You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Steffen <in...@apachelounge.com> on 2018/01/05 21:26:22 UTC

mod_ssl versions (for mod_md)

Today icing made an other change to mod_ssl in the 2.4.x-mod_md branch 
and yesterday in 2.4.x branch.

When I am not wrong,  we have now 4 different versions of mod_ssl:

2.4.x-mod_md branch
2.4.x
git v5 patch
trunk

What is the one we have to test for next 2.4.30, special mod_md 1.1.8

Re: mod_ssl versions (for mod_md)

Posted by Gregg Smith <gl...@gknw.net>.

On 1/5/2018 2:25 PM, Yann Ylavic wrote:
> Hi Steffen,
> 
> On Fri, Jan 5, 2018 at 10:26 PM, Steffen <in...@apachelounge.com> wrote:
>>
>> What is the one we have to test for next 2.4.30, special mod_md 1.1.8
> 
> I have just synchonized the 2.4.x-mod_md branch with 2.4.x (resolving
> only a tiny conflict in a comment).
> So they should be exactly the same (mod_ssl included), except for the
> pure mod_md changes, thus you should use the 2.4.x-mod_md branch I
> guess.
> 
> Attached is the diff between the two branches' mod_ssl (svn diff -x-p
--- httpd/httpd/branches/2.4.x-mod_md/modules/ssl/ssl_engine_init.c 
2018/01/05 15:34:15	1820314
+++ httpd/httpd/branches/2.4.x-mod_md/modules/ssl/ssl_engine_init.c 
2018/01/05 22:04:52	1820360
@@ -32,6 +32,22 @@
  #include "mpm_common.h"
  #include "mod_md.h"

+/* Use the header, once mod_md is backported. break the dependency loop 
for now. */
+#define MOD_MD_BACKPORTED   0

#define MOD_MD_BACKPORTED   1
This branch does have MOD_MD_BACKPORTED after all.

+#if MOD_MD_BACKPORTED
+#include "mod_md.h"
+#else
+APR_DECLARE_OPTIONAL_FN(int,
+                        md_is_managed, (struct server_rec *));
+APR_DECLARE_OPTIONAL_FN(apr_status_t,
+                        md_get_certificate, (struct server_rec *, 
apr_pool_t *,
+                                             const char **pkeyfile,
+                                             const char **pcertfile));
+APR_DECLARE_OPTIONAL_FN(int,
+                        md_is_challenge, (struct conn_rec *, const char *,
+                                          X509 **pcert, EVP_PKEY **pkey));
+#endif
+
  APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, init_server,
                                      (server_rec *s,apr_pool_t *p,int 
is_proxy,SSL_CTX *ctx),
                                      (s,p,is_proxy,ctx), OK, DECLINED)> 
Regards,
> Yann.
> 
Regards,

Gregg

Re: mod_ssl versions (for mod_md)

Posted by Yann Ylavic <yl...@gmail.com>.

Hi Steffen,

On Fri, Jan 5, 2018 at 10:26 PM, Steffen <in...@apachelounge.com> wrote:
>
> What is the one we have to test for next 2.4.30, special mod_md 1.1.8

I have just synchonized the 2.4.x-mod_md branch with 2.4.x (resolving
only a tiny conflict in a comment).
So they should be exactly the same (mod_ssl included), except for the
pure mod_md changes, thus you should use the 2.4.x-mod_md branch I
guess.

Attached is the diff between the two branches' mod_ssl (svn diff -x-p
^/httpd/httpd/branches/2.4.x/modules/ssl
^/httpd/httpd/branches/2.4.x-mod_md/modules/ssl).
Regarding the Windows build (.win, .mak, .dsp, ..., including the ones
at the root directory), the 2.4.x-mod_md branch seems also to be up to
date.

Regards,
Yann.