httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject Re: mod_ssl in trunk with OpenSSL 0.9.7 as a minimum requirement?
Date Sun, 07 Aug 2011 10:49:25 GMT
On 05.08.2011 17:39, William A. Rowe Jr. wrote:
> On 8/5/2011 2:57 AM, Stefan Fritsch wrote:
>> On Friday 05 August 2011, Kaspar Brand wrote:
>>> On 03.08.2011 19:08, William A. Rowe Jr. wrote:
>>>> My thought, it probably should be a set of commits;
>>>>
>>>>  * Drop SSLC (first patch)
>>>>  * Drop OpenSSL < 0.9.7 (second patch)
>>>>  * Drop ssl_toolkit_compat wrapper (third patch)
>>>>  * Warn on 0.9.7 and some 0.9.8 flavors (last patch)
>>>
>>> Ok, I'll try splitting it into more digestible pieces. Do you
>>> suggest committing them at the same time then, or possibly wait a
>>> few days in between (in case someone wants to build from the
>>> interim versions)?
>>
>> I don't think waiting is necessary. People can always check out an 
>> interim revision if they want.
> 
> Precisely.  This just makes it easier to follow the activity through
> svn history.

Committed as r1154683 (drop SSL-C support), r1154687 (remove
ssl_toolkit_compat layer), and r1154688 (require OpenSSL 0.9.7).

Right now, configure no longer warns about specific older OpenSSL
versions - it just checks for OPENSSL_VERSION_NUMBER >= 0x0090700f.
Keeping track of vulnerable versions would possibly require frequent
updates to acinclude.m4 (also in 2.2.x, of course), and second, I'm not
sure how many people really have a close look at the configure output.

NetWare folks: please note that I didn't touch modules/ssl/NWGNUmakefile
so far - i.e. it still allows building with the "Novell NTLS SDK" (in
theory, at least). As I'm neither familiar with the NetWare platform nor
do I have a test environment, I'd appreciate if the experts could have a
look - and patch, if needed. Thanks!

Kaspar

Mime
View raw message