httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject RE: Tagging 2.2.15 to play openssl catchup?
Date Fri, 26 Feb 2010 11:29:00 GMT
 

> -----Original Message-----
> From: Rainer Jung  
> Sent: Freitag, 26. Februar 2010 12:17
> To: dev@httpd.apache.org
> Subject: Re: Tagging 2.2.15 to play openssl catchup?
> 
> On 25.02.2010 22:36, William A. Rowe Jr. wrote:
> > I'd like to move ahead and catch up to OpenSSL 0.9.8m which 
> was released today,
> > and that requires a 2.2 release.
> >
> > Let's start a three day clock to the tag, and I'll tag 
> Sunday about noon CST.
> > That gives folks friday, and weekend warriors time Saturday 
> to catch up with
> > final important bugfix backports, and testers can pick this 
> up Sunday afternoon
> > or anytime Monday/Tuesday.
> >
> > WDYAT?
> 
> Isn't 0.9.8m by default still allowing unsafe renegs? So 
> updated clients 
> will be safe, but the server doesn't enforce the safetyness 
> (and reject 
> unsafe client).
> 
> trunk already contains a patch by Joe that allows the admin 
> to decide, 
> whether he wants to reject unsafe reneg or not.
> 
> The revisions of the patch and some additiona to it are:
> 
> 906039
> 906057
> 906067
> 906116
> 906454
> 906485
> 906491
> 906493
> 908015
> 
> I guess backporting is pretty straightforward. Wouldn't it be nice to 
> already support this with 2.2.15?
> 
> Joe, do you already have a candidate, or should I suggest a backport 
> patch myself?

Joe mentioned in the commit message that this requires OpenSSL 1.0.something.
Does this also work with OpenSSL 0.9.8m?

Regards

Rüdiger


Mime
View raw message