Return-Path: X-Original-To: apmail-httpd-cvs-archive@www.apache.org Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D24CCD261 for ; Sun, 7 Oct 2012 06:36:42 +0000 (UTC) Received: (qmail 50389 invoked by uid 500); 7 Oct 2012 06:36:42 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 50220 invoked by uid 500); 7 Oct 2012 06:36:40 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 50194 invoked by uid 99); 7 Oct 2012 06:36:39 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 07 Oct 2012 06:36:39 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 07 Oct 2012 06:36:36 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id B6FD223889D7; Sun, 7 Oct 2012 06:35:52 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1395229 - in /httpd/httpd/branches: 2.2.x/STATUS 2.4.x/STATUS Date: Sun, 07 Oct 2012 06:35:52 -0000 To: cvs@httpd.apache.org From: kbrand@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20121007063552.B6FD223889D7@eris.apache.org> Author: kbrand Date: Sun Oct 7 06:35:51 2012 New Revision: 1395229 URL: http://svn.apache.org/viewvc?rev=1395229&view=rev Log: propose, vote, promote, comment Modified: httpd/httpd/branches/2.2.x/STATUS httpd/httpd/branches/2.4.x/STATUS Modified: httpd/httpd/branches/2.2.x/STATUS URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1395229&r1=1395228&r2=1395229&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/STATUS (original) +++ httpd/httpd/branches/2.2.x/STATUS Sun Oct 7 06:35:51 2012 @@ -94,6 +94,13 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] + * mod_ssl: Add SSLCompression directive to control TLS compression + trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1345319 + http://svn.apache.org/viewvc?view=revision&revision=1348656 + 2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1369585 + 2.2.x patch: http://people.apache.org/~covener/patches/2.2.x-sslcompression.diff + (minor ssl_private.h merge problem) + +1 covener, rjung, kbrand PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] @@ -143,10 +150,19 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1352596 2.2.x patch: http://people.apache.org/~ben/httpd-2.2-rfc5878.patch +1: ben, druggeri + -1: kbrand druggeri note: Needs docs for new directive kbrand: depends on an unreleased OpenSSL version (1.0.2), and RFC 5878 is of "Category: Experimental". Seems premature to me to consider for backporting to 2.4/2.2 at this point. + The API in the OpenSSL implementation from May 2012 + (http://cvs.openssl.org/chngview?cn=22601) only covers the + privately-defined TLSEXT_AUTHZDATAFORMAT_audit_proof, there's + no support for x509_attr_cert (section 3.3.1 in RFC 5878) or + saml_assertion (3.3.2). SSL_CTX_use_authz_file doesn't have + any docs in OpenSSL, either, and there's no "openssl foo ..." + command or similar to create/manage such files. Trunk is + the right place where it can grow. ben: not correct that it depends on OpenSSL 1.0.2, it builds with any version. Also, if you read my note to dev@ you will see why it is not premature. @@ -171,6 +187,9 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: 2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1356881 2.2.x patch: http://people.apache.org/~rjung/patches/mod_proxy_http-fix-hostname-ssl-2_2.patch +1: rjung, covener + kbrand: only has an effect if r1175416 is backported, too (see note at + https://issues.apache.org/bugzilla/show_bug.cgi?id=53134#c10 + by the patch author) * server/mpm_unix.c (dummy_connection): Use a TLS 1.0 close_notify alert if the chosen listener is configured for https; not perfect @@ -188,13 +207,11 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: 2.2.x patch: http://people.apache.org/~covener/patches/2.2.x-byterange-table_clear.diff +1: covener, rjung - * mod_ssl: Add SSLCompression directive to control TLS compression - trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1345319 - http://svn.apache.org/viewvc?view=revision&revision=1348656 - 2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1369585 - 2.2.x patch: http://people.apache.org/~covener/patches/2.2.x-sslcompression.diff - (minor ssl_private.h merge problem) - +1 covener, rjung + * ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output + to more accurately report the negotiated protocol. PR 53916. + trunk patch: https://svn.apache.org/viewvc?view=revision&revision=1395225 + 2.2.x patch: https://people.apache.org/~kbrand/ab-tlsv1_x-2.2.x.patch + +1: kbrand PATCHES/ISSUES THAT ARE STALLED Modified: httpd/httpd/branches/2.4.x/STATUS URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1395229&r1=1395228&r2=1395229&view=diff ============================================================================== --- httpd/httpd/branches/2.4.x/STATUS (original) +++ httpd/httpd/branches/2.4.x/STATUS Sun Oct 7 06:35:51 2012 @@ -109,10 +109,22 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1352596 2.4.x patch: http://people.apache.org/~ben/httpd-2.4-rfc5878.patch +1: ben, druggeri + -1: kbrand druggeri note: Needs docs for new directive kbrand: depends on an unreleased OpenSSL version (1.0.2), and RFC 5878 is of "Category: Experimental". Seems premature to me to consider for backporting to 2.4/2.2 at this point. + The API in the OpenSSL implementation from May 2012 + (http://cvs.openssl.org/chngview?cn=22601) only covers the + privately-defined TLSEXT_AUTHZDATAFORMAT_audit_proof, there's + no support for x509_attr_cert (section 3.3.1 in RFC 5878) or + saml_assertion (3.3.2). SSL_CTX_use_authz_file doesn't have + any docs in OpenSSL, either, and there's no "openssl foo ..." + command or similar to create/manage such files. Trunk is + the right place where it can grow. + Finally, httpd-2.4-rfc5878.patch includes a build-system change + which is unrelated to this feature (see separate proposal from + rjung below, ssl-support-uninstalled-openssl-2_4.patch). ben: not correct that it depends on OpenSSL 1.0.2, it builds with any version. Also, if you read my note to dev@ you will see why it is not premature. @@ -207,6 +219,12 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: 2.4.x patch: trunk patch works +1: trawick + * ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output + to more accurately report the negotiated protocol. PR 53916. + trunk patch: https://svn.apache.org/viewvc?view=revision&revision=1395225 + 2.4.x patch: trunk patch works (modulo CHANGES) + +1: kbrand + A list of further possible backports can be found at: http://people.apache.org/~rjung/patches/possible-backports-httpd-trunk-2_4.txt If you want to propose one of those, please still add them here.