SSL Support for the Windows version of POPFile

Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
devel:sslsupport [2008/03/10 01:21] xueshengdevel:sslsupport [2011/09/07 16:02] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== SSL Support for the Windows version of POPFile ====== ====== SSL Support for the Windows version of POPFile ======
  
 +^ This page only applies to the old POPFile 1.1.1 release and the earlier releases which offer support for SSL connections to mail servers ^
  
 +^ POPFile 1.1.2 (or later) uses improved SSL support which is built-in to the installer and does not involve any internet access during installation ^
 +
 +For POPFile 1.1.2 (released 21 August 2011) the SSL support for the Windows version was upgraded to use a completely new SSL support package which is more up-to-date and smaller than the support packages used by earlier releases of POPFile. The Windows installer now includes all of the neceassry files and installs them by default. This means the installer will no longer download (and possibly patch) the files during the installation. As a result the installer code has been simplified and made easier to maintain.
  
 ===== Why are SSL patches sometimes required? ===== ===== Why are SSL patches sometimes required? =====
  
-POPFile has been able to make SSL connections to mail servers since the 0.22.0 release in September 2004. If the "SSL support" option is selected the installer will download the necessary files from the University of Winnipeg repository (this is the only known source of these SSL Support files; they are not available from the main ActiveState repository because ActiveState do not currently have the necessary government permit).+POPFile has been able to make SSL connections to mail servers since the 0.22.0 release in September 2004. If the "SSL support" option is selected the installer will download the necessary files from the University of Winnipeg repository (this is the main source of these SSL Support files; they are not available from the main %%ActivePerl%% 5.8 repository because %%ActiveState%% do not currently have the necessary government permit)
 + 
 +POPFile 1.1.0 and later releases also download one SSL file from the ppm.tcool.org repository because the file found in the University of Winnipeg repository does not support the timeout feature POPFile uses to cope with slow servers.
  
 Downloading the SSL support files during the installation helps reduce the size of the installer and ensures that the installation uses the most up-to-date SSL support files. This scheme has worked very well because these SSL files are not updated frequently (see [[#SSL Support Files Status|table]] below). Downloading the SSL support files during the installation helps reduce the size of the installer and ensures that the installation uses the most up-to-date SSL support files. This scheme has worked very well because these SSL files are not updated frequently (see [[#SSL Support Files Status|table]] below).
Line 14: Line 20:
  
 This makes it much easier to respond to those rare occasions when the files on the University of Winnipeg server get updated and become incompatible with the current release of POPFile because it avoids the need to rebuild the installer and the **POPFile SSL Setup** wizard. However the current patches, if any, are still incorporated into each build of the installer so they can be used if the POPFile web site is not available when the installer is run. This makes it much easier to respond to those rare occasions when the files on the University of Winnipeg server get updated and become incompatible with the current release of POPFile because it avoids the need to rebuild the installer and the **POPFile SSL Setup** wizard. However the current patches, if any, are still incorporated into each build of the installer so they can be used if the POPFile web site is not available when the installer is run.
 +
  
  
Line 22: Line 29:
 For POPFile 0.22.0, 022.1, 0.22.2, 0.22.3, 0.22.4 and 0.22.5 a special utility, the **POPFile SSL Setup** wizard, has been created to allow SSL Support to be added to these older versions of POPFile. This wizard is able to add or update SSL Support for POPFile 0.22.0 or any later release. For POPFile 0.22.0, 022.1, 0.22.2, 0.22.3, 0.22.4 and 0.22.5 a special utility, the **POPFile SSL Setup** wizard, has been created to allow SSL Support to be added to these older versions of POPFile. This wizard is able to add or update SSL Support for POPFile 0.22.0 or any later release.
  
