httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject Re: mod_ssl in trunk with OpenSSL 0.9.7 as a minimum requirement?
Date Wed, 03 Aug 2011 16:23:18 GMT
On 02.08.2011 22:39, William A. Rowe Jr. wrote:
> On 7/31/2011 4:17 AM, Kaspar Brand wrote:
>>> - drop support for OpenSSL < 0.9.7a
>>> - drop support for non-OpenSSL/derivatives of OpenSSL
>>
>> Ok, then my next step is working on a patch which takes care of these
>> two points, I guess.
> 
> +1

Ok, so the initial version of that patch became relatively large:

  https://people.apache.org/~kbrand/mod_ssl-toolkit-support.v1.diff

Even though trunk is CTR, I'm somewhat reluctant with simply going ahead
and would appreciate if people could comment on this approach (e.g. if
it's fine or splitting up would be preferred, etc.).

In theory, the changes could be limited to the autoconf stuff - i.e.,
guard against OpenSSL < 0.9.7 and not detect BSAFE SSL-C any longer in
configure, and leave the mod_ssl code as is, mostly.

I don't think that's what we want, however, so I tried to get rid of as
much of the macro cruft as possible (drop ssl_toolkit_compat.h, remove
obsolete ifdef'ed code and so on).

I successfully compiled trunk with the above patch against the following
OpenSSL versions (w/o warnings): 0.9.7, 0.9.8, 1.0.0d (NB: by 0.9.7, I'm
referring to the initial release in that series, not the 0.9.7a patch
release).

Finally, I also ran the t/ssl tests against the three versions with
these OpenSSL releases, and all of them passed.

Thanks for commenting on / reviewing the current patch version.

Kaspar

Mime
View raw message