On 9/20/07, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote: > > Tom Donovan wrote: > > William A. Rowe, Jr. wrote: > >> > >> But if mod_deflate doesn't use it, and openssl is built zlib-dynamic, > >> they simply pitched compression from ssl sessions as well with no other > >> adverse effects. > > Yes, exactly. openssl doesn't select gzip compression if zlib-dynamic > > and zlib1.dll is missing. > >> > >> The other aspect, if a zlib1.dll replacement is needed for some > critical > >> decryption flaw in zlib again, it will be nice not to force users to > >> entirely replace openssl or mod_deflate. So I expect we'll leave it > >> as-is. > >> > > I think mod_deflate on Windows links statically (zlib.lib) while openssl > > is linked dynamically (zdll.lib). At 40-60kb it's no big deal either > > way - but the "security flaw in zlib" argument would seem to apply to > > both equally. Both static or both dynamic would be more consistent. > > You were right, we weren't linking to zdll.lib for mod_deflate, I'll be > fixing that shortly, and working up the two patches to share, one for the > APR_NO_FILE tweak, one for the stderr quirk with modperl. > > Had to push out these binaries first, and also now am struggling very > deep inside MSVCR80/OpenSSL/ActiveState Perl on x64 and a host of bugs > that some of the perl packages have, assuming they can pack pointers > into int's and back out again. Sorry that mess left me distracted from > the issues you raised for most of this week.
I found ActivePerl to not work to well on x64... I compiled the original perl source with MSVC70 and it works ok with extensions compiled with MSVC80... I never manged to get perl itself on MSVC80. I had no luck with ActiveState Perl. Bill > -- ~Jorge