Hi Dennis, The OpenSSL version in the webappz package is vulnerable to the new Heartbleed exploit. Has anyone updated this package with the patched OpenSSL?
If not, I guess the people affected will have to rebuild OpenSSL themselves. Hopefully the update instructions in the webappz package are accurate. If anyone is interested in testing their SSL deployment, here's a link to a test site: http://filippo.io/Heartbleed/ Best, -- Allen Cronce On Oct 4, 2012, at 1:18 PM, Gaastra Dennis - WO Lists <[email protected]> wrote: > Dear List, > > We finally got this working to our client's wishes. Features: > > - Complete Deployment Package for WebObjects 5.4.3 on Mountain Lion - OS X > 10.8. > - Newest Apache httpd 2.4.3 with update instructions. > - Newest OpenSSL/1.0.1c compiled into Apache, with update instructions. > - WebObjects adaptor - mod_WebObjects.so - tweaked for the newest Apache. > - Configured with builtin gzip deflate compression for fast transfers. > - Configured with SSL - and optional Extended Validation. > - Solved early wotask startup bug with Java application + shell script to > detect "nonProxy". > - No need for hostname in any of the configuration files. Entirely relies on > DNS. > - Very easy to install. > - Everything is 64 bit, based on open source code. > - Bypasses Apple's default configuration of Apache httpd, OpenSSL, and more. > > Requires: > - Installation of WebObjects 5.4.3 > - Latest Wonder JavaMonitor and wotask to be installed in > /Library/WebObjects/Deployment/ > > Request: > - If somebody wishes to integrate this into Project Wonder GitHub. Please > keep webappz directory structure. > - To make this 100% PCI DSS compliant. > > Instructions: > - Please email me to request your copy - a 9MB gzip file > - Decompress and install "/webappz" in root directory. > - Change ownership: "chown -R root:wheel /webappz" > - All configuration files are in "/webappz/conf". Changes are labeled #WEBAPPZ > - All instruction files are in "/webappz/readme". > - Put your ssl certificate files in "/webappz/ssl/" > - Configure "/webappz/conf/httpd-ssl.conf" for your ssl certificate files > needs. > - If your ssl certificate files are encrypted, please build > "getsslparaphrase" as shown in "/webappz/readme/BuildingInstructions.txt" > - Implement the LaunchD files as explained in > "/webappz/readme/LaunchDfiles.txt" > > I hope this will solve many deployment headaches we have recently seen on the > deployment list. Enjoy! > -- > With Kind Regards, > > Dennis Gaastra, > WEBAPPZ® Systems, Inc. > (+1) 604.921.1333 > www.webappz.com & www.scheduleDS.com & www.1tracker.com > > > > > > This message contains confidential information and is intended only for the > individual named. If you are not the named addressee you should not > disseminate, distribute or copy this e-mail. Please notify the sender > immediately by e-mail if you have received this e-mail by mistake and delete > this e-mail from your system. E-mail transmission cannot be guaranteed to be > secure or error-free as information could be intercepted, corrupted, lost, > destroyed, arrive late or incomplete, or contain viruses. The sender > therefore does not accept liability for any errors or omissions in the > contents of this message, which arise as a result of e-mail transmission. If > verification is required please request a hard-copy version. WEBAPPZ Systems, > Inc., 726 - 1489 Marine Drive, West Vancouver, BC, CANADA V7T 1B8, > www.webappz.com > > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list ([email protected]) > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/webobjects-dev/allenslists%40gmail.com > > This email sent to [email protected]
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
