Regarding CVE-2009-0789
Hello users, CVE-2009-0789 seems to be applicable to openssl 0.9.7l based on the affected versions mentioned. We are using Apache 1.3.34 + openssl 0.9.7l.The solution given is to upgrade to 0.9.8k,but Apache 1.3x with openssl 0.9.8 is not working together. We thought of merging the code changes done as part of this vulnerability to openssl 0.9.7l source code, but not able to see code changes anywhere. Any place where we can see the code changes for this vulnerability? Please suggest. Thanks and Regards, Prathima. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Regarding CVE-2009-0789
Thanks Steve for your help. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Friday, August 28, 2009 4:44 PM To: openssl-users@openssl.org Subject: Re: Regarding CVE-2009-0789 On Fri, Aug 28, 2009, Prathima Dandapani -X (pdandapa - HCL at Cisco) wrote: Hello users, CVE-2009-0789 seems to be applicable to openssl 0.9.7l based on the affected versions mentioned. We are using Apache 1.3.34 + openssl 0.9.7l.The solution given is to upgrade to 0.9.8k,but Apache 1.3x with openssl 0.9.8 is not working together. We thought of merging the code changes done as part of this vulnerability to openssl 0.9.7l source code, but not able to see code changes anywhere. Any place where we can see the code changes for this vulnerability? Please suggest. You can check the dates and then analyse commits to CVS. In this case the change is: http://cvs.openssl.org/chngview?cn=17909 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: upgrade openssl, do I need to recompile apache
Yes, you need to recompile mod_ssl of Apache when openssl is upgraded. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of csross Sent: Wednesday, October 22, 2008 3:02 AM To: openssl-users@openssl.org Subject: upgrade openssl, do I need to recompile apache I have a Solaris 8 server. I just upgraded openssl (0.9.7m to 0.9.8.h) and prior notes indicated that an apachectl -k graceful took care of reloading the new ssl. After restarting (either graceful or stop/start), the error log shows the old version still loading and the server-status shows the same. [Tue Oct 21 17:21:40 2008] [notice] Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7m configured -- resuming normal operations My config.log for http show ./configure --disable-ipv6 --enable-info --enable-status --enable-ssl --with -ssl=/usr/local/ssl --disable-negotiation --disable-userdir --disable-autoindex --disable-imap --enable-expires Any suggestions please? -- View this message in context: http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache-tp200 99833p20099833.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: upgrade openssl, do I need to recompile apache
If you are loading mod_ssl dynamically into Apache,you can goto httpd-2.2.8/modules/ssl directory and compile. If it is statically linked to Apache then it is a must to recompile Apache too. Let me know for more information. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of csross Sent: Wednesday, October 22, 2008 8:16 PM To: openssl-users@openssl.org Subject: RE: upgrade openssl, do I need to recompile apache Thank you. Do I go into the apache source (httpd-2.2.8/modules/ssl) and just recompile in this directory or recompile the entire thing (apache)? How do you get apache to use the new mod_ssl then? Thank you very much. Prathima Dandapani -X (pdandapa - HCL at Cisco) wrote: Yes, you need to recompile mod_ssl of Apache when openssl is upgraded. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of csross Sent: Wednesday, October 22, 2008 3:02 AM To: openssl-users@openssl.org Subject: upgrade openssl, do I need to recompile apache I have a Solaris 8 server. I just upgraded openssl (0.9.7m to 0.9.8.h) and prior notes indicated that an apachectl -k graceful took care of reloading the new ssl. After restarting (either graceful or stop/start), the error log shows the old version still loading and the server-status shows the same. [Tue Oct 21 17:21:40 2008] [notice] Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7m configured -- resuming normal operations My config.log for http show ./configure --disable-ipv6 --enable-info --enable-status --enable-ssl --with -ssl=/usr/local/ssl --disable-negotiation --disable-userdir --disable-autoindex --disable-imap --enable-expires Any suggestions please? -- View this message in context: http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache -tp200 99833p20099833.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/upgrade-openssl%2C-do-I-need-to-recompile-apache-tp200 99833p20111935.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Build static openssl
Hello All, Can anyone tell me how to create statically linked openssl? I have used no-shared option to Configure script,but invain. Please share your suggestions. Thanks, Prathima.
