Update OpenSSL

I'm certainly no expert. But if you download and compile a version from http://openssl.org/. It can
co-exist with the version that comes with OS X.

I just compiled

OpenSSL 1.0.0a 1 Jun 2010
built on: Fri Aug 20 18:19:22 EDT 2010

and it built without any problems or complications. All tests were successful as well.

I'll leave the other question for someone that knows more that I.

Nils is correct. You do not want to replace any part of the OS. If, for some reason, you must have a newer version of openssl, download the source, compile, and install it. Then, any programs you build that use OpenSSL will use your new version.

You have to set your PATH environment variables correctly, for the environments where you want to run the command.

mickey13 wrote:
When I've compiled some things from source before (Ruby 1.9.1 for example), I feel like I'm not guaranteed that it will always be used as opposed to a previous version. In the Ruby example, when I ran "ruby -v" I would get 1.9.1, but on my webpages, I would see the older version listed.

That is because the new version of Ruby that you built has no effect on the version that Apache was built with.

I felt like I might get the same behavior if I built OpenSSL the same way. Any ideas?

I'm positive that you would get exactly the same behavior. Why do you want a newer version of OpenSSL?

mickey13 wrote:
Ruby would be a module, right; not compiled as part of apache?

I don't know for sure. All of the official Apache modules need to be built with the same settings that Apache is built with. If you need to update one, you normally have to update them all. That can get messy in a hurry.

I don't know how Ruby specifically is handled. It could be a module or the Apache config files could define a specific path to use for Ruby. Perl, for example, can be done either way.

Got an SSL negotiation error when I did a large subversion commit. Figured updating might fix that.

I doubt it. It would be best to focus on identifying and resolving those errors.

mickey13 wrote:
I just don't get why the version shipped with Mac OS X is treated as a special case, and shouldn't ever be touched. My understanding is, that is the case with any software that someone wants to update via compiling it from source.

Anything shipped with MacOS X is a special case. You shouldn't update it unless you absolutely have to. The open-source programmers who write this stuff do NOT test or build on MacOS X. You don't want to install it until Apple has built the OS with it.

If there is something you really need and/or want, you can always install it into some non-system path such as /usr/local and build your own applications with it. There is no guarantee it will build or work properly.

The one thing you don't ever want to do is try to replace anything that Apple ships. Even if it works, it could easily break future software updates and leave you vulnerable to all sorts of bugs and security holes. That is, of course, assuming you haven't hosed your system entirely.

mickey13 wrote:
Does Apple update their version OpenSSL and other open source packages that they use?

Sure, just not that often. Apple updates much more frequently than the big Linux distributions like RedHat or CentOS.

It may also be the case that while apple doesn't do update to the latest version of openssl, or other package. The may still back port some of the bug fixes to older versions of openssl. You have to check the change logs for openssl to see if this is the case though.