Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW

Should I recompile SSL CPAN modules now?

by vsespb (Chaplain)
on Apr 08, 2014 at 16:59 UTC ( #1081529=perlquestion: print w/ replies, xml ) Need Help??
vsespb has asked for the wisdom of the Perl Monks concerning the following question:

So, about CVE-2014-0160 (more info)

AFAIK problem persists not only for server side, but for client side too.

After updating openssl libs from vendor, should I recompile IO::Socket::SSL and possibly other CPAN modules which depend on SSL/TLS?

Comment on Should I recompile SSL CPAN modules now?
Replies are listed 'Best First'.
Re: Should I recompile SSL CPAN modules now?
by mr_mischief (Monsignor) on Apr 08, 2014 at 21:01 UTC

    IO::Socket::SSL depends on Net::SSLeay which actually wraps OpenSSL so if you can get Net::SSLeay rebuilt I think you should be alright. I haven't looked that deeply. Some monk surely knows more.

      Unless you build statically linked versions it should be enough to just install a patched openssl shared library (, If you are not sure you might check with strace on linux, e.g.:
      $ strace -e open perl -MNet::SSLeay .... open("/lib/x86_64-linux-gnu/", O_RDONLY|O_CLOEXEC) = 3 + + open("/lib/x86_64-linux-gnu/", O_RDONLY|O_CLOEXEC) += 3
      If you see these libs loaded dynamically all is fine and you just need to replace them by installing the updated libssl package.
Re: Should I recompile SSL CPAN modules now?
by zentara (Archbishop) on Apr 08, 2014 at 18:12 UTC
    Sounds like a prudent thing to do, but I wonder what other backdoors they have in there?

    I'm not really a human, but I play one on earth.
    Old Perl Programmer Haiku ................... flash japh

      Backdoors imply they were there on purpose. In fact, OpenSSL is just a big mess.

      "There is no shame in being self-taught, only in not trying to learn in the first place." -- Atrus, Myst: The Book of D'ni.

        Isn't the excuse that it's all a big mess the easiest way to provide a cover story for putting in backdoors? I mean look at Microsoft Windows. There was a news release about a year ago which said that just about any Microsoft system gets infected within 30 minutes of being online. Is Microsoft code that big of a mess?

        I'm not really a human, but I play one on earth.
        Old Perl Programmer Haiku ................... flash japh

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1081529]
Front-paged by Arunbear
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (4)
As of 2015-11-29 11:39 GMT
Find Nodes?
    Voting Booth?

    What would be the most significant thing to happen if a rope (or wire) tied the Earth and the Moon together?

    Results (750 votes), past polls