openssl 0.9.7h or 9.8a?
I'm building a new litespeed server from scratch and ran into a problem with openssl. Everytime I define a listener to be secured with a certificate the server fails to start, and no useful debuging info is logged under /conf/error.log; why?
I know from the changelog that .9.7h is supported since 2.1.3, but I'm hoping I can go later with the sources?
php5.1.0 w/ this config:
./configure --enable-fastcgi --with-config-file-path=../conf --enable-discard-path --disable-path-info-check --with-mysql=/usr/local/bin/mysql --with-openssl=/usr/local/ssl
openssl .9.8.a w/ straight
./config && make && make test && make
I used the instructions from the howto to make a private key, and self signed cert. This worked flawless for me under freebsd 5.4 and openssl .9.7f I think.
There were no build errors that I'm aware of, and the phpinfo shows it compiled fine
Must I use .9.7h or what could be the problem?
As the openssl library is statically linked into our lsws binary. I think the problem may not be the openssl 0.9.8a library. You can doulbe check this by using "ldd lshttpd".
I think the problem might be the FreeBSD 6.0, our prebuilt openssl binary does not work properly together with 6.0, can you use freebsd 5.x?
Here is that cmd result. I presume it shows everything in order?
www# ldd lshttpd
libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x281eb000)
libm.so.2 => /usr/lib/libm.so.2 (0x28203000)
libc.so.4 => /usr/lib/libc.so.4 (0x28219000)
I can use freebsd 5.4, just wanted to try something shiney and new is all...
Will you be updating this soon?
btw: thanks for a quick reply!
The result of ldd shows that lshttpd does not link to external OpenSSL library.
I think we will not try FreeBSD 6.0 anytime soon, as 6.0 is too new to be used in production. :-)
Does this mean, so long as I have my certificate, it doesn't matter if/what version of openssl is installed?
Yes, you don't need to install openssl library just for LSWS
Well thats both a blessing and a curse.
Easier to manage now that I know I don't need openssl, and a curse in that if anything else such as the potential SSL 2.0 Rollback (CAN-2005-2969) http://www.openssl.org/news/secadv_20051011.txt comes out.
I can avoid all this work by using freebsd 5.4 as you mentioned, but is it also possible to change those static links? :)
We always try to publish new release to address the security issues ASAP.
I had the same...
Did you managed to resolv the problem with FreeBSD 6.0 and lshttpd with OpenSSL
Today i tried loading a listener with SSL keys and the server just didn`t start.
LSWS has not been tested on FreeBSD 6.0 yet, it may not work at all.
Can you use FreeBSD 5.x instead?
|All times are GMT -7. The time now is 11:44 AM.|