-Although the installers for 0.22.3, 0.22.4 and 0.22.offer to add SSL Support these old installers are unable to apply the necessary patches to make the current files from the University of Winnipeg repository compatible with these old POPFile releases. This means POPFile will crash when it tries to use the SSL files downloaded by these old installers.+Although the installers for 0.22.3, and 0.22.offer to add SSL Support these old installers are unable to apply the necessary patches to make the current files from the University of Winnipeg repository compatible with these old POPFile releases. This means POPFile will crash when it tries to use the SSL files downloaded by these old installers
 + 
 +The 0.22.5 installer is currently (11 March 2008) able to add SSL Support but it does not use the new POPFile web-server address so it will be unable to download the SSL patches if any become necessary for this old release. Version 0.3.1 (or later) of the POPFile SSL Setup wizard uses the new POPFile web-server so it can be used to update old 0.22.5 installations if any SSL patches need to be applied.
  
 The minimal Perl used in POPFile 0.22.0, 0.22.1 and 0.22.2 is no longer compatible with the files from the University of Winnipeg so the **POPFile SSL Setup** wizard includes a set of compatible SSL files which will be installed instead. The minimal Perl used in POPFile 0.22.0, 0.22.1 and 0.22.2 is no longer compatible with the files from the University of Winnipeg so the **POPFile SSL Setup** wizard includes a set of compatible SSL files which will be installed instead.
Line 35: Line 44:
 When SSL support is added to POPFile a log file is created listing the files which get added to POPFile and any SSL patches which were applied to make the files work properly with that particular installation. When SSL support is added to POPFile a log file is created listing the files which get added to POPFile and any SSL patches which were applied to make the files work properly with that particular installation.
  
-Three log files are used at present. These log files are stored in the main POPFile program folder, as specified in the POPFILE_ROOT environment variable or in the window resulting from the Start -- Programs -- POPFile -- Support -- PFI Diagnostic utility (simple) shortcut:+Three log files are used at present:
  
   * ''install.log'' is used when SSL Support is added by the POPFile installer   * ''install.log'' is used when SSL Support is added by the POPFile installer
Line 42: Line 51:
  
   * ''addssl.log'' is used when SSL Support is added by the POPFile SSL Setup wizard    * ''addssl.log'' is used when SSL Support is added by the POPFile SSL Setup wizard 
 +
 +These log files are stored in the main POPFile program folder. The location of this folder is normally held in the POPFILE_ROOT environment variable and in the registry. Since it it not easy for users to check these values, the location of this folder can be displayed using the following shortcut created by the installer:
 +Start -- Programs -- POPFile -- Support -- PFI Diagnostic utility (simple)
  
  
Line 51: Line 63:
 ====== SSL Patch Files on the POPFile Server (getpopfile.org) ====== ====== SSL Patch Files on the POPFile Server (getpopfile.org) ======
  
-The ''/var/www/installer/ssl-patch'' directory contains, at the time of writing (9 March 2008), the following files which are used when adding or upgrading SSL support:+The ''/var/www/installer/ssl-patch'' directory contains, at the time of writing (3 October 2009), the following files which are used when adding or upgrading SSL support:
  
   0.22.x.pcf   0.22.x.pcf
Line 57: Line 69:
   1.0.0.pcf   1.0.0.pcf
   1.0.1.pcf   1.0.1.pcf
 +  1.1.0.pcf
 +  1.1.1.pcf
   SSL_pm.pat   SSL_pm.pat
   MD5SUMS   MD5SUMS
Line 64: Line 78:
 The SSL_pm.pat file is a binary file containing the VPATCH patch data used by the installer to downgrade the SSL.pm file in newer versions of the IO::Socket::SSL module to the old v0.97 version which is compatible with POPFile 0.22.4 and 0.22.3. The SSL_pm.pat file is a binary file containing the VPATCH patch data used by the installer to downgrade the SSL.pm file in newer versions of the IO::Socket::SSL module to the old v0.97 version which is compatible with POPFile 0.22.4 and 0.22.3.
  
