Updating OPENSSL

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Updating OPENSSL

Hector Santos-3
I have multiple applications using OPENSSL 0.9.7c and I'm finally getting
around to updating it.

I have downloaded and recompiled the *eay*.dll files for:

    0.9.7i
    0.9.8a

Can I just use the new DLLs for 0.9.8a or do I need to recompile my
applications?  I take it I will be fine with 0.9.7i dlls.

Thanks

---
Hector


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Updating OPENSSL

Kyle Hamilton
A version bump usually indicates an ABI difference, which means that
you're best using 0.9.7i for the programs using 0.9.7, and use 0.9.8a
for programs using the later interface.

On 3/18/06, Hector Santos <[hidden email]> wrote:

> I have multiple applications using OPENSSL 0.9.7c and I'm finally getting
> around to updating it.
>
> I have downloaded and recompiled the *eay*.dll files for:
>
>     0.9.7i
>     0.9.8a
>
> Can I just use the new DLLs for 0.9.8a or do I need to recompile my
> applications?  I take it I will be fine with 0.9.7i dlls.
>
> Thanks
>
> ---
> Hector
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Updating OPENSSL

Richard Levitte - VMS Whacker
In reply to this post by Hector Santos-3
In message <019b01c64a5d$65434840$0201a8c0@hdev1> on Sat, 18 Mar 2006 02:27:18 -0500, "Hector Santos" <[hidden email]> said:

ssluser> I have multiple applications using OPENSSL 0.9.7c and I'm finally getting
ssluser> around to updating it.
ssluser>
ssluser> I have downloaded and recompiled the *eay*.dll files for:
ssluser>
ssluser>     0.9.7i
ssluser>     0.9.8a
ssluser>
ssluser> Can I just use the new DLLs for 0.9.8a or do I need to
ssluser> recompile my applications?  I take it I will be fine with
ssluser> 0.9.7i dlls.

It really depends on what your application uses the libraries for.
There are some fundamental changes in some parts of the libraries
between the 0.9.7 and the 0.9.8 series, so to be on the safe side, I'd
recommend you to recompile your applications for 0.9.8a.

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

--
Richard Levitte                         [hidden email]
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Updating OPENSSL

wrowe
Richard Levitte - VMS Whacker wrote:
> In message <019b01c64a5d$65434840$0201a8c0@hdev1> on Sat, 18 Mar 2006 02:27:18 -0500, "Hector Santos" <[hidden email]> said:
>
> ssluser> I have multiple applications using OPENSSL 0.9.7c and I'm finally getting
> ssluser> around to updating it.
> ssluser>
> ssluser> Can I just use the new DLLs for 0.9.8a or do I need to
> ssluser> recompile my applications?  I take it I will be fine with
> ssluser> 0.9.7i dlls.

The 0.9.8 are likely to be binary-incompatible with your modssl compiled for
0.9.7.  Stay with 0.9.7 until you update your mod_ssl.so module!  They must
stay in-sync.

> It really depends on what your application uses the libraries for.
> There are some fundamental changes in some parts of the libraries
> between the 0.9.7 and the 0.9.8 series, so to be on the safe side, I'd
> recommend you to recompile your applications for 0.9.8a.

Also keep in mind when building httpd that if you are compiling in with
php, perl, or openldap, they must all be binding to the same openssl binary.
If you load mod_php, mod_perl, and mod_authnz_ldap built against openldap
(ssl-enabled) you are loading these bindings on the fly, and if one has
been built against a different openssl, things will come crashing down
around you (if they load at all.)

Bill
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Updating OPENSSL

Hector Santos-3
In reply to this post by Hector Santos-3
Thanks Richard, Bill and et.

I didn't see a straight forward document saying if the prototypes or
structures changed in 0.9.8a, but part of the reason to do the update
(besides security issues) was that I am starting on a new project that
requires the EVP_SHA256 function and when I first compiled my new project
under the current 0.9.7c environment, it lacked this function.   So I got
the new 0.9.7i and 0.9.8a and the web site said that 0.9.7i was a
compatibility fix.  I figured that implied that 0.9.8a was no 100%
compatible.

I also figured this was probably mostly true if you were using static
libraries, not DLLS. I wouldn't had presume the functional prototyping would
had been changed for DLL interfacing.

