<oops - have switched Gmail to plain text now> Each of the versions of Apache/mod_ssl/OpenSSL that I'm using have been periodically updated with essential security updates (so while it's Apache 1.3.12 as a baseline, it's not quite that ancient). However, it can be hard to tell exactly *which* patches have been applied.
You're completely right, though - this is a horrible situation :-) What I've really been looking for is some kind of statement that OpenSSL version X is only compatible with mod_ssl version X (and later). Like I said before, I know that Apache and mod_ssl are closely tied together, but have never seen anything that notes the 'dependencies' between Apache/mod_ssl and OpenSSL. Thanks for your response. Simon On 11/9/05, Boyle Owen <[EMAIL PROTECTED]> wrote: > Plain text please... > > This basically amounts to asking whether the API for openssl 0.9.8a is > backwards compatible as far as 0.9.5a - that is, there are various function > calls in mod_ssl 2.6.6 which expect to be understood by the OpenSSL library. > If the interface to the library has changed at all since April 2000, the > answer will be "no" (I'd be astonished if it is "yes"). > > It is not unusual for people to be a version or two behind with their various > apache components, but you seem to be in an extremely complicated position. > Apache 1.3.12 is not only ancient (July 2000), by comparison with a modern > version, it is buggy and insecure. You are doing no-one a favour by keeping > it on the internet. Rather than pottering about trying to fit a hydrogen fuel > cell to a Morris 1000 Traveller, I would invest the effort in modifying > whatever application that forces you to use apache 1.3.12 so you can upgrade > apache to a recent version. > > Rgds, > Owen Boyle > Disclaimer: Any disclaimer attached to this message may be ignored. > > > -----Original Message----- > From: Simon Irwin [mailto:[EMAIL PROTECTED] > Sent: Mittwoch, 9. November 2005 15:03 > To: users@httpd.apache.org > Subject: [EMAIL PROTECTED] Apache 1.3 and OpenSSL > > > Hi All - > > I'm using a very old version of Apache - 1.3.12 and mod_ssl 2.6.6. For > historical reasons I cannot upgrade to newer versions. > > However, I may soon need to upgrade my OpenSSL version from 0.9.5a to 0.9.8a. > I know this is a strange position to be in. > > So I have a couple of questions. Does anyone know whether Apache 1.3.12 > (with mod_ssl 2.6.6) will work with OpenSSL 0.9.8a? Are there any known > compatibility issues? > > Any feedback would be greatly appreciated. > thanks > Simon > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen > Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a > private and personal nature. It is not related to the exchange or business > activities of the SWX Group. Le présent e-mail est un message privé et > personnel, sans rapport avec l'activité boursière du Groupe SWX. > > > This message is for the named person's use only. It may contain confidential, > proprietary or legally privileged information. No confidentiality or > privilege is waived or lost by any mistransmission. If you receive this > message in error, please notify the sender urgently and then immediately > delete the message and any copies of it from your system. Please also > immediately destroy any hardcopies of the message. You must not, directly or > indirectly, use, disclose, distribute, print, or copy any part of this > message if you are not the intended recipient. The sender's company reserves > the right to monitor all e-mail communications through their networks. Any > views expressed in this message are those of the individual sender, except > where the message states otherwise and the sender is authorised to state them > to be the views of the sender's company. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]