-The MD5SUMS file contains the MD5 sums for the other files in the directory. It is used by the installer (or the POPFile SSL Setup wizard) to check the integrity of the files it downloads. This file can be generated and checked quite easily at the web server's command-line:+The [[/installer/ssl-patch/MD5SUMS|MD5SUMS]] file contains the MD5 sums for the other files in the directory. It is used by the installer (or the POPFile SSL Setup wizard) to check the integrity of the files it downloads. This file can be generated and checked quite easily at the web server's command-line:
 <code bash> <code bash>
 $ rm MD5SUMS $ rm MD5SUMS
Line 70: Line 84:
 $ md5sum -c MD5SUMS $ md5sum -c MD5SUMS
 </code> </code>
-The PCF files and the MD5SUMS file are text files and can use either LF or CRLF for the end-of-line sequence. (The installer and POPFile SSL Setup wizard always convert the end-of-line sequences to CRLF before trying to use these files.)+The PCF files and the MD5SUMS file are text files and can use either LF or CRLF for the end-of-line sequence. (The installer and POPFile SSL Setup wizard can cope with either format.)
  
  
 ====== POPFile Patch Control Files ====== ====== POPFile Patch Control Files ======
 +
 +
  
  
Line 137: Line 153:
 **[Patch-n]** specifies the number of this patch section. **n** should be replaced by the patch section number, starting from **1**. **[Patch-n]** specifies the number of this patch section. **n** should be replaced by the patch section number, starting from **1**.
  
-**Category** indicates the importance of the patch. In the current implementation two categories are supported: ESSENTIAL and OPTIONAL. At present the **ESSENTIAL** category is used to trigger a Message Box in the "SSL Setup" wizard.+**Category** indicates the importance of the patch. In the current implementation two categories are supported: ESSENTIAL and OPTIONAL. At present the **ESSENTIAL** category is used to trigger a Message Box in the "POPFile SSL Setup" wizard.
  
-**%%PatchData%%** specifies the name of the binary patch file to be applied (stored in same directory as the PCF file). This file is generated by the VPATCH utility shipped with the NSIS compiler (see below) +**%%PatchData%%** specifies the name of the binary patch file to be applied (stored in same directory as the PCF file). This file is generated by the VPATCH utility shipped with the NSIS compiler (see "How the SSL.pm patch was created" below) 
  
 **%%TargetFolder%%** specifies the installation directory containing the file to be patched. This directory path is relative to the main POPFile program folder (i.e. this path is appended to the contents of the POPFILE_ROOT environment variable). %%TargetFolder%% paths containing the sequence ".." will be rejected to ensure the installer (or the POPFile SSL Setup wizard) only patches files in or under the POPFILE_ROOT folder. **%%TargetFolder%%** specifies the installation directory containing the file to be patched. This directory path is relative to the main POPFile program folder (i.e. this path is appended to the contents of the POPFILE_ROOT environment variable). %%TargetFolder%% paths containing the sequence ".." will be rejected to ensure the installer (or the POPFile SSL Setup wizard) only patches files in or under the POPFILE_ROOT folder.
Line 217: Line 233:
 LogMsg-4=ERROR: SSL.pm file has *not* been downgraded to v0.97 LogMsg-4=ERROR: SSL.pm file has *not* been downgraded to v0.97
 </code> </code>
 +
  
  
Line 253: Line 270:
 LogMsg-1=Applying a dummy patch to UI\HTML.pm LogMsg-1=Applying a dummy patch to UI\HTML.pm
 LogMsg-2=UI\HTML.pm patch status: LogMsg-2=UI\HTML.pm patch status:
-LogMsg-3=UI\HTML.pm file has been downgraded to v0.0 +LogMsg-3=UI\HTML.pm file has been upgraded to v1.23.456 
-LogMsg-4=ERROR: UI\HTML.pm file has *not* been downgraded to v0.0+LogMsg-4=ERROR: UI\HTML.pm file has *not* been upgraded to v1.23.456
 </code> </code>
  
Line 261: Line 278:
 ====== How the SSL.pm patch was created ====== ====== How the SSL.pm patch was created ======
  