I did notice 0.9.7i introduced the EVP_SHA256 function, but it must of
required a DEFINE to import it since the new project fail to compile the
first time.  Simply changing my INCLUDE statement to point to the newly
compiled 0.9.8a successfully compiled it.  If 0.9.7i has succeed, I would
probably stick with this for now.

Hence why I ask the question.

Since we need to go with the 0.9.8a for the SHA256 stuff anyway, I'm not
going to begin distributing two sets of dlls, I will go ahead and recompile
all our applications as well around the latest 0.9.8i.  :-)

Thanks again.

--
Hector

----- Original Message -----
From: <[hidden email]>

> The 0.9.8 are likely to be binary-incompatible with your modssl compiled
for
> 0.9.7.  Stay with 0.9.7 until you update your mod_ssl.so module!  They
must
> stay in-sync.
>
> > It really depends on what your application uses the libraries for.
> > There are some fundamental changes in some parts of the libraries
> > between the 0.9.7 and the 0.9.8 series, so to be on the safe side, I'd
> > recommend you to recompile your applications for 0.9.8a.
>
> Also keep in mind when building httpd that if you are compiling in with
> php, perl, or openldap, they must all be binding to the same openssl
binary.

> If you load mod_php, mod_perl, and mod_authnz_ldap built against openldap
> (ssl-enabled) you are loading these bindings on the fly, and if one has
> been built against a different openssl, things will come crashing down
> around you (if they load at all.)
>
> Bill
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Updating OPENSSL

The Doctor
On Sat, Mar 18, 2006 at 02:00:16PM -0500, Hector Santos wrote:

> Thanks Richard, Bill and et.
>
> I didn't see a straight forward document saying if the prototypes or
> structures changed in 0.9.8a, but part of the reason to do the update
> (besides security issues) was that I am starting on a new project that
> requires the EVP_SHA256 function and when I first compiled my new project
> under the current 0.9.7c environment, it lacked this function.   So I got
> the new 0.9.7i and 0.9.8a and the web site said that 0.9.7i was a
> compatibility fix.  I figured that implied that 0.9.8a was no 100%
> compatible.
>
> I also figured this was probably mostly true if you were using static
> libraries, not DLLS. I wouldn't had presume the functional prototyping would
> had been changed for DLL interfacing.
>
> I did notice 0.9.7i introduced the EVP_SHA256 function, but it must of
> required a DEFINE to import it since the new project fail to compile the
> first time.  Simply changing my INCLUDE statement to point to the newly
> compiled 0.9.8a successfully compiled it.  If 0.9.7i has succeed, I would
> probably stick with this for now.
>
> Hence why I ask the question.
>
> Since we need to go with the 0.9.8a for the SHA256 stuff anyway, I'm not
> going to begin distributing two sets of dlls, I will go ahead and recompile
> all our applications as well around the latest 0.9.8i.  :-)
>
> Thanks again.
>
> --
> Hector
>
> ----- Original Message -----
> From: <[hidden email]>
>
> > The 0.9.8 are likely to be binary-incompatible with your modssl compiled
> for
> > 0.9.7.  Stay with 0.9.7 until you update your mod_ssl.so module!  They
> must
> > stay in-sync.
> >
> > > It really depends on what your application uses the libraries for.
> > > There are some fundamental changes in some parts of the libraries
> > > between the 0.9.7 and the 0.9.8 series, so to be on the safe side, I'd
> > > recommend you to recompile your applications for 0.9.8a.
> >
> > Also keep in mind when building httpd that if you are compiling in with
> > php, perl, or openldap, they must all be binding to the same openssl
> binary.
> > If you load mod_php, mod_perl, and mod_authnz_ldap built against openldap
> > (ssl-enabled) you are loading these bindings on the fly, and if one has
> > been built against a different openssl, things will come crashing down
> > around you (if they load at all.)
> >
> > Bill
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [hidden email]
> > Automated List Manager                           [hidden email]
> >
> >
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>


Try reading http://www.nk.ca/~doctor/blog and look what I have done under BSD/OS .

Similar technique for updating is all you need?

--
Member - Liberal International
This is [hidden email] Ici [hidden email]
God Queen and country! Beware Anti-Christ rising!
Canada's New CONservatives - Same old Tory.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]