httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <>
Subject Re: svn commit: r798359 - in /httpd/httpd/branches/2.2.x: modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_engine_vars.c modules/ssl/ssl_util_ssl.c support/ab.c
Date Tue, 28 Jul 2009 21:38:32 GMT
Peter Sylvester wrote:
> William A. Rowe, Jr. wrote:
>> Paul Querna wrote:
>>> -1 veto, please revert this commit.
>>> Unless I missed something, these changes were not voted on in the
>>> STATUS file.  I think wrowe's endorsement was... badly worded.
>> wrowe's endorsement was fine, and one of three votes required to override
>> STATUS flow, so you are right - it's premature.  We would need at least
>> a third committer agreeing to apply then test then flush out due to the
>> discrepancies between httpd 2.4 and 2.2 mod_ssl code bases.
>> But I'd really rather we didn't kick around patch files due to all of the
>> mismatches between trunk and 2.2.
> /I think it would be a good idea to plan a release together with
> openssl 1.0.0, at least //when openssl 1.0.0 comes out, mod_ssl
> should be compilable./
> /
> Concerning the differences, I can see several categories:
> - changes due to stricter rules in openssl, this concerns  the
>   mentioned patches, in fact the 'const' and 'stack' stuff. This
>   doesn't change any functionality. Not a big deal that
>   this backport was forgotten in 2.2.12.
> - "simple" corrections and functional additions in the trunk.
>   some may be worth to be backported.

I looked at the patch in question and it seems reasonable to me. That should
work fine on much older versions of OpenSSL it's just that now some things are
enforced that weren't before.

There is some non-portable code round there that accesses extensions in a most
convoluted fashion for some unknown reason.

Dr Stephen N. Henson. Senior Technical/Cryptography Advisor,
Open Source Software Institute:
OpenSSL Core team:

View raw message