httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <>
Subject DER encoded cert no longer supported in 2.4 since 2.4.8
Date Thu, 03 Dec 2015 17:49:01 GMT
I did a 2.2 to 2.4 migration today. The old 2.2 server was using a 
certificate file, which was DER encoded and the new 2.4 one didn't like it.

It seems support for DER encoded certs was removed in 2.4.8 as a side 
effect of r1573360 (bckport of r1553824). The certificate in 2.2 is read 
using SSL_read_X509() which tries PEM but also DER. After the change, 
the OpenSSL API SSL_read_X509() is used, which only accepts PEM.

Is that problem analysis right? If so we'd need to decide, whether we 
keep it as is (no one complained, so DER seems to be rare) and simply 
document the change in the changelog and migration guide, or whether we 
still need to support DER encoded certs.

IMHO documenting the change would be enough.



View raw message