Updating openssl to 0.9.8j

I'm running a G4 with OSXS 10.4.11, serving email and several low traffic, secure web sites for my university department. The university's higher up IT people have mandated an update to OpenSSL 0.9.8j. I've looked at the openssl site and combed through the INSTALL and README files for this version, but am reluctant to try updating the existing openssl for fear of screwing up a working system and cert.
Can anyone point me to either a) relatively simple step by step for updating to openssl 0.9.8j on 10.4.11 server, or b) a good reason I can give the IT department for not doing so?
TIA

I tried to install on 10.5.6 along the lines of http://www.cs.washington.edu/homes/aczeskis/openssl.html
which sounded like relatively simple steps
That however failed with
cp: /Users/bsn/Desktop/HUtesting/SafeFiles/NewOpenSSL/openssl-0.9.8j/include/openssl/eos2.h and e_os2.h are identical (not copied).
make: * [install_sw] Error 1

Similar Messages

  • Apache 2.2.3 recompilation problem with updated openssl

    I am trying to recompile an apache 2.2.3 with an updated openssl and stumble on httpd-2.2.3 make. I did compile this setup in the last year successfully, only difference is updated openssl.
    First, I installed openssl-0.9.6m from source. Test install:
    /usr/local/ssl/bin/openssl version
    OpenSSL 0.9.6m 17 Mar 2004
    Using following gcc version:
    gcc -v
    Reading specs from /usr/local/lib/gcc/sparc-sun-solaris2.10/3.4.6/specs
    Configured with: ../configure with-as=/usr/ccs/bin/as with-ld=/usr/ccs/bin/ld enable-shared enable-languages=c,c++,f77
    Thread model: posix
    gcc version 3.4.6
    PATH output:
    echo $PATH
    /usr/sbin:/usr/bin:/usr/local:/usr/local/bin:/usr/ccs/bin:/usr/openwin/bin:/usr /dt/bin:/usr/platform/SUNW,Sun-Fire-V240/sbin:/opt/sun/bin:/opt/SUNWvts/bin
    This is my apache config options:
    ./configure enable-so enable-ssl enable-rewrite enable-proxy enable-proxy-balancer with-ssl=/usr/local/ssl
    make output:
    Making all in srclib
    Making all in pcre
    Making all in os
    Making all in unix
    Making all in server
    Making all in mpm
    Making all in prefork
    Making all in modules
    Making all in aaa
    Making all in filters
    Making all in loggers
    Making all in metadata
    Making all in proxy
    Making all in ssl
    In file included from /usr/local/ssl/include/openssl/ecdh.h:79,
    from /usr/local/ssl/include/openssl/engine.h:85,
    from ssl_toolkit_compat.h:45,
    from ssl_private.h:59,
    from mod_ssl.c:27:
    /usr/local/ssl/include/openssl/ossl_typ.h:79: error: redefinition of typedef 'ASN1_INTEGER'
    /usr/local/ssl/include/openssl/asn1.h:241: error: previous declaration of 'ASN1_INTEGER' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:80: error: redefinition of typedef 'ASN1_ENUMERATED'
    /usr/local/ssl/include/openssl/asn1.h:242: error: previous declaration of 'ASN1_ENUMERATED' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:81: error: redefinition of typedef 'ASN1_BIT_STRING'
    /usr/local/ssl/include/openssl/asn1.h:243: error: previous declaration of 'ASN1_BIT_STRING' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:82: error: redefinition of typedef 'ASN1_OCTET_STRING'
    /usr/local/ssl/include/openssl/asn1.h:244: error: previous declaration of 'ASN1_OCTET_STRING' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:83: error: redefinition of typedef 'ASN1_PRINTABLESTRING'
    /usr/local/ssl/include/openssl/asn1.h:245: error: previous declaration of 'ASN1_PRINTABLESTRING' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:84: error: redefinition of typedef 'ASN1_T61STRING'
    /usr/local/ssl/include/openssl/asn1.h:246: error: previous declaration of 'ASN1_T61STRING' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:85: error: redefinition of typedef 'ASN1_IA5STRING'
    /usr/local/ssl/include/openssl/asn1.h:247: error: previous declaration of 'ASN1_IA5STRING' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:86: error: redefinition of typedef 'ASN1_GENERALSTRING'
    /usr/local/ssl/include/openssl/asn1.h:248: error: previous declaration of 'ASN1_GENERALSTRING' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:87: error: redefinition of typedef 'ASN1_UNIVERSALSTRING'
    /usr/local/ssl/include/openssl/asn1.h:249: error: previous declaration of 'ASN1_UNIVERSALSTRING' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:88: error: redefinition of typedef 'ASN1_BMPSTRING'
