The Apache Haus Forum

Advanced search  

News:

Welcome to Apache Haus Distribution Forum

Pages: [1] 2   Go Down

Author Topic: OpenSSL 1.0.0d update for Apache 2.2.17 available  (Read 17925 times)

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 847
OpenSSL 1.0.0d update for Apache 2.2.17 available
« on: February 09, 2011, 12:24:42 AM »

Update packages for Apache 2.2.17 to OpenSSL 1.0.0d are available at the Download Page. These packages include all files needed to upgrade your Apache 2.2.17 server. OpenSSL 1.0.0d is a bug fix update and it is recommended you upgrade to 1.0.0d as soon as possible.
« Last Edit: February 09, 2011, 02:53:32 PM by mario »
Logged

perindu

  • Newbie
  • *
  • Offline Offline
  • Posts: 33
Re: OpenSSL 1.0.0d update for Apache 2.2.17 available
« Reply #1 on: February 22, 2011, 05:37:51 AM »

any chance you will compiled it with vc6? i'm using standard apache download from apache main site  ;D
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 847
Re: OpenSSL 1.0.0d update for Apache 2.2.17 available
« Reply #2 on: February 22, 2011, 09:26:11 AM »

Hi Perindu,

I've thought about this every time there's a OpenSSL update between Apache versions. It goes against what this site is about though since we are suppliers of an alternative, a vc9 alternative. The one time I felt there was a big critical need to do it, the ASF put out a new 2.2 version of Apache to go with it on their own and we didn't have to.

What I don't want to do is have us create a precedent of doing this, I'd rather convert you and anyone else to vc9 ;D If the ASF will not do this and you want an Apache that's as up to date as we are allowed to supply you with, go Apache Haus. If it is the 1.0.0 versions of OpenSSL you want with Apache 2.2, go Apache Haus. I'm not sure if anyone has actually asked the ASF to switch to OpenSSL 1.0.0 in their Windows binaries.

I'm curious though, have you thought about moving to a vc9 build?
If you have, what is stopping you from doing it? If you have not, why not consider it?

This stuff I like to hear because it will help me understand what we should be doing to make switching an easier choice for you and others to make.



Logged

perindu

  • Newbie
  • *
  • Offline Offline
  • Posts: 33
Re: OpenSSL 1.0.0d update for Apache 2.2.17 available
« Reply #3 on: February 23, 2011, 06:11:45 AM »

Hi Gregg,

Thans for your info.

The only reason i still using vc6 because of it portability i'm using on XP SP2. and i don't want to make my windows crowsed with unneeded vc9 ( once i installed it copy some file at c:\ ) also it's hard to copy between machine ( i'm using webserver based on uniform server with some tweak )

I also try not to use many resource as i can ( ok u can laugh i run my private webserver on win xp sp2 - mercury mail hehe )  ;D

So i try to save as many memory/resource i can :)

*notes*
( if only theres a way like vc6 before .. example copy only needed dll to same directory maybe i'll change to vc9 - example msvbm60.dll )

thanks a lot and sorry my english is not so good :)

- seems loading forum is a bit slow today?
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 847
Re: OpenSSL 1.0.0d update for Apache 2.2.17 available
« Reply #4 on: February 23, 2011, 06:37:15 AM »

*notes*
( if only theres a way like vc6 before .. example copy only needed dll to same directory maybe i'll change to vc9 - example msvbm60.dll )

There is, you drop the msvcr90.dll in Apache's /bin folder and go.

The reason I'm actually trying to convert people is that vc6 builds of PHP are going to disappear soon, or so the word I've been hearing is. ASF has clearly stated that they will not be moving to VC9 or vc10 in 2.2.

https://issues.apache.org/bugzilla/show_bug.cgi?id=50813 see comment 1

So you'll have to either use mod_fcgid, or move to VC9 Apache if you want to use the module.
oh, and check your personal messages inbox here.

Logged

perindu

  • Newbie
  • *
  • Offline Offline
  • Posts: 33
Re: OpenSSL 1.0.0d update for Apache 2.2.17 available
« Reply #5 on: February 23, 2011, 07:11:45 AM »


oh, and check your personal messages inbox here.



Sorry, you can't read your personal messages. ( but i got your message through email. Thanks  ;D )

i see your reason now... so if i copy msvcr90.dll in Apache's /bin folder it will work? it's goes to module also such as mod security?  nice.. i'll try it later... ( hope it will work :) )

Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 847
Re: OpenSSL 1.0.0d update for Apache 2.2.17 available
« Reply #6 on: February 23, 2011, 09:17:17 AM »

Yes, at least that module and most others. PHP itself might be problematic. The redistributable is not that big, only a couple megs. Installing it would be the preferred way but there may be a requirement for SP3 on Windows, not sure, I bet Mario or Sob knows off the top of their head.