-The patch used to downgrade SSL.pm v0.99, SSL.pm v0.999, SSL.pm v1.01 or SSL.pm v1.08+The patch used to downgrade SSL.pm v0.99, SSL.pm v0.999, SSL.pm v1.01SSL.pm v1.08 or SSL.pm v1.13
 to SSL.pm v0.97 was created using the VPATCH package which is supplied with NSIS. The to SSL.pm v0.97 was created using the VPATCH package which is supplied with NSIS. The
 following MS-DOS commands were used to create the patch file: following MS-DOS commands were used to create the patch file:
Line 271: Line 288:
 GenPat.exe SSL_1.01.pm  SSL_0.97.pm SSL_pm.pat GenPat.exe SSL_1.01.pm  SSL_0.97.pm SSL_pm.pat
 GenPat.exe SSL_1.08.pm  SSL_0.97.pm SSL_pm.pat GenPat.exe SSL_1.08.pm  SSL_0.97.pm SSL_pm.pat
 +GenPat.exe SSL_1.13.pm  SSL_0.97.pm SSL_pm.pat
 </code> </code>
  
Line 279: Line 297:
   * SSL_1.01.pm  was the SSL.pm file from v1.01  of the IO::Socket:SSL module   * SSL_1.01.pm  was the SSL.pm file from v1.01  of the IO::Socket:SSL module
   * SSL_1.08.pm  was the SSL.pm file from v1.08  of the IO::Socket:SSL module   * SSL_1.08.pm  was the SSL.pm file from v1.08  of the IO::Socket:SSL module
 +  * SSL_1.13.pm  was the SSL.pm file from v1.13  of the IO::Socket:SSL module
  
-These commands generate a ''SSL_pm.pat'' file which can be used to downgrade v0.99, v0.999, v1.01 or v1.08 of SSL.pm to v0.97 which is compatible with POPFile 0.22.3 and 0.22.4.+These commands generate a ''SSL_pm.pat'' file which can be used to downgrade v0.99, v0.999, v1.01v1.08 or v1.13 of SSL.pm to v0.97 which is compatible with POPFile 0.22.3 and 0.22.4.
  
   * **IMPORTANT NOTE**   * **IMPORTANT NOTE**
Line 293: Line 312:
  
 ^ University of Winnipeg repository ^^^ ^ University of Winnipeg repository ^^^
-^ Update Date ^ IO::Socket:SSL ^ Net::SSLeay ^+^ Update Date ^ IO::Socket:SSL ^ Net_SSLeay.pm ^
 |  1 August 2003 |  v0.94  |  v1.25  | |  1 August 2003 |  v0.94  |  v1.25  |
 |  22 June 2005 | SSL files are now **binary** incompatible with POPFile 0.22.2 or earlier || |  22 June 2005 | SSL files are now **binary** incompatible with POPFile 0.22.2 or earlier ||
Line 302: Line 321:
 |  31 August 2007 |  v1.08  |  v1.30  | |  31 August 2007 |  v1.08  |  v1.30  |
  
-  * "SSL Support Files Status" information correct as of 9 March 2008+  * "SSL Support Files Status" information correct as of 18 September 2008 
 + 
 +  * On 22 June 2005 the University of Winnipeg's SSL files were updated to work with %%ActivePerl%% 5.8.7 Build 813 (the then current version of %%ActivePerl%%). These changes made the SSL files incompatible with the Windows versions of POPFile 0.22.0, 0.22.1 and 0.22.2 since these releases use older versions of perl58.dll which lack some of the features required by the new SSL Support files. This binary incompatibility prompted the release of POPFile 0.22.3. 
 + 
  
-  * On 22 June 2005 the University of Winnipeg's SSL files were updated to work with ActivePerl 5.8.7 Build 813 (the then current version of ActivePerl). These changes made the SSL files incompatible with the Windows versions of POPFile 0.22.0, 0.22.1 and 0.22.2 since these releases use older versions of perl58.dll which lack some of the features required by the new SSL Support files. This binary incompatibility prompted the release of POPFile 0.22.3. 
  