    /usr/local/ssl/include/openssl/asn1.h:250: error: previous declaration of 'ASN1_BMPSTRING' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:89: error: redefinition of typedef 'ASN1_UTCTIME'
    /usr/local/ssl/include/openssl/asn1.h:251: error: previous declaration of 'ASN1_UTCTIME' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:90: error: redefinition of typedef 'ASN1_TIME'
    /usr/local/ssl/include/openssl/asn1.h:252: error: previous declaration of 'ASN1_TIME' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:91: error: redefinition of typedef 'ASN1_GENERALIZEDTIME'
    /usr/local/ssl/include/openssl/asn1.h:253: error: previous declaration of 'ASN1_GENERALIZEDTIME' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:92: error: redefinition of typedef 'ASN1_VISIBLESTRING'
    /usr/local/ssl/include/openssl/asn1.h:254: error: previous declaration of 'ASN1_VISIBLESTRING' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:93: error: redefinition of typedef 'ASN1_UTF8STRING'
    /usr/local/ssl/include/openssl/asn1.h:255: error: previous declaration of 'ASN1_UTF8STRING' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:94: error: redefinition of typedef 'ASN1_BOOLEAN'
    /usr/local/ssl/include/openssl/asn1.h:256: error: previous declaration of 'ASN1_BOOLEAN' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:95: error: redefinition of typedef 'ASN1_NULL'
    /usr/local/ssl/include/openssl/asn1.h:259: error: previous declaration of 'ASN1_NULL' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:107: error: redefinition of typedef 'BIGNUM'
    /usr/local/ssl/include/openssl/bn.h:241: error: previous declaration of 'BIGNUM' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:108: error: redefinition of typedef 'BN_CTX'
    /usr/local/ssl/include/openssl/bn.h:254: error: previous declaration of 'BN_CTX' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:109: error: redefinition of typedef 'BN_BLINDING'
    /usr/local/ssl/include/openssl/bn.h:264: error: previous declaration of 'BN_BLINDING' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:110: error: redefinition of typedef 'BN_MONT_CTX'
    /usr/local/ssl/include/openssl/bn.h:276: error: previous declaration of 'BN_MONT_CTX' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:111: error: redefinition of typedef 'BN_RECP_CTX'
    /usr/local/ssl/include/openssl/bn.h:288: error: previous declaration of 'BN_RECP_CTX' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:114: error: redefinition of typedef 'BUF_MEM'
    /usr/local/ssl/include/openssl/buffer.h:71: error: previous declaration of 'BUF_MEM' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:116: error: redefinition of typedef 'EVP_CIPHER'
    /usr/local/ssl/include/openssl/evp.h:330: error: previous declaration of 'EVP_CIPHER' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:117: error: redefinition of typedef 'EVP_CIPHER_CTX'
    /usr/local/ssl/include/openssl/evp.h:331: error: previous declaration of 'EVP_CIPHER_CTX' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:118: error: redefinition of typedef 'EVP_MD'
    /usr/local/ssl/include/openssl/evp.h:276: error: previous declaration of 'EVP_MD' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:119: error: redefinition of typedef 'EVP_MD_CTX'
    /usr/local/ssl/include/openssl/evp.h:328: error: previous declaration of 'EVP_MD_CTX' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:120: error: redefinition of typedef 'EVP_PKEY'
    /usr/local/ssl/include/openssl/evp.h:186: error: previous declaration of 'EVP_PKEY' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:122: error: redefinition of typedef 'DH'
    /usr/local/ssl/include/openssl/dh.h:78: error: previous declaration of 'DH' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:123: error: redefinition of typedef 'DH_METHOD'
    /usr/local/ssl/include/openssl/dh.h:93: error: previous declaration of 'DH_METHOD' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:125: error: redefinition of typedef 'DSA'
    /usr/local/ssl/include/openssl/dsa.h:87: error: previous declaration of 'DSA' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:126: error: redefinition of typedef 'DSA_METHOD'
    /usr/local/ssl/include/openssl/dsa.h:112: error: previous declaration of 'DSA_METHOD' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:128: error: redefinition of typedef 'RSA'
    /usr/local/ssl/include/openssl/rsa.h:76: error: previous declaration of 'RSA' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:129: error: redefinition of typedef 'RSA_METHOD'
