On Wed, Jun 4, 2014 at 3:33 PM, Lukas Tribus <luky...@hotmail.com> wrote:
> > How to install Nginx from source and avoid the OpenSSL Bug ? > > What openssl bug are you talking about? Debian contains all > important fixes afaik. > I think 'yarek' tries to build nginx with a 3rd-party program. I'd suggest to use either the latest stable (v1.6.0) or mainline (v1.7.1) source. v1.4.3 is pretty old now and is deprecated. Btw, nginx links the OpenSSL library dynamically, so the bug has never lied inside nginx. It depends on the version of OpenSSL which has been used to compile nginx (since using a version other than the one used for compilation at run time might fail/introduce problems). > It seems error comes from : > > Planned removal of SSL_OP_MSIE_SSLV2_RSA_PADDING breaks dependent > software > > if you are using OpenSSL 1.0.2 or higher. > > > > Any idea on how do I fix that ? > > It was already fixed 9 months ago: > http://hg.nginx.org/nginx/rev/a73678f5f96f > > Use a recent nginx tarball. > 'yarek' you could have compared the error message triggered by the source you were using with the current ngx_event_openssl.c source file <http://trac.nginx.org/nginx/browser/nginx/src/event/ngx_event_openssl.c>. You would have seen that the deprecation of the constant you triggered is handled, by a check for its existence. Lukas has been kind enough to provide you with the exact commit introducing this change. To sump up: - use recent/supported source <http://nginx.org/en/download.html> - use an unaffected version of OpenSSL <https://www.openssl.org/news/secadv_20140407.txt> when compiling your nginx binary. All major distro (including Debian) have fixed their repositories with corrected versions for a long time now --- *B. R.*
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
