[...]
For the record, I have manually updated about three dozen *nix boxes' openssl/Apache now, and it's definitely no problem to switch from an older openssl to 0.9.6e or g. The only cricital thing is to choose the correct SSL patch ("FixPatch") for the corresponding Apache and openssl versions.
Needless to say that I ran numerous tests to ensure that the new versions work as expected.
We have run these tests at our consumer's systems a long while ago when we tried this one time. We have learned, it causes severe pain and we will not do this again. Trust me. According to the book, it should work, but it doesn't. There are a few hundred packages that depend on openssl. You will have to test them all from a new, or recompile. All of them.
Of course it's definitely more convenient/safe to do these updates via RPM/You, I don't want to encourage anyone to wreck their systems.
Please don't. :-|
Peter
Boris
Roman.