    /usr/local/ssl/include/openssl/rsa.h:114: error: previous declaration of 'RSA_METHOD' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:131: error: redefinition of typedef 'RAND_METHOD'
    /usr/local/ssl/include/openssl/rand.h:76: error: previous declaration of 'RAND_METHOD' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:136: error: redefinition of typedef 'X509'
    /usr/local/ssl/include/openssl/x509.h:280: error: previous declaration of 'X509' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:137: error: redefinition of typedef 'X509_ALGOR'
    /usr/local/ssl/include/openssl/x509.h:130: error: previous declaration of 'X509_ALGOR' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:138: error: redefinition of typedef 'X509_CRL'
    /usr/local/ssl/include/openssl/x509.h:407: error: previous declaration of 'X509_CRL' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:139: error: redefinition of typedef 'X509_NAME'
    /usr/local/ssl/include/openssl/x509.h:176: error: previous declaration of 'X509_NAME' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:140: error: redefinition of typedef 'X509_STORE'
    /usr/local/ssl/include/openssl/x509_vfy.h:176: error: previous declaration of 'X509_STORE' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:141: error: redefinition of typedef 'X509_STORE_CTX'
    /usr/local/ssl/include/openssl/x509_vfy.h:157: error: previous declaration of 'X509_STORE_CTX' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:143: error: redefinition of typedef 'X509V3_CTX'
    /usr/local/ssl/include/openssl/x509v3.h:132: error: previous declaration of 'X509V3_CTX' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:144: error: redefinition of typedef 'CONF'
    /usr/local/ssl/include/openssl/conf.h:81: error: previous declaration of 'CONF' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:165: error: redefinition of typedef 'CRYPTO_EX_DATA'
    /usr/local/ssl/include/openssl/crypto.h:194: error: previous declaration of 'CRYPTO_EX_DATA' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:168: error: redefinition of typedef 'CRYPTO_EX_new'
    /usr/local/ssl/include/openssl/crypto.h:198: error: previous declaration of 'CRYPTO_EX_new' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:170: error: redefinition of typedef 'CRYPTO_EX_free'
    /usr/local/ssl/include/openssl/crypto.h:201: error: previous declaration of 'CRYPTO_EX_free' was here
    /usr/local/ssl/include/openssl/ossl_typ.h:172: error: redefinition of typedef 'CRYPTO_EX_dup'
    /usr/local/ssl/include/openssl/crypto.h:204: error: previous declaration of 'CRYPTO_EX_dup' was here
    In file included from /usr/local/ssl/include/openssl/engine.h:91,
    from ssl_toolkit_compat.h:45,
    from ssl_private.h:59,
    from mod_ssl.c:27:
    /usr/local/ssl/include/openssl/store.h:230: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:232: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:234: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:237: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:239: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:241: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:246: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:248: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:251: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:252: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:255: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:257: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:259: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:264: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:266: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:268: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:271: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:273: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:275: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:280: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:282: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:284: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:286: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:289: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:291: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:296: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:298: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:301: