Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 12455 invoked from network); 24 Jul 2010 16:44:08 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 24 Jul 2010 16:44:08 -0000 Received: (qmail 78766 invoked by uid 500); 24 Jul 2010 16:44:08 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 78708 invoked by uid 500); 24 Jul 2010 16:44:07 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 78700 invoked by uid 99); 24 Jul 2010 16:44:07 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 24 Jul 2010 16:44:07 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=10.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of rainer.jung@kippdata.de designates 195.227.30.149 as permitted sender) Received: from [195.227.30.149] (HELO mailserver.kippdata.de) (195.227.30.149) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 24 Jul 2010 16:43:59 +0000 Received: from [192.168.2.105] ([192.168.2.105]) by mailserver.kippdata.de (8.13.5/8.13.5) with ESMTP id o6OGhcDX002766 for ; Sat, 24 Jul 2010 18:43:39 +0200 (CEST) Message-ID: <4C4B183A.80807@kippdata.de> Date: Sat, 24 Jul 2010 18:43:38 +0200 From: Rainer Jung User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.7) Gecko/20100713 Thunderbird/3.1.1 MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: [VOTE] Release httpd 2.2.16 References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org On 21.07.2010 20:45, Paul Querna wrote: > Test tarballs for Apache httpd 2.2.16 are available at: > > > Your votes please; > > +/- 1 > [+1] Release httpd-2.2.16 +1 for release. Tested on Solaris 8 Sparc, SuSE Linux Enterprise 10 (32Bit and 64Bit). - Signature and Hashes OK - gz and bz2 identical, no unexpected diff to svn tag - builds fine with most and all either static or shared and MPMs prefork, worker, event (were applicable) - test suite run for all those builds, no regressions from 2.2.15 Failing: - t/apache/pr17629.t - t/apache/pr43939.t (see R�diger's comment about a missing backport for PR 17629 already contained in STATUS; no regression, I see also failure with 2.2.15 and 2.2.14) - t/ssl/extlookup.t - t/ssl/require.t No regression. Both fail when trying to read the OID 1.3.6.1.4.1.18060.12.0 with value "Lemons" from the client cert "client_ok". mod_test_ssl returns NULL, SSLRequire logs [info] [client 127.0.0.1] Failed expression: "Lemons" in OID("1.3.6.1.4.1.18060.12.0") I wasn't able to find the root cause, the value seems to be in the cert when I dump it with OpenSSL. The dump shows leading "..", which seems to be because the value was configured DER encoded. OpenSSL version was 0.9.8o. BTW: This should not be caused by SSL renegotiation. Both server *and* client use OpenSSL 0.9.8n resp. 0.9.8o and the Apache error log contains Performing full renegotiation: complete handshake protocol (client does support secure renegotiation) Regards, Rainer