Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C21741777D for ; Mon, 15 Jun 2015 13:13:49 +0000 (UTC) Received: (qmail 10904 invoked by uid 500); 15 Jun 2015 13:13:49 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 10835 invoked by uid 500); 15 Jun 2015 13:13:49 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 10824 invoked by uid 99); 15 Jun 2015 13:13:49 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Jun 2015 13:13:49 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of covener@gmail.com designates 209.85.213.46 as permitted sender) Received: from [209.85.213.46] (HELO mail-yh0-f46.google.com) (209.85.213.46) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Jun 2015 13:11:35 +0000 Received: by yhpn97 with SMTP id n97so42091669yhp.0 for ; Mon, 15 Jun 2015 06:12:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-type; bh=EIM3o619h8OEe6SyxrzQdVWK5L9go8SlPOC/LvrThkM=; b=e+7HetNsZsyLPawrCYubccrrY9AKi9U6+Bd98ryWB4xzOIXX2J52OPkJwhtgXWgLAN RVKnbe2ewZs+Km2F9akXPVuJL1yZf3+YX+MmaHPtK8ufI46t0XDtE25Gop2SFSg5Lj1X dyMPKm3ae3+vUjk5RFw/Gh5tsR4W8I2YLLdmckmU3/BsAUMhOoJ+l4D8Wd9e4uQaO8dj Ug+MLicIS9zEDV8VbXDY2wedJPI1uix60TKydAMhcURnJ2emRjD9cESgv9aCrzAjlh11 q9dgg0mZUDmns2KBIWw2coSxf4T17dO4+a8J0Sa7dgXeMAiYwaAiFtGRS04c+Msn6BQc meHQ== X-Received: by 10.129.148.4 with SMTP id l4mr34724903ywg.142.1434373957826; Mon, 15 Jun 2015 06:12:37 -0700 (PDT) MIME-Version: 1.0 References: <557D661F.6040301@gknw.net> <4DBB2A09-70ED-4719-9C98-B5CFCD660BD3@jaguNET.com> In-Reply-To: <4DBB2A09-70ED-4719-9C98-B5CFCD660BD3@jaguNET.com> From: Eric Covener Date: Mon, 15 Jun 2015 13:12:27 +0000 Message-ID: Subject: Re: SSLCertificateChainFile deprecation, still To: dev@httpd.apache.org Content-Type: multipart/alternative; boundary=94eb2c07ea283b3c2b05188e3671 X-Virus-Checked: Checked by ClamAV on apache.org --94eb2c07ea283b3c2b05188e3671 Content-Type: text/plain; charset=UTF-8 Anyone else inclined to just remove the message? It's a deprecation that didn't happen on a release boundary. AFAICT there's no reason to change how you run your server unless you use two different cert chains and then you'd find the info in the manual. On Mon, Jun 15, 2015 at 8:57 AM Jim Jagielski wrote: > Well, we have time now to Do This Right in 2.4.15, so.... > > > On Jun 14, 2015, at 9:43 PM, Noel Butler wrote: > > > > On 15/06/2015 07:56, Yann Ylavic wrote: > > > >> On Sun, Jun 14, 2015 at 1:31 PM, Gregg Smith wrote: > >>> > >>> > http://people.apache.org/~gsmith/proposal/sslcertificatechainfile_compromise.diff > >> > >> I'm fine with this approach too. > >> We have to decide whether a single [warn] is acceptable or not since > >> it may still confuse startup monitors, which was a point raised in the > >> [Vote] thread. > >> I agree that the current patch proposed in STATUS is nearly the same > >> as not noticing the user since it requires -e info in the command-line > >> for anything to be visible, but I'm afraid any warning won't be > >> accepted now... > > > > A Single warn to LOG is good, perhaps even a single warn to console on > daemon START only - and only if this means it does NOT appear in any > reloads or ever again until the server is stop/started, if it does, abandon > the idea. > > > > Not sure if the single console warn on START will affect cpanel, I don't > think it would since it likely part of system startup and no scripting > would be looking for any output, Jacob might want to chime in on that one > though. > > > > > > --94eb2c07ea283b3c2b05188e3671 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Anyone else inclined to just remove the message? It's = a deprecation that didn't happen on a release boundary. AFAICT there= 9;s no reason to change how you run your server unless you use two differen= t cert chains and then you'd find the info in the manual.

=
On Mon, Jun 15, 2015 at 8:57 AM= Jim Jagielski <jim@jagunet.com&g= t; wrote:
Well, we have time now to= Do This Right in 2.4.15, so....

> On Jun 14, 2015, at 9:43 PM, Noel Butler <noel.butler@ausics.net> wrote: >
> On 15/06/2015 07:56, Yann Ylavic wrote:
>
>> On Sun, Jun 14, 2015 at 1:31 PM, Gregg Smith <gls@gknw.net> wrote:
>>>
>>> http:/= /people.apache.org/~gsmith/proposal/sslcertificatechainfile_compromise.diff=
>>
>> I'm fine with this approach too.
>> We have to decide whether a single [warn] is acceptable or not sin= ce
>> it may still confuse startup monitors, which was a point raised in= the
>> [Vote] thread.
>> I agree that the current patch proposed in STATUS is nearly the sa= me
>> as not noticing the user since it requires -e info in the command-= line
>> for anything to be visible, but I'm afraid any warning won'= ;t be
>> accepted now...
>
> A Single warn to LOG is good, perhaps even a single warn to console on= daemon START only - and only if this means it does NOT appear in any reloa= ds or ever again until the server is stop/started, if it does, abandon the = idea.
>
> Not sure if the single console warn on START will affect cpanel, I don= 't think it would since it likely part of system startup and no scripti= ng would be looking for any output, Jacob might want to chime in on that on= e though.
>
>

--94eb2c07ea283b3c2b05188e3671--