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:303: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:305: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:307: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:310: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:312: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:323: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:324: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:325: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:328: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:329: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:330: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:331: error: syntax error before "OPENSSL_ITEM"
    /usr/local/ssl/include/openssl/store.h:377: error: syntax error before '*' token
    In file included from ssl_toolkit_compat.h:45,
    from ssl_private.h:59,
    from mod_ssl.c:27:
    /usr/local/ssl/include/openssl/engine.h:624: warning: no semicolon at end of struct or union
    /usr/local/ssl/include/openssl/engine.h:624: error: syntax error before '*' token
    /usr/local/ssl/include/openssl/engine.h:627: error: syntax error before '}' token
    /usr/local/ssl/include/openssl/engine.h:627: warning: data definition has no type or storage class
    /usr/local/ssl/include/openssl/engine.h:660: error: syntax error before '*' token
    *** Error code 1
    The following command caused the error:
    /usr/local/apache2/build/libtool silent mode=compile gcc -g -O2 -DSOLARIS2=10 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -D_LARGEFILE64_SOU
    RCE -I/tmp/httpd-2.2.3/srclib/pcre -I. -I/tmp/httpd-2.2.3/os/unix -I/tmp/httpd-2.2.3/server/mpm/prefork -I/tmp/httpd-2.2.3/modules/http -I/t
    mp/httpd-2.2.3/modules/filters -I/tmp/httpd-2.2.3/modules/proxy -I/tmp/httpd-2.2.3/include -I/tmp/httpd-2.2.3/modules/generators -I/tmp/httpd-2
    .2.3/modules/mappers -I/tmp/httpd-2.2.3/modules/database -I/usr/local/apache2/include -I/tmp/httpd-2.2.3/modules/proxy/../generators -I/usr/loc
    al/ssl/include -I/usr/sfw/include -I/tmp/httpd-2.2.3/modules/ssl -I/tmp/httpd-2.2.3/modules/dav/main -prefer-non-pic -static -c mod_ssl.c && to
    uch mod_ssl.lo
    make: Fatal error: Command failed for target `mod_ssl.lo'
    Current working directory /tmp/httpd-2.2.3/modules/ssl
    *** Error code 1
    The following command caused the error:
    otarget=`echo all-recursive|sed s/-recursive//`; \
    list=' '; \
    for i in $list; do \
    if test -d "$i"; then \
    target="$otarget"; \
    echo "Making $target in $i"; \
    if test "$i" = "."; then \
    made_local=yes; \
    target="local-$target"; \
    fi; \
    (cd $i && make $target) || exit 1; \
    fi; \
    done; \
    if test "$otarget" = "all" && test -z 'libmod_ssl.la'; then \
    made_local=yes; \
    fi; \
    if test "$made_local" != "yes"; then \
    make "local-$otarget" || exit 1; \
    fi
    make: Fatal error: Command failed for target `all-recursive'
    Current working directory /tmp/httpd-2.2.3/modules/ssl
    *** Error code 1
    The following command caused the error:
    otarget=`echo all-recursive|sed s/-recursive//`; \
    list=' aaa filters loggers metadata proxy ssl http generators mappers'; \
    for i in $list; do \
    if test -d "$i"; then \
    target="$otarget"; \
    echo "Making $target in $i"; \
    if test "$i" = "."; then \
    made_local=yes; \
    target="local-$target"; \
    fi; \
    (cd $i && make $target) || exit 1; \
    fi; \
    done; \
    if test "$otarget" = "all" && test -z ''; then \
    made_local=yes; \
    fi; \
    if test "$made_local" != "yes"; then \
    make "local-$otarget" || exit 1; \
    fi
    make: Fatal error: Command failed for target `all-recursive'
    Current working directory /tmp/httpd-2.2.3/modules
    *** Error code 1
    The following command caused the error:
    otarget=`echo all-recursive|sed s/-recursive//`; \
    list=' srclib os server modules support'; \
    for i in $list; do \
    if test -d "$i"; then \
    target="$otarget"; \
    echo "Making $target in $i"; \
    if test "$i" = "."; then \
    made_local=yes; \
    target="local-$target"; \
    fi; \
    (cd $i && make $target) || exit 1; \
    fi; \
    done; \
    if test "$otarget" = "all" && test -z 'httpd '; then \
    made_local=yes; \
    fi; \
    if test "$made_local" != "yes"; then \
    make "local-$otarget" || exit 1; \
    fi
    make: Fatal error: Command failed for target `all-recursive'
    Any help appreciated