Compilation errors in openssl 0.9.8h version
Hello All, Am trying to compile openssl 0.9.8h version. I am getting following errors during compilation. C:\Apache_2.2.9\httpd-2.2.9\srclib\opensslnmake -f ms\ntdll.mak Microsoft (R) Program Maintenance Utility Version 6.00.8168.0 Copyright (C) Microsoft Corp 1988-1998. All rights reserved. Building OpenSSL cl /Fotmp32dll\cversion.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN - DDSO_WIN32 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_CPUI D_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_A SM -DSHA1_ASM -DRMD160_ASM -DOPENSSL_USE_APPLINK -I. /Fdout32dll -DOPENSSL_NO_ID EA -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -D OPENSSL_NO_TLSEXT -DOPENSSL_NO_CMS -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -D_WINDLL -DOPENSSL_BUILD_SHLIBCRYPTO -DMK1MF_BUILD -DMK1MF_PLATFORM_VC_WIN32 -c .\crypto\cversion.c cversion.c .\crypto\cversion.c(105) : error C2220: warning treated as error - no object fil e generated .\crypto\cversion.c(105) : warning C4129: 'o' : unrecognized character escape se quence NMAKE : fatal error U1077: 'cl' : return code '0x2' Stop. Any thoughts? Thanks in advance, Prathima.
RE: Compilation errors in openssl 0.9.8h version
Thanks Ion for quick response. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ion LarraƱaga Sent: Friday, August 08, 2008 11:24 AM To: openssl-users@openssl.org Subject: Re: Compilation errors in openssl 0.9.8h version Hello, When you run Configure if you pass the prefix, you must use slashes (Unix) instead of backslashes (Windows), even if you are compiling in a Windows system. If you do something like this: perl Configure VC-WIN32 --prefix c:\openssl The compiler will complain because somewhere in the code, a string c:\openssl appears, so the compiler thinks that with '\o' you mean some kind of escape sequence (kind of '\n' and '\b'), and '\o' is not defined. You must use slashes. This is: perl Configure VC-WIN32 --prefix c:/openssl Even though you are compiling under Windows. Best regards, Ion Ambarish Mitra(e)k dio: Hello All, Am trying to compile openssl 0.9.8h version. I am getting following errors during compilation. C:\Apache_2.2.9\httpd-2.2.9\srclib\opensslnmake -f ms\ntdll.mak Microsoft (R) Program Maintenance Utility Version 6.00.8168.0 Copyright (C) Microsoft Corp 1988-1998. All rights reserved. Building OpenSSL cl /Fotmp32dll\cversion.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 /W3 /WX AM: /WX tells the compiler to treat a warning as an error. /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN - DDSO_WIN32 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_ CPUI D_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DM D5_A SM -DSHA1_ASM -DRMD160_ASM -DOPENSSL_USE_APPLINK -I. /Fdout32dll -DOPENSSL_NO_ID EA -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC 2 -D OPENSSL_NO_TLSEXT -DOPENSSL_NO_CMS -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_EN GINE -D_WINDLL -DOPENSSL_BUILD_SHLIBCRYPTO -DMK1MF_BUILD -DMK1MF_PLATFORM_VC_WI N32 -c .\crypto\cversion.c cversion.c .\crypto\cversion.c(105) : error C2220: warning treated as error - no object fil e generated .\crypto\cversion.c(105) : warning C4129: 'o' : unrecognized character escape se quence --- AM: This tells it all. In the code, you have somewhere \o - which is not recognized as an escape sequence. Escape seq examples are \n, \t, \r ... Since you have used /WX, this warning is treated as an error, and the compiler aborts. Correct this portion of the code, or remove /WX from compiler option. Thanks, Ambarish. NMAKE : fatal error U1077: 'cl' : return code '0x2' Stop. Any thoughts? Thanks in advance, Prathima. DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Is openssl works on WIN2k8 server
Hello, Anyone tried executing openssl on WIN2k8 server? Is it officially supported? Thanks in advance, Prathima.
RE: When is the next release of openssl?
Hi, Any idea on the next release of openssl version in 0.9.7 series? Thanks, Prathima. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Prathima Dandapani -X (pdandapa - HCL at Cisco) Sent: Saturday, October 06, 2007 11:42 AM To: openssl-users@openssl.org Subject: When is the next release of openssl? Any idea on the next release of openssl version Thanks, Prathima.
When is the next release of openssl?
Any idea on the next release of openssl version Thanks, Prathima.