Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1A5BC17397 for ; Thu, 10 Sep 2015 12:01:08 +0000 (UTC) Received: (qmail 92759 invoked by uid 500); 10 Sep 2015 12:01:07 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 92697 invoked by uid 500); 10 Sep 2015 12:01:07 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 92687 invoked by uid 99); 10 Sep 2015 12:01:07 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Sep 2015 12:01:07 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 1B8601A0BD3 for ; Thu, 10 Sep 2015 12:01:07 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.973 X-Spam-Level: X-Spam-Status: No, score=0.973 tagged_above=-999 required=6.31 tests=[FAKE_REPLY_C=0.001, SPF_SOFTFAIL=0.972] autolearn=disabled Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id cqDDwSpwCVkh for ; Thu, 10 Sep 2015 12:01:06 +0000 (UTC) Received: from symphytum.spacehopper.org (symphytum.spacehopper.org [82.68.199.130]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with ESMTPS id 07AEB4456F for ; Thu, 10 Sep 2015 12:01:06 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by symphytum.spacehopper.org (Postfix) with ESMTP id 3nBf1s0xYwzBJJs; Thu, 10 Sep 2015 13:01:05 +0100 (BST) X-Virus-Scanned: amavisd-new at spacehopper.org Received: from symphytum.spacehopper.org ([127.0.0.1]) by localhost (symphytum.spacehopper.org [127.0.0.1]) (amavisd-new, port 10026) with LMTP id QRsSAX6D4dQ2; Thu, 10 Sep 2015 13:00:44 +0100 (BST) Received: by symphytum.spacehopper.org (Postfix, from userid 1000) id 3nBf1S5zKnzBJJv; Thu, 10 Sep 2015 13:00:44 +0100 (BST) Date: Thu, 10 Sep 2015 13:00:44 +0100 From: Stuart Henderson To: Stefan Sperling Cc: dev@httpd.apache.org Subject: Re: patch (mod_ssl/ab) to support OPENSSL_NO_SSL3 builds Message-ID: <20150910120044.GS26867@symphytum.spacehopper.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) On 2015/09/10 13:40, Stefan Sperling wrote: > On Thu, Sep 10, 2015 at 10:37:44AM +0000, Stuart Henderson wrote: > > I've opened a ticket for this already (bz 58349) but it was suggested > > that I send mail here as well. > > > > Currently httpd builds fail with libressl as SSLv3 has been disabled > > (OPENSSL_NO_SSL3); ab.c and mod_ssl unconditionally use SSLv3_method() > > functions. > > > > ab.c fails at build time, mod_ssl is slightly nastier as this isn't > > picked up until trying to start a server with ssl enabled. > > > > Thanks, > > Stuart > > Does OpenSSL use the name OPENSSL_NO_SSL3 too? > Or is this macro defined by LibreSSL only? With OpenSSL this is defined when it's built with the no-ssl3 option, it works the same as building with no-rc5, no-ssl2, etc. This patch is similar to previous patches which were added to various projects when various OS (e.g. Debian, OpenBSD) disabled ssl2 in their standard builds of OpenSSL. For LibreSSL the functions have just been removed completely, it's no longer a build option, but the effect is exactly the same as an OpenSSL build with no-ssl3.