    I'm experiencing the same problem with the current DirecTV remote not being able to learn more than the first button prompted to enter (arrow-down). The error message "appletv has already learned this button" appears when attempting to enter the second button prompted (arrow-up). Furthermore, I have attempted configuration on two separate DirecTV HR21 remotes in both AV1 and AV2 modes.
    Come on Apple -- don't tease us! Testing wasn't done to make sure AppleTV can learn to respond to a current DirecTV remote? Yikes. I wonder what 3rd-party remotes were tested and confirmed to work.

  • Updating OpenSSL on Mac System version 10.6.8?

    Does anyone have successfully updated OpenSSL on Snow Leopard thru the Terminal could post the steps here?
    The actual version of open SSL is OpenSSL 1.0.0e 6 Sep 2011
    I am attempting to update to the openssl-1.0.1c
    I was trying to do the installation on the terminal by
    1. CD to the openssl-1.0.1c directory
    [rootuser:/install/openssl-1.0.1c] root# /install/openssl-1.0.1c/config
    After giving the System information, I have this and now I am in doubt if I should build 64-bit library or just continue with the darwin-i386-cc.
    WARNING! If you wish to build 64-bit library, then you have to
             invoke './Configure darwin64-x86_64-cc' *manually*.
             You have about 5 seconds to press Ctrl-C to abort.
    Configuring for darwin-i386-cc
    Anyone that had done this before and gone to the same issue, could shine a light here. Many Thanks!
    Message was edited by: Eduardo B1

    No I did not mess up with any of the original paths. Actually this is my main motto. Everything I am configuring, I am making sure it works in harmony with the apple internal standards. I transformed two mac client in Servers and took me a lots of reading and comparing notes plus hands on tests to make everything work fine and in harmony with web sharing and etc. I am serving 3 domains without any issues. In addition, I am testing php and Mysql but I still have a lot of reading and learning until I get to launch it into production. I could use the terminal alone to manage Bind, Apache, PHP and Mysql but webmin on SSL does such a great job that I decided to use a combination of these two. Right now I just finished configuring my Lion Client Server and everything is working just fine. I just have to research and learn a little more about the new way apple is setting up the httpd conf so I can run it accordng to the new rules. Thanks for the link, I will check it out for sure.
    Thanks for the head up;
    Eduardo

  • Updating OpenSSL for Mac OS X Server 10.6.7 -- looking for a good walkthrough

    Currently running version 0.9.8l... would like to update to the latest version.
    There are a lot of tutorials on the net, can someone recommend one that works with Mac OS X Server 10.6.7? (Since many assume the desktop version, and I've noticed occasionally there are some differences.) I've downloaded Xcode 4.0.2, which I assume is required to build it.
    Thanks.
    ...Rene

    OK, so I followed the tutorial http://foodpicky.com/?p=99 and it compiled fine. Added /usr/local/ssl/bin to PATH. And now reports version 1.0.0.d.
    But... Apache or at least phpinfo() reports that it's still using the old version.
    How do I make Apache, and the OS in general, to use the new version?
    Thanks!
    ...Rene

  • VCS and How to Update OpenSSL to Protect from HeartBleed Vulnerability

    Hello,
    This will probably be best addressed via a service ticket to Cisco, but thought I'd start here.
    The vulnerability described here: http://heartbleed.com/ is definitely in our VCS infrastructure- perhaps as a Cisco variant, but definitely present. Is this something that Cisco typically will release a patch for, or are we supposed to update the box as like any other Linux based system. I'm concerned with warranty implications.
    Thanks for any help!
    -Kyle

    Hi Kyle,
    The Cisco PSIRT is investigating the impact of this vulnerability on Cisco products and will disclose any vulnerabilities according to our security policy, which is available at http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html . 
    An INTERIM Cisco Security Advisory was published on April 9th, 2014 at 0300 UTC and is available at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed .
    The Cisco PSIRT will update this Cisco Security Advisory as more information becomes available.
    If the product is vulnerable, rest assured that we will address it appropriately. 
    I hope this helps.
    -Dejan
    P.S. This specific community is for Cisco Unified MeetingPlace and Cisco WebEx Meetings Server products. For any further queries for VCS, I advise you to post them in Telepresence community to get the best possible assistance. 

  • Older version of openssl in cisco asa 5520

    Hi,
    Recently my security has scanned all the network devices for vulnerabilities and found that cisco asa 5520 , which we use for RAS VPN has older version of openssl. Have  to  check that and fix this problem? FYI, recently we have installed a SSL cert for webmail users.
    Thanks,
    Sridhar

    Sridhar,
    W update OpenSSL libraries on our side quite often, especially if new vulnarabilities are found.
    You can check recently published vulnarabilities in www.cisco.com/go/psirt (not only specific to ASA)
    In general ASA 8.4 is what you should go for to have "latest and greatest" revisions of openssl and ASA code itself.
    Marcin

  • HT5784 Why does Apple only "update" to already outdated versions

    Hi, why can't Apple update to current stable versions of OpenSSL (1.0.1e), Ruby (2.0), Rails (3.2.13), etc. Why can't Apple ship current stable versions of all the command line tools like emacs, vi, zsh, ruby, python, etc. And Rails 2 must be a joke, that's extremely outdated. Why is this?
    I don't understand it. Sure I can upgrade my userland myself with Homebrew, etc. but it would be nice if Apple won't forget the pro users and therefore will ship a modern userland.
    It looks like there was a time when current versions were shipped, but now it's not interesting anymore and only security fixes are released.
    Any thoughts on that?
    Regards,
    Clemens

