httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kbr...@apache.org
Subject svn commit: r1563425 - in /httpd/httpd/branches: 2.2.x/STATUS 2.4.x/STATUS
Date Sat, 01 Feb 2014 15:03:52 GMT
Author: kbrand
Date: Sat Feb  1 15:03:52 2014
New Revision: 1563425

URL: http://svn.apache.org/r1563425
Log:
Drop stalled RFC 5878 backport proposals (reverted in trunk with r1468131),
as they have been obsoleted through "SSLOpenSSLConfCmd ServerInfoFile"
meanwhile (r1555683, and CT is no longer using SSL_CTX_use_authz_file either).

Modified:
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.4.x/STATUS

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1563425&r1=1563424&r2=1563425&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Sat Feb  1 15:03:52 2014
@@ -328,28 +328,3 @@ PATCHES/ISSUES THAT ARE STALLED
     2.4 patch: http://people.apache.org/~fuankg/diffs/httpd-2.4.x-cross_compile.diff
     2.2 patch: http://people.apache.org/~fuankg/diffs/httpd-2.2.x-cross_compile.diff
     fuankg: on hold until we agree for a better and more simple solution ...
-
-  * mod_ssl: Add RFC 5878 support. This allows support of mechanisms
-             such as Certificate Transparency. Note that new
-             mechanisms are supported without software updates.
-    trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1352596
-    2.2.x patch: http://people.apache.org/~ben/httpd-2.2-rfc5878.patch
-    +1: ben, druggeri
-    -1: kbrand
-    druggeri note: Needs docs for new directive
-    kbrand: depends on an unreleased OpenSSL version (1.0.2), and
-            RFC 5878 is of "Category: Experimental".
-            The API in the OpenSSL implementation from May 2012
-            (http://cvs.openssl.org/chngview?cn=22601) only covers the
-            privately-defined TLSEXT_AUTHZDATAFORMAT_audit_proof, there's
-            no support for x509_attr_cert (section 3.3.1 in RFC 5878) or
-            saml_assertion (3.3.2). SSL_CTX_use_authz_file doesn't have
-            any docs in OpenSSL, either, and there's no "openssl foo ..."
-            command or similar to create/manage such files.
-            Note: as of 2013-04-15, r1352596 has been reverted in trunk,
-            (with r1468131), for the reasons explained in the message with id
-            <515FED7C.5010009@velox.ch> sent to the dev list on 2013-04-06.
-    ben: not correct that it depends on OpenSSL 1.0.2, it builds with
-         any version. Also, if you read my note to dev@ you will see
-         why it is not premature.
-

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1563425&r1=1563424&r2=1563425&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Sat Feb  1 15:03:52 2014
@@ -265,33 +265,6 @@ PATCHES/ISSUES THAT ARE STALLED
               And wrowe's comment about the 2.2 patch is also valid for 2.4:
               http://svn.apache.org/viewvc?view=revision&revision=1354823
 
-   * mod_ssl: Add RFC 5878 support. This allows support of mechansisms
-              such as Certificate Transparency. Note that new
-              mechanisms are supported without software updates.
-     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1352596
-     2.4.x patch: http://people.apache.org/~ben/httpd-2.4-rfc5878.patch
-     +1: ben, druggeri
-     -1: kbrand
-     druggeri note: Needs docs for new directive
-     kbrand: depends on an unreleased OpenSSL version (1.0.2), and
-             RFC 5878 is of "Category: Experimental".
-             The API in the OpenSSL implementation from May 2012
-             (http://cvs.openssl.org/chngview?cn=22601) only covers the
-             privately-defined TLSEXT_AUTHZDATAFORMAT_audit_proof, there's
-             no support for x509_attr_cert (section 3.3.1 in RFC 5878) or
-             saml_assertion (3.3.2). SSL_CTX_use_authz_file doesn't have
-             any docs in OpenSSL, either, and there's no "openssl foo ..."
-             command or similar to create/manage such files.
-             Additionally, httpd-2.4-rfc5878.patch includes a build-system
-             change which is unrelated to this feature.
-             Note: as of 2013-04-15, r1352596 has been reverted in trunk
-             (with r1468131), for the reasons explained in the message with id
-             <515FED7C.5010009@velox.ch> sent to the dev list on 2013-04-06.
-     ben: not correct that it depends on OpenSSL 1.0.2, it builds with
-          any version. Also, if you read my note to dev@ you will see
-          why it is not premature.
-     minfrin: once this gets docs, +1.
-
    * Makefile.win: Added copying of .vbs / .wsf CGIs to Windows install target.
                    Moved fixing of shebang to separate target so that it is
                    no longer executed by default and all CGIs remain inactive.



Mime
View raw message