1 Topic by dunnma (edited by dunnma 2011-03-02 23:01:47)

  • Registered: 2009-05-18
  • Posts: 8

Topic: OpenSSL

Since I consider Remi a master at this I need to pose the question...can you create a package with a newer version of OpenSSL (at least 0.9.8k) for CentOS 5+?

The reason this is needed is that you cannot do name based SSL installation (i.e. <VirtualHost *:443/>).  It looks like the biggest package out there is 0.9.8e.  So in order to have more than one domain on a box AND at least one SSL you have to use IP based (i.e. <VirtualHost IP:443/>).  Right now I am good to go, but if I add another SSL I either need to get more IPs or get a newer version of OpenSSL installed.

Thoughts?



Oh...and I would love to buy you something off of your Amazon list but I am assuming it is not "up to date"?  I will make a donation instead.

  • Remi
  • Remi
  • Administrateur
  • Offline
  • From: Champagne...
  • Registered: 2009-04-28
  • Posts: 3,836

Re: OpenSSL

I confirm that you can have only 1 SSL "vhost" per IP/port.
Because SSL handshake (and certificate check) is done "before" http protocol and vhost selection.

Where have you read than a newer version of OpenSSL will change this old limit ?

openssl is a very sensible package, and updating it will imply to rebuild a lot of package which depend on it.

# repoquery --whatrequires 'libssl.so.6' | wc -l
262
Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Remi's Website

  • Remi
  • Remi
  • Administrateur
  • Offline
  • From: Champagne...
  • Registered: 2009-04-28
  • Posts: 3,836

Re: OpenSSL

Ok, I have found
http://httpd.apache.org/docs/2.2/ssl/ss … tml#vhosts
http://en.wikipedia.org/wiki/Server_Name_Indication

Must do some test here.
But this is probably a really big change (need new openssl AND new httpd)

Switching to EL-6 which provides httpd 2.2.15 and openssl 1.0.0 seems the simplest solution.

+

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Remi's Website