Welcome! Log In Create A New Profile

Advanced

Re: How to install Nginx from source and avoid the OpenSSL Bug ?

B.R.
June 04, 2014 09:52AM
On Wed, Jun 4, 2014 at 3:33 PM, Lukas Tribus <luky-37@hotmail.com> wrote:

> > How to install Nginx from source and avoid the OpenSSL Bug ?
>
> What openssl bug are you talking about? Debian contains all
> important fixes afaik.
>

​I think 'yarek'​

​ tries to build nginx with a 3rd-party program.
I'd suggest to use either the latest stable (v1.6.0) or mainline (v1.7.1)
source.
v1.4.3 is pretty old now and is deprecated.

Btw, nginx links the OpenSSL library dynamically, so the bug has never lied
inside nginx.
It depends on the version of OpenSSL which has been used to compile nginx
(since using a version other than the one used for compilation at run time
might fail/introduce problems).

> It seems error comes from :
> > Planned removal of SSL_OP_MSIE_SSLV2_RSA_PADDING breaks dependent
> software
> > if you are using OpenSSL 1.0.2 or higher.
> >
> > Any idea on how do I fix that ?
>
> It was already fixed 9 months ago:
> http://hg.nginx.org/nginx/rev/a73678f5f96f
>
> Use a recent nginx tarball.
>

​'yarek' you could have compared the error message triggered by the source
you were using with the current ngx_event_openssl.c source file
http://trac.nginx.org/nginx/browser/nginx/src/event/ngx_event_openssl.c.
You would have seen that the deprecation of the constant you triggered is
handled, by a check for its existence. Lukas has been kind enough to
provide you with the exact commit introducing this change.

​To sump up:
- use recent/supported source http://nginx.org/en/download.html
- use an unaffected version of OpenSSL
https://www.openssl.org/news/secadv_20140407.txt​ when compiling your
nginx binary. All major distro (including Debian) have fixed their
repositories with corrected versions for a long time now

---
*B. R.*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

How to install Nginx from source and avoid the OpenSSL Bug ?

yarek June 04, 2014 09:24AM

RE: How to install Nginx from source and avoid the OpenSSL Bug ?

Lukas Tribus June 04, 2014 09:34AM

Re: How to install Nginx from source and avoid the OpenSSL Bug ?

B.R. June 04, 2014 09:52AM

RE: How to install Nginx from source and avoid the OpenSSL Bug ?

Lukas Tribus June 04, 2014 10:54AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 60
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready