Thanks Nick. I don't want to recompile anything. The extent of my Apache HTTPD knowledge centers on installing, configuring and running it. I usually get this package, including the ssl, from the site. If I'm not mistaken, the 'openssl' version referenced in the install filename is the version that the mod_ssl module was compiled against. I'm not sure it makes much of a difference but... to plug that 'potential' security hole we need the module compiled against the later version. I downloaded the openssl version required, and it's a lib. Not sure where to go from there (as I don't want to compile the web server) and I only see docs on ssl certs, which I already know how to do. Will check again though. Not sure if this can actually be done separately -->upgrade mod_ssl separately. -----Original Message----- From: Nick Kew [mailto:nick@xxxxxxxxxxxx] Sent: Monday, March 14, 2011 11:35 AM To: users@xxxxxxxxxxxxxxxx Subject: Re: list serv for mod_ssl and other Apache modules On Mon, 14 Mar 2011 10:22:04 -0400 "Edwards, Denise" <Denise.Edwards@xxxxxxxxx> wrote: > Thanks Eric. > > I've installed the latest Apache with SSL (v2.2.17 and openSSL 0.9.8o). > We have a security issue that is fixed with openSSL 0.9.8p. How do you > update this latest Apache release to accommodate this (without having to > re-build Apache altogether)? How do you know you need to recompile? Do the OpenSSL release notes tell you it breaks binary compatibility? Or did you link it statically (in which case, whoever built it knows about custom builds)? If you really need to recompile, see the docs for apxs. -- Nick Kew Available for work, contract or permanent. http://www.webthing.com/~nick/cv.html --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx CONFIDENTIALITY NOTICE: The information in this Internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|