httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: [PATCH] TLS cleanup
Date Sun, 10 Jun 2001 20:48:40 GMT
"Roy T. Fielding" wrote:
> 
> On Sun, Jun 03, 2001 at 11:01:01PM -0700, Ryan Morgan wrote:
> > On Fri, Jun 01, 2001 at 02:24:26PM -0700, Roy T. Fielding wrote:
> > > > So now all the user needs to specify is --enable-tls, and only --with-ssl=dir
> > > > if configure cannot find the SSL toolkit.
> > >
> > > That's a reasonable theory, but note that the existing tls check allows
> > > more options than the openssl check.  I think we need to head in this
> > > direction but replace the existing "search for openssl" code with a
> > > simpler AC_TRY_LINK check that was specific to the minimum SSL library
> > > needed to compile those modules.
> >
> > Yep, an all-in-one check is what is needed, although mod_tls only works
> > with OpenSSL at the moment. (Correct me if I'm wrong)
> >
> > The reason I submitted the patch is because the current checks for OpenSSL
> > are incorrect.  $SSLDIR/include/openssl is added to INCLUDES causing the
> > compile to break when trying to include "openssl/ssl.h".
> >
> > I just figured it would be easier to move over to the CHECK_SSL_TOOLKIT
> > macro than try to maintain two checks that should do the same thing.
> 
> No question about that -- it is what I said in the commitlog when I
> created that macro.  The point is that we have to get Ben Laurie to
> check if the macro is sufficient for mod_tls, as it was specifically
> written for the very latest version of openssl (I do not know why
> mod_ssl depends on that version) and I only tested it with mod_ssl.

The latest version of OpenSSL is pretty much a requirement for security
reasons, which is why...

> I would prefer a real autoconf macro that actually checks for the
> feature needed by our use of SSL.

...is not really the way to go (at least at this point).

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Mime
View raw message