With vc9, the binaries are smaller, they are more efficient as well. Let's look at Apache's bin folder;
VC9 = 6.39 MB total for all binary files required for Apache + SSL + zlib in bin and the iconv folder
VC6 = 8.89 MB for the same files. 2.5MB more.

I personally love vc6. I can build Apache 3 times in the time it takes vc9 to do it once. Or OpenSSL, once the configure stage of OpenSSL is complete, the actual compile itself takes ~65 seconds. I wish VC9 was that fast at building, it's about 6 minutes on the very same computer. I hate to leave vc6 behind, I'll keep it for a few more years anyway.

As far as moving to a vc9 Apache build, I'm going to have to bite the bullet and do it myself as I still run a vc6 build of 2.2. I hate moving upThe 2.3 snapshot of a week or two ago I'm running is vc9.
Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 583
Re: OpenSSL 1.0.0d update for Apache 2.2.17 available
« Reply #7 on: February 23, 2011, 11:08:35 AM »

Installing it would be the preferred way but there may be a requirement for SP3 on Windows

it works also with SP2. In one of the large companies I work the SP3 rollout was in July 2010  ;) And even before it worked with installing the M$ package. I haven't tried it before just to use the runtime dll's but I guess it should work as with vc5 and vc6. I remember win98 xD
Good thing about vc6 is that the binaries run without installing M$ package. I wonder why still under server 2008 R2 I had to install the vc9 package. It's a bit anoying.

it would be a good how to in the readme file about putting the vc files into apache bin folder.

I personally love vc6. I can build Apache 3 times in the time it takes vc9 to do it once. Or OpenSSL, once the configure stage of OpenSSL is complete, the actual compile itself takes ~65 seconds. I wish VC9 was that fast at building, it's about 6 minutes on the very same computer. I hate to leave vc6 behind, I'll keep it for a few more years anyway.
I also dislike the long compiling times. Guess we need a 3.5GHz Quadcore for AH Compiling ;-)
Logged

Sob

  • Jr. Member
  • **
  • Offline Offline
  • Posts: 72
Re: OpenSSL 1.0.0d update for Apache 2.2.17 available
« Reply #8 on: February 23, 2011, 03:43:40 PM »

VC9 redistributable supports even Win2000 (SP4). And personally, I'd rather install it in supported way. The whole package has 4MB, it won't eat up much more when installed. Easy portability might be the reason against it. But the chances are, other software will need it too. And if you want to have secure machine, you should install at least some updates anyway, so one more package makes no difference. And even that SP3 might not be such a bad idea. I know, "when it works, don't try to fix it". But on the other hand, SP2 is no longer supported and it means no more bugfixes. And sometimes it's important stuff (like yet another SMB hole :).
Logged

Sob

  • Jr. Member
  • **
  • Offline Offline
  • Posts: 72
Re: OpenSSL 1.0.0d update for Apache 2.2.17 available
« Reply #9 on: February 23, 2011, 06:54:50 PM »

If you really want to have portable Apache without installing redistributables, it's possible, I just tested it. But it's not as easy as putting dlls to bin directory.

You also need manifest file named Microsoft.VC90.CRT.manifest and it must be in the same directory as executable or in Microsoft.VC90.CRT subdirectory. Then you need msvcm90.dll, msvcp90.dll and msvcr90.dll in the same directory as manifest. But I wasn't able to get it running when it was only in bin directory. I had to put duplicate copies also in modules directory.

And I'm quite afraid what it will do, if you mix modules compiled by different compilers, e.g. VC++ 2008 with and without SP1.

As for the content of Microsoft.VC90.CRT.manifest I'm not exactly sure what's right. The one I found in redistributables directory in VC install didn't work. I found the following in installation directory of some application that also includes own copy of msvc dlls and it works:
Code: [Select]
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation.  All rights reserved. -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
    <noInheritable/>
    <assemblyIdentity
        type="win32"
        name="Microsoft.VC90.CRT"
        version="9.0.21022.8"
        processorArchitecture="x86"
        publicKeyToken="1fc8b3b9a1e18e3b"
    />
    <file name="msvcr90.dll" /> <file name="msvcp90.dll" /> <file name="msvcm90.dll" />
</assembly>

Any additional info from some manifest expert is welcome. :)
Logged

perindu

  • Newbie
  • *
  • Offline Offline
  • Posts: 33
Re: OpenSSL 1.0.0d update for Apache 2.2.17 available
« Reply #10 on: February 24, 2011, 06:33:49 AM »


Good thing about vc6 is that the binaries run without installing M$ package. I wonder why still under server 2008 R2 I had to install the vc9 package. It's a bit anoying.

it would be a good how to in the readme file about putting the vc files into apache bin folder.
I also dislike the long compiling times. Guess we need a 3.5GHz Quadcore for AH Compiling ;-)


This is one reason i still use vc6 as it dont install bloated package :)

i second on that also want to know how to set up it :) ( portability and stable  is my priority )