    clemensg wrote:
    But the majority is still very old.
    The bash version used in Mavericks is 6 years old.
    That is a completely different issue. Bash, and a few other key pieces of open source software, switched to the GPLv3 license sometime in 2007. That license was designed specifically to keep Apple from using the software.
    The version of bash on Mavericks is all that you will ever, ever get unless you build your own. I suggest trying out zsh which is under no such licensing contraints. The lastest version of zsh is included in Mavericks.
    Do you think it helps to create a feature request to update OpenSSL, etc. at radar.apple.com ? (I am thinking about Mac OS X 10.10)
    That would be a good idea. While I understand Apple's approach, it isn't great from a marketing perspective. Apple really does need to switch to the latest OpenSSL, even if only for appearance's sake.

  • Google Play: "vulnerable version of OpenSSL"

    Hi, Google Play just sent me a warning that my Android apps compiled in AIR 4.0 are "running an outdated version of OpenSSL, which has multiple security vulnerabilities."
    I don't recall using OpenSSL for anything other than my Apple certificates. Is this something AIR itself would be responsible for, or possibly a native extension? I'm using several ad-based ones such as AdMob and Vungle, as well as in-app purchases.
    Doesn't make any sense to me, so I don't know how to react to it. But apparently my apps "may be considered dangerous products and subject to removal from Google Play."

    Its  not really an error being thrown. It's Google reaching out to devs. I got an email to from Google
    Hello,
    One or more of your apps is running an outdated version of OpenSSL, which has multiple security vulnerabilities. You should update OpenSSL as soon as possible. For more information about the most recent security vulnerability in OpenSSL, please see http://www.openssl.org/news/secadv_20140605.txt.
    Please note, while it's unclear whether these specific issues affect your application, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.
    Regards,
    Google Play Team
    All I can do is just update to Air 14 and wait and see if they tell me the issue still exist. My app has 3 ane from milkmangames. I know they just updated there ANEs too,so I got to update the ANEs in my app first then with 14, hopefully that will do it. 

  • [svn:osmf:] 16553: Only update current time if not buffering.

    Revision: 16553
    Revision: 16553
    Author:   [email protected]
    Date:     2010-06-14 11:31:37 -0700 (Mon, 14 Jun 2010)
    Log Message:
    Only update current time if not buffering.  Addresses FM-912.
    Ticket Links:
        http://bugs.adobe.com/jira/browse/FM-912
    Modified Paths:
        osmf/trunk/apps/samples/framework/ExamplePlayer/org/osmf/view/MainWindow.as

    clemensg wrote:
    But the majority is still very old.
    The bash version used in Mavericks is 6 years old.
    That is a completely different issue. Bash, and a few other key pieces of open source software, switched to the GPLv3 license sometime in 2007. That license was designed specifically to keep Apple from using the software.
    The version of bash on Mavericks is all that you will ever, ever get unless you build your own. I suggest trying out zsh which is under no such licensing contraints. The lastest version of zsh is included in Mavericks.
    Do you think it helps to create a feature request to update OpenSSL, etc. at radar.apple.com ? (I am thinking about Mac OS X 10.10)
    That would be a good idea. While I understand Apple's approach, it isn't great from a marketing perspective. Apple really does need to switch to the latest OpenSSL, even if only for appearance's sake.

  • Windows 7 (64 bit) iTunes 9.2 Outlook 2010 Sync Issues

    I’ve noticed bunch of conversations here about issues with the new version of iTunes NOT syncing with outlook contacts / calendars but none of them seem to be resolved. I also have lost my calendar sync since I installed the new iTunes. I have un-installed / re-installed iTunes, tried creating a new PST file, created a new mail account, tried pretty much everything I can think of and nothing works. I have wasted more than 23 hours of my time playing with trying to fix this and I am getting pretty fed up. My question is has ANYBODY actually made it work. I fear we may be wasting our time meaning that there is a bug that no one at Apple cares to acknowledge. Thoughts?

