The Apache Haus Forum

Forum Topics => Apache Programming and Building => Topic started by: StevenTut on January 10, 2017, 01:27:44 PM

Title: Apache 2.4 & LibreSSL feasibility
Post by: StevenTut on January 10, 2017, 01:27:44 PM
Admin Note: Split from Apache 2.4.20 VC11

I wonder if it is intended or if it is already feasible to use in the OpenSSL LibreSSL place in Apache?

Title: Re: Apache 2.4 & LibreSSL feasibility
Post by: Gregg on January 11, 2017, 09:55:04 PM
It is not intended to move to LibreSSL as it's not multi-platform friendly. In other words, it's not always build able on Windows.

For example, current version 2.5.0 builds the needed libraries for Apache but fails to compile the LibreSSL Client.
It only builds on VC14 (it might build on VC12 too, the C99 compatible compilers).
Prior to 2.5.0 it only produced static libraries.
Version 2.5.0 builds DLLs but you would have to include 4 dlls (not a big deal but it's ugly)
The Apache build has to be adjusted in a few places.

I tried a couple builds last year and it wasn't very stable.
It seems no more secure than OpenSSL. When a big bad bug shows up for OpenSSL 1.0.2, it's in LibreSSL also it seems (per change logs).

It creates problems with third party modules that link to openssl (like php). mod_fcgid takes care of php at least but not all want to use mod_fcgid.

All in all it is doable but not much fun. Like most things scripting helps a lot.
Since I saw this post yesterday, I decided to give it a try again.