From Mexico.purplecow.org

Jump to: navigation, search

PCOWnova

Introduction

PCOWnova is a Solaris 10 package built to address the shortfalls in the Solaris 10 openssl implementation and surrounding common utilities.

Changes in the SSL/TLS standards to include features such as SNI are not included in the Solaris 10 maintained OpenSSL. This leads to failures when using tools such as wget to hit a number of common websites, including those pertaining to python, wordpress, etc. The number of impacted sites is due to increase over time.

An unofficial statement from Oracle (absolutely unofficial) is that no further major changes will be made to Solaris 10 OpenSSL as it is in a sustaining state and compatibility is first and foremost.

PCOWnova includes OpenSSL, wget and curl to mitigate these problems in the short term. The current package is a 32bit only build and is designed purely to provide these tools for automation and convenience.

Contents

PCOWnova 1.04 contains

  • OpenSSL 1.0.1k
  • wget 1.15
  • curl 7.38.0

Compatibility

The PCOWnova package is built for both sparc and x86 platforms. However, there are some caveats:

  • The official guidelines for building packages is to build against an FCS target for full future compatibility. These packages are built against a 10u11 system and may not reliably work with early Solaris 10 releases.
  • The stack is designed to be self contained and require no third party deps, however it does assume a full Solaris 10 SUNWCall/SUNWCxall install. This means you may need to add certain SUNW packages on a stripped or reduced Solaris 10 installation. Use the ldd tool to find missing libraries as required.

Changelog & Ongoing Updates

  • 1.04 - update from OpenSSL 1.0.1j to 1.0.1k to mitigate multiple issues
  • 1.03 - package metadata change only
  • 1.02 - update from OpenSSL 1.0.1i to 1.0.1j to mitigate CVE-2014-3513
  • 1.01 - initial build

PCOWnova will be updated to cover critical security issues and as new versions become available. The build is automated and response should be quick. If the packages are no longer being updated, this web content will be updated to state this.

Copyright

The copyright resides with the rightholders of openssl, wget & curl. purplecow.org makes no claim to any intellectual property.

Downloads

Questions

  • Can I link against the PCOWnova openssl?
  • You can, but the package is designed only to support those utilities and you may be better off maintaining your own openssl build if packaging something else. There is no SPARC hardware crypto support in this openssl and you will not get peak performance, so avoid using it for anything where throughput is critical.