|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ulrich Roth (Roth_at_impact.de)
Date: Thu Sep 19 2002 - 03:56:58 CDT
Hello Joachim,
> Mod_SSL or OpenSSL ? I don´t unterstand this ??
> OpenSSL is standalone application !
> SSL with Apache works only with file /usr/lib/apache/libssl.so
> SSL with Apache works only with file /usr/lib/apache/libcrypto.so
> Apache doesn´t work with /usr/sbin/openssl
> libssl.so is included in mod_ssl.rpm package !
> I can´t find any ssl version of 0.9.6.e or 0.9.6.g
> this is recommended of securityfocus.com
>
> I was compiled a new OpenSSL after restart apache works again
> the old vulnerable version of openssl.
On one hand openssl is a standalone application, on the other hand
there is the openssl module for apache.
What you need is the new version of the apache module. If you have it,
copy it into the libexec directory.
How do you get it?
Either as an rpm package, or a tarred version, or maybe it's possible
to compile only the apache module from the openssl sources, I don't
know.
As I use a self compiled apache, I also recompiled apache, and apache
built the new ssl module by itself from the openssl source directory.
Bye
Uli
-- Ulrich Roth IMPACT Business & Technology Consulting GmbH Im Mediapark 8 / KölnTurm D-50670 Koeln Phone +49-221-93 70 80-29 Fax +49-221-93 70 80-15 E-Mail: rothimpact.de
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]