    Hello,
    I've been searching through the forum, but did not find someone having a real solution in my situation having the problem as described above. I defintly CANNOT delete all my recurrent appointments! I have about 10.000 elements in my Outlook calender, because I'm really using it for planning my whole business day. Isn't there another solution?
    I was syncing my iPad-calender with MS Outlook (2003 SP3) successful during the last days, but "suddenly" (I think, it was after the iTunes Update) the syncing process was silently stopped as beeing successfull, and no appointments were synced anymore.
    I already followed the rules to resetting the syncdata history of iTunes and also forced to overwrite the iPads calender, but it still remains as before.
    Then I decided to delete the calender by stopping the calender syncing, I mean, I deactivated the hook and then iTunes asked, if I will delete all the data on the iPad, where I then agreed to, as you also describe. Then the calender was successfully emptied, but activating it again after syncing, the OLD state is synced back to the iPad and not my currently modified scheduled appointments from Outlook. This is a miracle, because these are old/deleted data!!! It seems the iPad is just doing a "undo".
    I already tried the "Help -> Start diagnosis" feature, this said, everything is fine. So, now I don't know, what to to?! I just want to have my calender synchronized!
    Changing the files "ssleay32.dll" and "libeay32.dll" by updating OpenSSL or copying from the iTunes "http://...\Apple\Mobile Device Support"-Folder did not lead to any changes :-/.
    I'm using iTunes v9.2.1.4, iPad iOS 3.2.1, Outlook 2003 SP3.
    So is there someone having some more ideas or giving me a hint, where I maybe could read somthing about a possible error in a log or something like that? Maybe, only ONE appointment is "ill"; how could I detect it?
    Regards, Andreas

  • Does Safari on iPad support SNI (Server Name Indication)

    Hi,
    I am testing name-based virtual host with apache 2.2 over SSL and noticed that this is only supported using SNI (server name indication). I have updated openSSL to include the SNI extensions on the apache but the client browser is also required to support this. I wanted to know if there is any indication as to when SNI will be supported by the Safari browser on iPad and/or if anyone else has experienced this issue.
    I know of 1 additional work around is to use wildcard certs but I am not to keen on using those unless I really have to.
    I verified that this is not support by hitting the site: https://sni.volex.ch from the iPad safari browser - it fails. However, using Opera on iPad worked.
    Thanks

    From what I understand SNI is largely reliant on client support. It is just an extension of the TLS SSL protocol. One of our Escalation Engineers wrote up a pretty good post explaining SNI.
    http://blogs.technet.com/b/applicationproxyblog/archive/2014/06/19/how-to-support-non-sni-capable-clients-with-web-application-proxy-and-ad-fs-2012-r2.aspx
    "SNI is an extension to the TLS SSL protocol that allows the client to include the Hostname the client is connecting to in the SSL Client Hello. A server can then use the SNI header to determine which certificate to serve to the client. A key benefit
    of SNI is that is allows a server to host multiple certificates on the same IP/port pair instead of needing an IP per certificate (assuming you are using port 443)."
    A few questions I would have is what client and browser combination have you attempted on this? Also, are you using a wildcard certificate on your Web Listener? Have you taken network traces to see if client is sending SNI? Ian does a good job of explaining
    how to do that in his blog post.

  • [SOLVED]`GLIBC_2.14' not found

    I tried to update openssl on an older machine, and now am getting:
    "`GLIBC_2.14' not found (required by /usr/lib/libssl.so.1.0.0)"
    for various commands including pacman.  I have the glibc-2.14.1-1-x86_64.pkg.tar.xz pkg on my machine, but cannot install it.  Lots of stuff doesn't work, does anyone know how I can fix this?
    thanks,
    --charlie
    Last edited by cfarinella (2012-04-23 18:57:31)

    cfarinella wrote:"`GLIBC_2.14' not found (required by /usr/lib/libssl.so.1.0.0)"
    That's strange - sure it doesn't say "2.15"?
    You should have recompiled openssl, rather than changed just 2 of its files. That's very unsafe - e.g. what about /usr/lib/engines/*.so?

  • Calendarserver only supports SSLv3

    Hello,
    I wonder why my iCal Server only Supports SSLv3. I didn't found any configuration for this. I'd rather like to use TLS1.0 and block any SSLv3.
    (Looked in /Library/Server/Calendar\ and\ Contacts/Config/caldavd-system.plist)
    % nmap --script ssl-enum-ciphers -p 8443 cal.xxx.de
    Starting Nmap 5.51 ( http://nmap.org ) at 2014-10-16 16:28 CEST
    Host is up (0.0011s latency).
    PORT     STATE SERVICE
    8443/tcp open  https-alt
    | ssl-enum-ciphers:
    |   SSLv3
    |     Ciphers (6)
    |       TLS_RSA_WITH_3DES_EDE_CBC_SHA
    |       TLS_RSA_WITH_AES_128_CBC_SHA
    |       TLS_RSA_WITH_AES_256_CBC_SHA
    |       TLS_RSA_WITH_RC4_128_MD5
    |       TLS_RSA_WITH_RC4_128_SHA
    |       TLS_RSA_WITH_SEED_CBC_SHA
    |     Compressors (1)
    |_      uncompressed
    BTW:
    # openssl version
    OpenSSL 0.9.8y 5 Feb 2013
    Shouldn't Apple take any action on this? I feel uncomfortable using OSX Server while not being able to serve something > TLS1.0 without updateing openssl myself.
    Thanks in advance!

