httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gregg Smith <...@gknw.net>
Subject Re: SSLCertificateChainFile deprecation, still (was: svn commit: r1685371 - /httpd/httpd/branches/2.4.x/STATUS)
Date Mon, 15 Jun 2015 01:36:24 GMT
On 6/14/2015 6:14 PM, Gregg Smith wrote:
> On 6/14/2015 2:56 PM, Yann Ylavic wrote:
>> On Sun, Jun 14, 2015 at 1:31 PM, Gregg Smith<gls@gknw.net>  wrote:
>>> http://people.apache.org/~gsmith/proposal/sslcertificatechainfile_compromise.diff

>>>
>> I'm fine with this approach too.
>> We have to decide whether a single [warn] is acceptable or not since
>> it may still confuse startup monitors, which was a point raised in the
>> [Vote] thread.
>> I agree that the current patch proposed in STATUS is nearly the same
>> as not noticing the user since it requires -e info in the command-line
>> for anything to be visible, but I'm afraid any warning won't be
>> accepted now...
>
> It's a lose/lose situation either way. I didn't pick up on the startup 
> monitors part of the thread.
>
> We are almost back to the way it was before the warning, I guess this 
> is fine. No will know the better unless they go fishing for some other 
> problem that may arise. At the very minimum it's something at least, 
> should not make waves and i would bet everyone knows about it now 
> unless 2.4.15 is their first.

If this is their first, probably ought to remove this in httpd-ssl.conf also

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convenience.
#SSLCertificateChainFile "@rel_sysconfdir@/server-ca.crt"





Mime
View raw message