Re: openssl upgrade issue (merged)

[Carl Brewer <carl@bl.echidna.id.au>]

tempo wrote:
>>If you want to upgrade OpenSSL because of security issues, don't -
>>just use CVS or patches.
> 
> 
> It is for security reasons that this was done.

Likewise - sometimes it's not practical to upgrade to the
latest & greatest base OS every 6 months.  Apps like openssl,
apache, BIND etc ... different story.

> There are no openssl patches for 2.9 that I'm aware of. Thus my mistake.
> I've never *successfully* used CVS because I've not had the surplus time
> to learn the process sufficiently. I hate to sound so incompetant, but
> that's life in the trenches for you. Spare time is a luxury. I chose to
> use OpenBSD because it offers excellent security in the least amount of
> time.
> 
> 
>>You attempted to take their software and compile it on OpenBSD. We
>>compensate for a lot of bugs in their software.  All sorts of things.
> 
> 
> What would your suggested course of action be to correct this with the
> minimum amount of down time on a production server?

steel1# uname -a
OpenBSD steel1 2.9 GENERIC#2 i386

OpenSSL> version
OpenSSL 0.9.6g 9 Aug 2002


I didn't install the engine (don't need it for
apache 2.0 and mod_ssl, just the basic openssl).
Just ran a ./config --prefix=/usr/local/openssl
and let it compile.  I haven't seen any problems
with it so far.

Carl