    Apple posted the following updates that include a fix for the SSLv3 "Poodle" issue:
    Yosemite 10.10
    Security Update 2014-005 Mavericks
    Security Update 2014-005 Mountain Lion
    as well as updates for all currently supported Servers (4.0, 3.2.2, 2.2.5)
    All of them contain the following:
    Secure Transport
    Impact:  An attacker may be able to decrypt data protected by SSL
    Description:  There are known attacks on the confidentiality of SSL
    3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
    could force the use of SSL 3.0, even when the server would support a
    better TLS version, by blocking TLS 1.0 and higher connection
    attempts. This issue was addressed by disabling CBC cipher suites
    when TLS connection attempts fail.
    CVE-ID
    CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
    Google Security Team
    It would appear that your browsers will show "maybe vulnerable" on the poodletest site, so my guess is that OS X will prevent all apps from using SSLv3 even if they would otherwise be capable of doing so.  This will protect other apps, such as e-mail clients that are also normally able to use SSLv3.

  • How do I have Firefox check for expired/revoked certificates?

    The Heartbeat vulnerability fix requires servers update openssl, get a new certificate, and revoke the old certificate. To be sure a spoofed site isn't using the revoked certificate, I need Firefox to check for revoked certificates. How do I turn this revoked certificate checking on in Firefox?

    hello eghuff, firefox should be set to check for revoked certificates by default, you can check that under ''firefox > options > advanced > certificates > validation''.

  • Is Microsoft NPS affected by an equivalent of the heartbleed bug that affects free radius

    Is NPS based on a version of Open SSL and if so will there be a patch soon to mitigate against the heartbleed bug

    Thank you, and please accept my apologies, I am not technically inclined to your level and if I may broach the subject once more - I have sensitive data other than bank and email,
    Are there Registry lines or msinfo32 identifications that would disclose if I was running or have the OPENSSL - I am running x64 Win7, Nod32, use the Windows Firewall, have updated Java, use Google, and Mozilla. No programs are allowed to access the internet
    without first being given permission (pdf and word)
    And once again, I do apologize for my limited knowledge  . . . have to reboot . . . just had 11 security updates 
    OpenSSL is shipped as a standalone and portable tool, so it may be unzipped to a folder without installation, therefore msinfo and Programs and Features applet will not tell you definitely.
    My weblog: en-us.sysadmins.lv
    PowerShell PKI Module: pspki.codeplex.com
    PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
    Check out new: SSL Certificate Verifier
    Check out new:
    PowerShell FCIV tool.

Maybe you are looking for

  • Purchase order in the backend system

    hello all, we are using SRM 7.0, classic scenario. we are implementing BBP_CREATE_BE_PO_NEW BAdI to change some data that is transferred to the backend for the purchase order creation. i tried to set external breakpoint for wf-batch. however, it seem

  • Adding checkmarks in Acrobat X Pro

    I am creating a 'fillable form' in Adobe Acrobat X Pro and was curious if anyone knew how to insert a 'check box' with the only option of selecting ONE box, instead of the option to select ALL?

  • RoboHelp for Word installed from RoboHelp 10 won't work with Word 2010

    I have a Help project created in RoboHelp for Word 8.  I recently upgraded from Word 2007 to Word 2010 and discovered that RH8 for Word won't work with Word 2010.  So I purchased RoboHelp 10 and have installed RoboHelp for Word from it.  Alas, RH for

  • How to send a delayed notification email?

    How to send a delayed notification email? I have a requirement to send an email to the service requestor 2 days after the main fulfillment task is completed.  I know I can create a task that auto-completes using the Dummy adapter, but is there a way

  • Rosetta applications won't launch

    Hi, i have a rather weird problem with my OS X installation. When i try to launch a rosetta application (non-UB), the application doesn't launch. If I launch it from the Dock, the icon will just bounce a couple of times (1-2 seconds) and will then qu