You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <ma...@hp.com> on 2002/08/09 18:58:03 UTC

[PATCH] Check for OpenSSL 0.9.6e or greater

With the recent vulnerabilities found in OpenSSL, I thought it'd make sense
for Apache to check for OpenSSL 0.9.6e or higher.

-Madhu

$ cvs diff acinclude.m4 
Index: acinclude.m4
===================================================================
RCS file: /home/cvspublic/httpd-2.0/acinclude.m4,v
retrieving revision 1.126
diff -u -r1.126 acinclude.m4
--- acinclude.m4        16 Jul 2002 18:33:05 -0000      1.126
+++ acinclude.m4        9 Aug 2002 16:54:30 -0000
@@ -430,7 +430,7 @@
         ap_ssltk_version="`$p/openssl version`"
         case "$ap_ssltk_version" in
             "OpenSSL "[[1-9]]* | \
-            "OpenSSL "0.9.[[6-9]]* | \
+            "OpenSSL "0.9.[[6-9]][[e-z]]* | \
             "OpenSSL "0.[[1-9]][[0-9]]* )
                 ap_cv_ssltk="`(cd $p/.. && pwd)`"
                 break
@@ -441,7 +441,7 @@
         esac
       done
       if test "x$ap_cv_ssltk" = "x"; then
-        AC_MSG_ERROR([requires OpenSSL 0.9.6 or higher])
+        AC_MSG_ERROR([requires OpenSSL 0.9.6e or higher])
       fi
     ])
     ap_ssltk_base="$ap_cv_ssltk"

Re: [PATCH] Check for OpenSSL 0.9.6e or greater

Posted by Larry Rosenman <le...@lerctr.org>.

On Fri, 2002-08-09 at 15:33, Andreas Hasenack wrote:
> Em Fri, Aug 09, 2002 at 09:58:03AM -0700, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) escreveu:
> > With the recent vulnerabilities found in OpenSSL, I thought it'd make sense
> > for Apache to check for OpenSSL 0.9.6e or higher.
> 
> And what about patched openssl versions? Given the notorious
> binary incompatibility even between minor openssl releases, not
> everybody is going to update to the latest version, but patch
> the ones they have.
Also, I think that check will fail on 0.9.7 which is coming RSN.


> 
-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 972-414-9812                 E-Mail: ler@lerctr.org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749

Re: [PATCH] Check for OpenSSL 0.9.6e or greater

Posted by JAKE&JEN MCGRATH <je...@lakesplus.com>.

remove me from mailing list plz
----- Original Message -----
From: "Andreas Hasenack" <an...@conectiva.com.br>
To: <de...@httpd.apache.org>
Sent: Friday, August 09, 2002 1:33 PM
Subject: Re: [PATCH] Check for OpenSSL 0.9.6e or greater


> Em Fri, Aug 09, 2002 at 09:58:03AM -0700, MATHIHALLI,MADHUSUDAN
(HP-Cupertino,ex1) escreveu:
> > With the recent vulnerabilities found in OpenSSL, I thought it'd make
sense
> > for Apache to check for OpenSSL 0.9.6e or higher.
>
> And what about patched openssl versions? Given the notorious
> binary incompatibility even between minor openssl releases, not
> everybody is going to update to the latest version, but patch
> the ones they have.

Re: [PATCH] Check for OpenSSL 0.9.6e or greater

Posted by Andreas Hasenack <an...@conectiva.com.br>.

Em Fri, Aug 09, 2002 at 09:58:03AM -0700, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) escreveu:
> With the recent vulnerabilities found in OpenSSL, I thought it'd make sense
> for Apache to check for OpenSSL 0.9.6e or higher.

And what about patched openssl versions? Given the notorious
binary incompatibility even between minor openssl releases, not
everybody is going to update to the latest version, but patch
the ones they have.