VC9 redistributable supports even Win2000 (SP4). And personally, I'd rather install it in supported way. The whole package has 4MB, it won't eat up much more when installed. Easy portability might be the reason against it. But the chances are, other software will need it too. And if you want to have secure machine, you should install at least some updates anyway, so one more package makes no difference. And even that SP3 might not be such a bad idea. I know, "when it works, don't try to fix it". But on the other hand, SP2 is no longer supported and it means no more bugfixes. And sometimes it's important stuff (like yet another SMB hole :).

for this i totally agree with you.. but for some reason sp3 have some problem with kernel ( i'm not sure about it )

security is important, for that i disable most of the services that not related based on black viper tweak.

i also install firewall which block port others than http, mailserver, vnc.

i also install latest MSE 2.0 ( atleast it work on sp2 :) ) and windows defender.

to harden it im using harden-it and patch tcp ( using tcp patch unofficially )

at least i dont get any problem with it

For apache mod security is nice :)

anyway thanks for advice ( smb 445 is really nasty port  ;D i got virus before which separate all network lucky my boss buy a new pc with 7 pro - LUA do help  ;D )

If you really want to have portable Apache without installing redistributables, it's possible, I just tested it. But it's not as easy as putting dlls to bin directory.

Any additional info from some manifest expert is welcome. :)

I second on that and i wonder if apachehaus would package it in zip format ( without installing it in service ) i think it would help .


Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 583
Re: OpenSSL 1.0.0d update for Apache 2.2.17 available
« Reply #11 on: February 24, 2011, 11:16:06 AM »

You also need manifest file named Microsoft.VC90.CRT.manifest and it must be in the same directory as executable or in Microsoft.VC90.CRT subdirectory.

The binaries from apachehaus include the manifest inside the binaries. If you use a hexeditor you can see it at the very end of the binaries. For that we use MT.exe

e.g.
Code: [Select]
MT -manifest mod_xsendfile.so.manifest -outputresource:mod_xsendfile.so;2
Logged

Sob

  • Jr. Member
  • **
  • Offline Offline
  • Posts: 72
Re: OpenSSL 1.0.0d update for Apache 2.2.17 available
« Reply #12 on: February 24, 2011, 03:13:07 PM »

Right, the binaries do have manifests embedded. But those provide info about required dependencies. And Windows will look for them somewhere in winsxs directory by default. But if the redistributable is not installed, it won't find them there.
Simply copying msvc*.dll to Apache's bin directory didn't work (tried with clean XP SP2 in VirtualBox), Windows ignored them. It's this additional manifest that tells Windows to use dlls from current directory.
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 847
Re: OpenSSL 1.0.0d update for Apache 2.2.17 available
« Reply #13 on: February 24, 2011, 06:46:11 PM »

I'm sorry Sob but I've done it successfully. I have the one machine with vc6 installed and for whatever reason, it will not allow me to start a vc9 build. It will not run a vc9 build even with the redist installed.

These links go to various builds of vc all running on a box with no redistributables installed and just the single crt for their version in the bin folder. The links on these pages are now outdated so don't bother trying them.

vc10: http://www.glewis.com:20108/
vc9: http://www.glewis.com:20088/
vc6: http://www.glewis.com

I'll keep the vc9 & vc10 builds up for 24 hours.
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 847
Re: OpenSSL 1.0.0d update for Apache 2.2.17 available
« Reply #14 on: February 24, 2011, 07:26:17 PM »

Right, the binaries do have manifests embedded. But those provide info about required dependencies. And Windows will look for them somewhere in winsxs directory by default.

Not so, Windows will look for them in directories in the order you know full well about.

This is the manafest to the vc9 build linked above, look at the single dependency,
Code: [Select]
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type='win32' name='Microsoft.VC90.CRT' version='9.0.21022.8' processorArchitecture='x86' publicKeyToken='1fc8b3b9a1e18e3b' />
    </dependentAssembly>
  </dependency>
</assembly>

I guess I lied, I do not remember doing it but the vc9 redistributable is there, quite possibly it was included with SP3. The vc10 is not however yet it still runs, if I move the vc10 crt out of bin it will not run.

None the less, I'm going to take my guinea pig and put it at a fresh SP2 and give it a try on it with vc9 & no redist.

@Perindu, the compiler is slower and bloated, the resulting binaries are smaller. The only bloat in Apache is Apache's bloat. 2.2 is bloated, 2.4 will be a much different server as so much has been ripped out of the core and placed in loadable modules. If you don't need it, don't load it.

But instead of taking our word for it, give it a try. It only takes a few minutes. Our server comes configured to run in c:\apache22. Put it there, drop the crt dll in the bin folder and give it a try, or wait till I get back with my test of doing the same.

Here's the crt http://www.apachehaus.net/misc/msvcr90.zip

Still, I know I did it a couple years ago on the AMD box that is collecting dust in the garage now. It's how MS tells you to do it as well.
« Last Edit: February 24, 2011, 08:46:24 PM by Gregg »
Logged
Pages: [1] 2   Go Up
 

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13