why is there still no such RPM > stuff > available? > [GOMEZ Henri] The RPM is a great stuff when you want to install and preload many systems. It's really a kind of InstallShield (but many time powerfull). Also I personnaly think it's one of the best way to have an 'industrial process' for software production. > Yes and no. Except for the security fix (the session tagging call) the > >= > 0x0920 stuff is either consistency (the ciphers), cleanness (the > SSL_clean > call) or not imporant. At least because of this nothing should fail > with older > version. [GOMEZ Henri] We have to wait so for OpenSSL 0.9.2 RPM... __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: 1.3.6 + 2.2.6 PB with openssl < 0.9.2
On Fri, Mar 26, 1999, GOMEZ Henri wrote: > The problem seems to be when open-ssl/ssleay version is less than 0.9.2 > (0x920). Yes, mostly all problems until now were with older OpenSSL versions. > Since there is at this time, no RPM for RH Intel platform, all RH > users have the same problems. Although I personally don't understand why people feel such dependent on existsing RPMS (hey, it's open source, you can compile it yourself in 10 minutes!), maybe you're right. But why is there still no such RPM stuff available? > There is many difference between 2.2.5 and 2.2.6 in pkg.sslmod and code > in mod_ssl 2.2.6 and > many depends on SSL_LIBRARY_VERSION >= 0x0920 Yes and no. Except for the security fix (the session tagging call) the >= 0x0920 stuff is either consistency (the ciphers), cleanness (the SSL_clean call) or not imporant. At least because of this nothing should fail with older version. OTOH, don't think about <= 0x0920 any longer. From the next mod_ssl versions (I'm currently thinking about 2.2.7 vs. 2.3.0) OpenSSL 0.9.2b is a hard requirement and all those #ifdef's will be kicked out completely. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]