Compile hMail to use OpenSSL DLL's

This forum contains features that has been archived. This section contains implemented features, duplicate requests, and requests which we have decided not to implement.
Post Reply

Use OpenSSL DLL's

Yes, I want to be able to update the OpenSSL library independently of hMail exe no matter the potential incompatibilities or hassles
2
50%
Yes it'd be nice but only if reasonable & unlikely to cause problems
1
25%
Either way is fine with me
0
No votes
No, keep it as is (OpenSSL is compiled into hMail application) I want hmail ready to go & not deal with DLL's
1
25%
 
Total votes: 4

braniak
Normal user
Normal user
Posts: 33
Joined: 2014-02-08 18:21

Compile hMail to use OpenSSL DLL's

Post by braniak » 2014-04-24 05:05

Although the response time to the heartbleed bug from the hMail development team has been phenomenal, it has highlighted a potential problem that it is not possible to upgrade the OpenSSL library without waiting for a new hMail build.

I would like the ability to upgrade the OpenSSL library without waiting for a new hMail build. In order to do that, I propose that all future hMail builds be compiled to load OpenSSL dynamically at startup (using DLL's). The OpenSSL win32 binaries can be downloaded from several places on the web, including here: http://slproweb.com/products/Win32OpenSSL.html

prisma
Senior user
Senior user
Posts: 310
Joined: 2010-07-09 13:16

Re: Compile hMail to use OpenSSL DLL's

Post by prisma » 2014-04-28 10:24

+1 BUT: this is a low priority item. It's only a question of good practise to be able to update security components separately. One technical question: When openssl is dynamically linked, you're also rather bound to one specific version, aren't you? Thinking about headers e.g...

braniak
Normal user
Normal user
Posts: 33
Joined: 2014-02-08 18:21

Re: Compile hMail to use OpenSSL DLL's

Post by braniak » 2014-04-28 16:20

prisma wrote:+1 BUT: this is a low priority item. It's only a question of good practice to be able to update security components separately. One technical question: When openssl is dynamically linked, you're also rather bound to one specific version, aren't you? Thinking about headers e.g...
The standard OpenSSL API interface has not changed in many years meaning that you can upgrade or downgrade the DLL's without issue. Additionally, new versions are always backwards compatible which means that you should always be able to upgrade to new DLL's without recompiling the app using it.

User avatar
Caspar
Senior user
Senior user
Posts: 377
Joined: 2008-09-08 11:47
Contact:

Re: Compile hMail to use OpenSSL DLL's

Post by Caspar » 2014-04-28 17:55

braniak wrote:
prisma wrote:+1 BUT: this is a low priority item. It's only a question of good practice to be able to update security components separately. One technical question: When openssl is dynamically linked, you're also rather bound to one specific version, aren't you? Thinking about headers e.g...
The standard OpenSSL API interface has not changed in many years meaning that you can upgrade or downgrade the DLL's without issue. Additionally, new versions are always backwards compatible which means that you should always be able to upgrade to new DLL's without recompiling the app using it.
Please not that not all new versions are backwards compatible. Best comparison is actually PHP 5.2 and 5.3. PHP 5.3 actually broke lots of scripts that were used. although the solution has been "updating the scripts" it was not 100% backwards compatible even though it is a subversion.

It is most likely compatible, and will probably not change that fast, but you cannot be 100% certain.

next to that, I agree it should be a good idea to have it in the future as an add-on, or even a possibility to have an option to use either the build-in or the DLL, for those who want to use their own version of OpenSSL.
If you have strange problems or errors use the log analyzer! http://log.damnation.org.uk
Join us on IRC! http://hmailserver.com/irc_fullscreen.php

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: Compile hMail to use OpenSSL DLL's

Post by Bill48105 » 2014-04-28 18:42

I swore I replied already.. When you can tell the future you'll be rich. ;) Things are SUPPOSED to be compatible but does not mean that are or will be. Like I said before (must have been in another thread) it is just asking to be in DLL HELL with incompatibility issues & require extra support just like how mysql dll has been such a hassle. As I said before I'm open to post up a dynamically linked build sometimes (like I did for heartbleed) but i doubt martin will change official code.
Bill
PS. If hmailserver was closed source I could see a bigger concern but since hmail 5.4 is open source if someone is really needing to update openssl or it dynamically linked they can download the source & compile it themselves or hire someone if they need it bad enough.
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Compile hMail to use OpenSSL DLL's

Post by martin » 2014-07-02 11:19

The next release of hMailServer will come with dynamically linked OpenSSL library. The library (two DLLs) will be included with the installation so it won't be the same issue as with the MySQL lib.

As you guys point out, there's no guarantee that you can just drop in a newer version of the OpenSSL component and it will magically work. But it's quite possible. I've tried switching out the version and it seemed to work fine.

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: Compile hMail to use OpenSSL DLL's

Post by Bill48105 » 2014-07-03 03:38

martin wrote:The next release of hMailServer will come with dynamically linked OpenSSL library. The library (two DLLs) will be included with the installation so it won't be the same issue as with the MySQL lib.

As you guys point out, there's no guarantee that you can just drop in a newer version of the OpenSSL component and it will magically work. But it's quite possible. I've tried switching out the version and it seemed to work fine.
ok cool martin. welcome to dll hell :D
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

Post Reply