httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject [PATCH]es More descriptive mod_ssl/OpenSSL version logging
Date Wed, 21 Mar 2007 01:39:34 GMT
William A. Rowe, Jr. wrote:
> httpd was patched for httpd -v some time ago to report both the compiled
> and loaded versions of apr[-util].
> I'd like to get this into trunk/2.2/2.0 similarly for openssl.
> It's very common for users to hotfix openssl for security vulnerabilities,
> but the apache error log remains 'scary' to auditors and administrators...
> [Tue Mar 20 15:54:21 2007] [notice] Apache/2.0.59 (Unix) DAV/2 CovalentSNMP/3.0.
> 3 mod_jk/1.2.18 mod_ssl/2.0.59 OpenSSL/0.9.7i PHP/4.4.4 mod_perl/1.999.21 Perl/v
> 5.8.8 configured -- resuming normal operations
> [Tue Mar 20 15:59:51 2007] [info] Server: Apache/2.0.59, Interface: mod_ssl/2.0.
> 59, Library: OpenSSL/0.9.7i

After looking at the code, I see we shifted to the (OpenSSL only breaking
SSL-C toolkit support) SSLeay_version a while back, but it's still not
sufficient IMHO.  I'm proposing the attached patches which

*) adds compile-time/run time SSL-C version support
*) simplify a ton of overly-verbose legacy code
*) split the compiled-against v.s. runtime library
*) precache the results of the version string touchup

Patches to trunk/2.2/2.0 attached - comments (or votes) please?


View raw message