httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kbr...@apache.org
Subject svn commit: r1468132 - in /httpd/httpd/branches: 2.2.x/STATUS 2.4.x/STATUS
Date Mon, 15 Apr 2013 15:59:05 GMT
Author: kbrand
Date: Mon Apr 15 15:59:05 2013
New Revision: 1468132

URL: http://svn.apache.org/r1468132
Log:
update comment, and move proposal to stalled section for 2.2.x, too

Modified:
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.4.x/STATUS

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1468132&r1=1468131&r2=1468132&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Mon Apr 15 15:59:05 2013
@@ -129,29 +129,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
                   mod_ssl is not loaded, but right now it would fail.
                   An mmn minor bump would also be required for API addition.
 
-   * mod_ssl: Add RFC 5878 support. This allows support of mechanisms
-              such as Certificate Transparency. Note that new
-              mechanisms are supported without software updates.
-     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1352596
-     2.2.x patch: http://people.apache.org/~ben/httpd-2.2-rfc5878.patch
-     +1: ben, druggeri
-     -1: kbrand
-     druggeri note: Needs docs for new directive
-     kbrand: depends on an unreleased OpenSSL version (1.0.2), and
-             RFC 5878 is of "Category: Experimental". Seems premature
-             to me to consider for backporting to 2.4/2.2 at this point.
-             The API in the OpenSSL implementation from May 2012
-             (http://cvs.openssl.org/chngview?cn=22601) only covers the
-             privately-defined TLSEXT_AUTHZDATAFORMAT_audit_proof, there's
-             no support for x509_attr_cert (section 3.3.1 in RFC 5878) or
-             saml_assertion (3.3.2). SSL_CTX_use_authz_file doesn't have
-             any docs in OpenSSL, either, and there's no "openssl foo ..."
-             command or similar to create/manage such files. Trunk is
-             the right place where it can grow.
-     ben: not correct that it depends on OpenSSL 1.0.2, it builds with
-          any version. Also, if you read my note to dev@ you will see
-          why it is not premature.
-
    * mod_proxy_http: Use the same hostname for SNI as for the HTTP request when
      forwarding to SSL backends.
      PR: 53134
@@ -381,4 +358,26 @@ PATCHES/ISSUES THAT ARE STALLED
     2.2 patch: http://people.apache.org/~fuankg/diffs/httpd-2.2.x-cross_compile.diff
     fuankg: on hold until we agree for a better and more simple solution ...
 
-
+  * mod_ssl: Add RFC 5878 support. This allows support of mechanisms
+             such as Certificate Transparency. Note that new
+             mechanisms are supported without software updates.
+    trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1352596
+    2.2.x patch: http://people.apache.org/~ben/httpd-2.2-rfc5878.patch
+    +1: ben, druggeri
+    -1: kbrand
+    druggeri note: Needs docs for new directive
+    kbrand: depends on an unreleased OpenSSL version (1.0.2), and
+            RFC 5878 is of "Category: Experimental".
+            The API in the OpenSSL implementation from May 2012
+            (http://cvs.openssl.org/chngview?cn=22601) only covers the
+            privately-defined TLSEXT_AUTHZDATAFORMAT_audit_proof, there's
+            no support for x509_attr_cert (section 3.3.1 in RFC 5878) or
+            saml_assertion (3.3.2). SSL_CTX_use_authz_file doesn't have
+            any docs in OpenSSL, either, and there's no "openssl foo ..."
+            command or similar to create/manage such files.
+            Note: as of 2013-04-15, r1352596 has been reverted in trunk,
+            (with r1468131), for the reasons explained in the message with id
+            <515FED7C.5010009@velox.ch> sent to the dev list on 2013-04-06.
+    ben: not correct that it depends on OpenSSL 1.0.2, it builds with
+         any version. Also, if you read my note to dev@ you will see
+         why it is not premature.

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1468132&r1=1468131&r2=1468132&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Mon Apr 15 15:59:05 2013
@@ -290,19 +290,19 @@ PATCHES/ISSUES THAT ARE STALLED
      -1: kbrand
      druggeri note: Needs docs for new directive
      kbrand: depends on an unreleased OpenSSL version (1.0.2), and
-             RFC 5878 is of "Category: Experimental". Seems premature
-             to me to consider for backporting to 2.4/2.2 at this point.
+             RFC 5878 is of "Category: Experimental".
              The API in the OpenSSL implementation from May 2012
              (http://cvs.openssl.org/chngview?cn=22601) only covers the
              privately-defined TLSEXT_AUTHZDATAFORMAT_audit_proof, there's
              no support for x509_attr_cert (section 3.3.1 in RFC 5878) or
              saml_assertion (3.3.2). SSL_CTX_use_authz_file doesn't have
              any docs in OpenSSL, either, and there's no "openssl foo ..."
-             command or similar to create/manage such files. Trunk is
-             the right place where it can grow.
-             Finally, httpd-2.4-rfc5878.patch includes a build-system change
-             which is unrelated to this feature (see separate proposal from
-             rjung below, ssl-support-uninstalled-openssl-2_4.patch).
+             command or similar to create/manage such files.
+             Additionally, httpd-2.4-rfc5878.patch includes a build-system
+             change which is unrelated to this feature.
+             Note: as of 2013-04-15, r1352596 has been reverted in trunk
+             (with r1468131), for the reasons explained in the message with id
+             <515FED7C.5010009@velox.ch> sent to the dev list on 2013-04-06.
      ben: not correct that it depends on OpenSSL 1.0.2, it builds with
           any version. Also, if you read my note to dev@ you will see
           why it is not premature.



Mime
View raw message