[Glass] openssl packaged with GS/64
Norm Green via Glass
glass at lists.gemtalksystems.com
Wed Jul 8 12:47:09 PDT 2015
Hi Paul,
On 7/8/2015 12:11 PM, Paul DeBruicker via Glass wrote:
> Hi -
>
> I noticed that 3.2.7 is shipping with an updated openssl (1.0.2b) and that openssl is prepping to release a new version Thursday (https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html) which patches a serious vulnerability.
>
> It is my understanding that because of how the GemStone install scripts set the PATH the version of openssl that ships with GS becomes the de facto version of openssl in use on the system its installed on. Unless you manually delete the version of openssl that ships with GS. Is that correct?
Yes that is correct. GemStone always explicitly loads the SSL libraries
from $GEMSTONE/lib (64 bit or $GEMSTONE/lib32 (32 bit).
> If that is correct, is there a better way to do this so that users of GS don't have to delete the version of openssl you ship with the product?
You are free to compile a newer/different version of the SSL libs and
replace the ones in $GEMSTONE. We also sometimes will do this for you
and release just the SSL libs. This is why we designed our usage of SSL
the way we did. It is obviously impossible to synchronize our product
releases with OpenSSL releases.
We always merge the latest versions of SSL into our source code
repository as soon as SSL is released. How/when we will formally
release this SSL release is still TBD.
> How do others handle this?
Good question for the community. I'm not sure.
-Norm
>
> Thanks
>
> Paul
> _______________________________________________
> Glass mailing list
> Glass at lists.gemtalksystems.com
> http://lists.gemtalksystems.com/mailman/listinfo/glass
More information about the Glass
mailing list