Apache 2.4 & LibreSSL feasibility

Started by StevenTut, January 10, 2017, 01:27:44 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

StevenTut

January 10, 2017, 01:27:44 PM Last Edit: January 11, 2017, 09:55:49 PM by Gregg
Admin Note: Split from Apache 2.4.20 VC11

I wonder if it is intended or if it is already feasible to use in the OpenSSL LibreSSL place in Apache?

Thanks

Gregg

#1
January 11, 2017, 09:55:04 PM
It is not intended to move to LibreSSL as it's not multi-platform friendly. In other words, it's not always build able on Windows.

For example, current version 2.5.0 builds the needed libraries for Apache but fails to compile the LibreSSL Client.
It only builds on VC14 (it might build on VC12 too, the C99 compatible compilers).
Prior to 2.5.0 it only produced static libraries.
Version 2.5.0 builds DLLs but you would have to include 4 dlls (not a big deal but it's ugly)
The Apache build has to be adjusted in a few places.

I tried a couple builds last year and it wasn't very stable.
It seems no more secure than OpenSSL. When a big bad bug shows up for OpenSSL 1.0.2, it's in LibreSSL also it seems (per change logs).

It creates problems with third party modules that link to openssl (like php). mod_fcgid takes care of php at least but not all want to use mod_fcgid.

All in all it is doable but not much fun. Like most things scripting helps a lot.
Since I saw this post yesterday, I decided to give it a try again.
https://www.apachehaus.net:9443/


Print
Go Up Pages1
User actions