httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: restructuring mod_ssl as an overlay
Date Wed, 07 Jun 2006 21:35:17 GMT


On 06/07/2006 10:53 PM, William A. Rowe, Jr. wrote:

> 
> There's another gray point, without OpenSSL, mod_ssl is a noop, that is,
> it does no crypto.  There is more crypto in mod_auth_digest, util_md5 or
> in apr-util than there is in mod_ssl.

I think this is an excellent point regarding the source. Without an SSL toolkit
like openssl mod_ssl does nothing. It is no crypto software. Otherwise you could
argue that httpd without mod_ssl is also crypto software, because you can use
mod_ssl with httpd. So separating it into a subproject would not help either.

So provided mod_auth_digest, util_md5 or apr-util do not impose further problems, we
would only have problems of offering binary packages (which I understand we want to offer).

Apart from any inconvience for the user, but only from the legal point of view:

Is a binary httpd with mod_ssl compiled in crypto software if it is delivered without openssl?


A complete different question: Does anybody know how mozilla.org handles these kind
of problems with firefox?



Regards

RĂ¼diger

Mime
View raw message