  
Line 311: Line 333:
 ===== SSL Support Status for POPFile releases which can use SSL ===== ===== SSL Support Status for POPFile releases which can use SSL =====
  
-^ POPFile ^ Release Date ^ Minimal Perl      ^  SSL Support status       ^ +^ POPFile ^ Release Date ^  Minimal Perl      ^  SSL Support status       ^ 
-|  0.22.0  |  7 September 2004 | 5.8.3 Build 809 | patch POPFile's Module.pm and replace all SSL files | +|  0.22.0  |  7 September 2004 |5.8.3 (Build 809)| patch POPFile's Module.pm and replace all SSL files | 
-|  0.22.1  |  1 October 2004 | 5.8.3 Build 809 | replace all SSL support files with old versions | +|  0.22.1  |  1 October 2004 |5.8.3 (Build 809)| replace all SSL support files with old versions | 
-|  0.22.2  |  18 December 2004 | 5.8.4 Build 810 | replace all SSL support files with old versions | +|  0.22.2  |  18 December 2004 |5.8.4 (Build 810)| replace all SSL support files with old versions | 
-|  0.22.3  |  28 October 2005 | 5.8.7 Build 813 | downgrade SSL.pm from IO::Socket::SSL to v0.97 | +|  0.22.3  |  28 October 2005 |5.8.7 (Build 813)| downgrade SSL.pm from IO::Socket::SSL to v0.97 | 
-|  0.22.4  |  22 February 2006 | 5.8.7 (Build 815) | downgrade SSL.pm from IO::Socket::SSL to v0.97 | +|  0.22.4  |  22 February 2006 |5.8.7 (Build 815)| downgrade SSL.pm from IO::Socket::SSL to v0.97 | 
-|  0.22.5  |  18 June 2007 | 5.8.8 (Build 820) | no patches required (IO::Socket::SSL v1.08 is compatible) | +|  0.22.5  |  18 June 2007 |5.8.8 (Build 820)| no patches required (IO::Socket::SSL v1.08 is compatible) | 
-|  1.0.0    21 December 2007| 5.8.8 (Build 822) | no patches required (IO::Socket::SSL v1.08 is compatible) | +|  1.0.0    21 December 2007|5.8.8 (Build 822)| no patches required (IO::Socket::SSL v1.08 is compatible) | 
-|  1.0.1   (probably March 2008| 5.8.8 (Build 822) | no patches required (IO::Socket::SSL v1.08 is compatible) |+|  1.0.1    26 May 2008 |5.8.8 (Build 822)| no patches required (IO::Socket::SSL v1.08 is compatible) | 
 +|  1.1.0    30 November 2008 |5.8.8 (Build 822)| no patches required (IO::Socket::SSL v1.13 is used) | 
 +|  1.1.1    26 September 2009 |5.8.9 (Build 826)| no patches required (IO::Socket::SSL v1.13 is used) | 
 + 
 +  * "SSL Support Status for POPFile releases" information correct as of 3 October 2009
  
-  * "SSL Support Status for POPFile releases" information correct as of 9 March 2008+  * Starting with the 1.1.0 release POPFile now uses a timeout when connecting to the SSL server. This requires the use of IO::Socket:SSL v1.10 or later. Since the University of Winnipeg repository currently has only v1.08 available, another repository (http://ppm.tcool.org/) is used for the IO::Socket::SSL package (v1.13 as of 30 November 2008 and 3 October 2009).
 
devel/sslsupport.1205112091.txt.gz · Last modified: 2008/03/10 02:21 (external edit)
Old revisions

Should you find anything in the documentation that is incomplete, unclear, outdated or just plain wrong, please let us know and leave a note in the Documentation Forum.

Recent changes RSS feed Donate Driven by DokuWiki
The content of this wiki is protected by the GNU Fee Documentation License