Patch-ID# 114796-04 Keywords: security kcl2 mod ssl Synopsis: Crypto Accelerator 4000 - 1.0: product patch Date: May/17/2004 Install Requirements: See Special Install Instructions Solaris Release: 8 9 SunOS Release: 5.8 5.9 Unbundled Product: Sun Crypto Accelerator 4000 Unbundled Release: 1.0 Xref: Topic: Relevant Architectures: sparc BugId's fixed with this patch: 4862425 4862427 4895196 4940538 4940555 4948621 4959240 5028965 Changes incorporated in this version: 5028965 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /opt/SUNWconn/cryptov2/bin/openssl /opt/SUNWconn/cryptov2/include/openssl/aes.h /opt/SUNWconn/cryptov2/include/openssl/asn1.h /opt/SUNWconn/cryptov2/include/openssl/asn1_mac.h /opt/SUNWconn/cryptov2/include/openssl/asn1t.h /opt/SUNWconn/cryptov2/include/openssl/bio.h /opt/SUNWconn/cryptov2/include/openssl/blowfish.h /opt/SUNWconn/cryptov2/include/openssl/bn.h /opt/SUNWconn/cryptov2/include/openssl/buffer.h /opt/SUNWconn/cryptov2/include/openssl/comp.h /opt/SUNWconn/cryptov2/include/openssl/conf.h /opt/SUNWconn/cryptov2/include/openssl/conf_api.h /opt/SUNWconn/cryptov2/include/openssl/crypto.h /opt/SUNWconn/cryptov2/include/openssl/des.h /opt/SUNWconn/cryptov2/include/openssl/des_old.h /opt/SUNWconn/cryptov2/include/openssl/dh.h /opt/SUNWconn/cryptov2/include/openssl/dsa.h /opt/SUNWconn/cryptov2/include/openssl/dso.h /opt/SUNWconn/cryptov2/include/openssl/e_os2.h /opt/SUNWconn/cryptov2/include/openssl/ec.h /opt/SUNWconn/cryptov2/include/openssl/engine.h /opt/SUNWconn/cryptov2/include/openssl/err.h /opt/SUNWconn/cryptov2/include/openssl/evp.h /opt/SUNWconn/cryptov2/include/openssl/hmac.h /opt/SUNWconn/cryptov2/include/openssl/krb5_asn.h /opt/SUNWconn/cryptov2/include/openssl/kssl.h /opt/SUNWconn/cryptov2/include/openssl/lhash.h /opt/SUNWconn/cryptov2/include/openssl/md2.h /opt/SUNWconn/cryptov2/include/openssl/md4.h /opt/SUNWconn/cryptov2/include/openssl/md5.h /opt/SUNWconn/cryptov2/include/openssl/obj_mac.h /opt/SUNWconn/cryptov2/include/openssl/objects.h /opt/SUNWconn/cryptov2/include/openssl/ocsp.h /opt/SUNWconn/cryptov2/include/openssl/opensslconf.h /opt/SUNWconn/cryptov2/include/openssl/opensslv.h /opt/SUNWconn/cryptov2/include/openssl/ossl_typ.h /opt/SUNWconn/cryptov2/include/openssl/pem.h /opt/SUNWconn/cryptov2/include/openssl/pkcs12.h /opt/SUNWconn/cryptov2/include/openssl/pkcs7.h /opt/SUNWconn/cryptov2/include/openssl/rand.h /opt/SUNWconn/cryptov2/include/openssl/rc2.h /opt/SUNWconn/cryptov2/include/openssl/rc4.h /opt/SUNWconn/cryptov2/include/openssl/rsa.h /opt/SUNWconn/cryptov2/include/openssl/safestack.h /opt/SUNWconn/cryptov2/include/openssl/sha.h /opt/SUNWconn/cryptov2/include/openssl/ssl.h /opt/SUNWconn/cryptov2/include/openssl/ssl2.h /opt/SUNWconn/cryptov2/include/openssl/ssl3.h /opt/SUNWconn/cryptov2/include/openssl/symhacks.h /opt/SUNWconn/cryptov2/include/openssl/tls1.h /opt/SUNWconn/cryptov2/include/openssl/txt_db.h /opt/SUNWconn/cryptov2/include/openssl/ui.h /opt/SUNWconn/cryptov2/include/openssl/ui_compat.h /opt/SUNWconn/cryptov2/include/openssl/x509.h /opt/SUNWconn/cryptov2/include/openssl/x509_vfy.h /opt/SUNWconn/cryptov2/include/openssl/x509v3.h /opt/SUNWconn/cryptov2/lib/libcrypto.a /opt/SUNWconn/cryptov2/lib/libcrypto.so.0.9.7 /opt/SUNWconn/cryptov2/lib/libssl.a /opt/SUNWconn/cryptov2/lib/libssl.so.0.9.7 /opt/SUNWconn/cryptov2/lib/mod_ssl.so.1.3.26 /opt/SUNWconn/cryptov2/lib/mod_ssl.so.1.3.26_S8 /opt/SUNWconn/cryptov2/lib/mod_ssl.so.1.3.27 /opt/SUNWconn/cryptov2/ssl/openssl.cnf Problem Description: 5028965 Upgrade to OpenSSL 0.9.7d for SCA 4000 (from 114796-03) 4959240 OpenSSL 0.9.7c fails verify with certain certificate/Root CAs (from 114796-02) 4940555 Include MD2 and MD4 algorithms in SCA OpenSSL libraries 4940538 Upgrade SCA 4000 to use OpenSSL 0.9.7c 4948621 SCA 4000 OpenSSL engine fixes (from 114796-01) 4862427 SCA 4000 needs update from openssl 0.9.6g to latest rev 4895196 SCA 4000 mod_ssl libs cause Apache to seg fault when restarted or on HUP 4862425 SCA 4000 needs mod_ssl support for Apache 1.3.27 w/ Solaris 9 Patch Installation Instructions: -------------------------------- For Solaris 8 and 9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/109715-01 The following example removes a patch from a standalone system: example# patchrm 109715-01 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE: Updating Apache when used with the Sun Crypto Accelerator 4000 Board ========================================================================== Different releases of Apache are unable to share modules. Therefore, when you upgrade your Apache software, you must also update any modules you have installed, including the mod_ssl module (for SSL) supplied with the Sun Crypto Accelerator 4000 board. If you are using Apache 1.3.26, then once you have installed this patch, you must also run the sslconfig program (/opt/SUNWconn/crypto/bin/sslconfig) and edit your httpd.conf to change the line that reads LoadModule ssl_module /usr/apache/libexec/mod_ssl.so.1.3.26 so that instead it reads LoadModule ssl_module /usr/apache/libexec/mod_ssl.so.1.3.27 Then you should be able to restart the Apache server using the startup script (/etc/init.d/apache start). README -- Last modified date: Monday, May 17, 2004