OpenSSL Libraries are no longer distributed with VA Smalltalk
Reason for change
The OpenSSL release cycle includes quick turn-around patch releases based on discovered security vulnerabilities which demand immediate attention due to its ubiquitous use on the web. While previous versions of VA Smalltalk shipped with these libraries, it was noticed that they became dated (insecure) even within VA Smalltalk's release cycle. Many customers making use of SSL/TLS functionality were forced to upgrade these libraries anyway.
Change
Windows OpenSSL and supporting binary changes:
• (removed) libeay32.dll
• (removed) ssleay32.dll
• (removed) crtstdll.dll
• (removed) esscissl.dll
• (removed) sslth.dll
• (added) vasslthreads.dll
Unix/Linux OpenSSL and supporting binary changes:
• (removed) libcrypto.so
• (removed) libssl.so
• (removed) libcrtfile.so
• (removed) libsslthread.so
• (added) vasslthreads.so
Action required
When acquiring OpenSSL, ensure the version is 1.0.0 or above. Make sure to use the 32 bit version.
Download and copy the OpenSSL shared libraries into VA Smalltalk Binary Directory (i.e. same locations as the abt executable).
To minimize abt.ini adjustments, ensure the names of the OpenSSL shared libraries are;
• (Windows) libeay32.dll and ssleay32.dll
• (Unix/Linux) libcrypto.so and libssl.so
In the abt.ini file, ensure the following 3 PlatformLibrary Name Mappings match the following on Windows:
• CRYPTO_LIB=libeay32
• SSL_LIB=ssleay32
• THREAD_LIB=vasslthreads
On Unix/Linux, they should be:
• CRYPTO_LIB=libcrypto
• SSL_LIB=libssl
• THREAD_LIB=vasslthreads
Last modified date: 04/05/2019