You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@httpd.apache.org by GitBox <gi...@apache.org> on 2021/07/26 11:27:19 UTC

[GitHub] [httpd] notroj opened a new pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl

notroj opened a new pull request #258:
URL: https://github.com/apache/httpd/pull/258


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org

[GitHub] [httpd] sergiodj commented on pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl

Posted by GitBox <gi...@apache.org>.

sergiodj commented on pull request #258:
URL: https://github.com/apache/httpd/pull/258#issuecomment-980438771


   Hi @notroj,
   
   We're starting our transition to OpenSSL 3 in Ubuntu and apache2 is one of the affected packages due to mod_ssl's incompatibility.  I've been monitoring the situation here to check what's going to happen with this PR, but decided to ping you directly and check if there are any news regarding it, specifically when considering the possible regression you mentioned above.
   
   For what's worth, I backported this set of patches to our current apache2 package in Ubuntu and was able to verify that they build fine with OpenSSL 3.  We have some automated tests (autopkgtests) for the package, and they seem to succeed as well.
   
   Thanks.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org

[GitHub] [httpd] notroj commented on pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl

Posted by GitBox <gi...@apache.org>.

notroj commented on pull request #258:
URL: https://github.com/apache/httpd/pull/258#issuecomment-991031191


   I found one more bug when testing a debug build.  I will fix that too and then propose the backport.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org

[GitHub] [httpd] notroj commented on pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl

Posted by GitBox <gi...@apache.org>.

notroj commented on pull request #258:
URL: https://github.com/apache/httpd/pull/258#issuecomment-925710412


   One behaviour change (regression?) has been reported from testing this in Fedora.
   
   With r1890067 (9eb262fb1a1957433c4bc072c292a36e3e6fe683) enabling the OpenSSL auto-DH-parameter selection *overrides* user-supplied DH parameters which are now ignored.  This is not necessary for OpenSSL 1.1 (which that patch affects) and is only removing a "deprecated" function so not strictly necessary for 3.0 either.  Need to ponder this one.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org

[GitHub] [httpd] minfrin commented on pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl

Posted by GitBox <gi...@apache.org>.

minfrin commented on pull request #258:
URL: https://github.com/apache/httpd/pull/258#issuecomment-992321305


   Backported to v2.4.52 as follows:
   
   ```
     *) mod_ssl: Updates to support OpenSSL 3.x
        trunk patch: https://svn.apache.org/r1519264
                     https://svn.apache.org/r1737657
                     https://svn.apache.org/r1876934
                     https://svn.apache.org/r1876936
                     https://svn.apache.org/r1876938
                     https://svn.apache.org/r1890067
                     https://svn.apache.org/r1890076
                     https://svn.apache.org/r1891138
                     https://svn.apache.org/r1893876
                     https://svn.apache.org/r1893964
                     https://svn.apache.org/r1894716
                     https://svn.apache.org/r1895774
        backport PR: https://github.com/apache/httpd/pull/258
        2.4.x patch: https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/258.patch
                     or https://people.apache.org/~jorton/mod_ssl-openssl3.patch
        +1: jorton, minfrin, ylavic
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org

[GitHub] [httpd] rpluem edited a comment on pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl

Posted by GitBox <gi...@apache.org>.

rpluem edited a comment on pull request #258:
URL: https://github.com/apache/httpd/pull/258#issuecomment-988839413


   > One behaviour change (regression?) has been reported from testing this in Fedora.
   > 
   > With r1890067 ([9eb262f](https://github.com/apache/httpd/commit/9eb262fb1a1957433c4bc072c292a36e3e6fe683)) enabling the OpenSSL auto-DH-parameter selection _overrides_ user-supplied DH parameters which are now ignored. This is not necessary for OpenSSL 1.1 (which that patch affects) and is only removing a "deprecated" function so not strictly necessary for 3.0 either. Need to ponder this one.
   
   Any update on this? Is this fixed by r1893876 (dd5f2cc3dfffafd8c26db4d7bb9571085aed050a) and r1893964 (e77dffef9aa80fa1a7f90b49214dccc3ce957c51) on trunk? Would you propose to merge this to 2.4.x if these two revisions are added?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org

[GitHub] [httpd] rpluem commented on pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl

Posted by GitBox <gi...@apache.org>.

rpluem commented on pull request #258:
URL: https://github.com/apache/httpd/pull/258#issuecomment-988839413


   > One behaviour change (regression?) has been reported from testing this in Fedora.
   > 
   > With r1890067 ([9eb262f](https://github.com/apache/httpd/commit/9eb262fb1a1957433c4bc072c292a36e3e6fe683)) enabling the OpenSSL auto-DH-parameter selection _overrides_ user-supplied DH parameters which are now ignored. This is not necessary for OpenSSL 1.1 (which that patch affects) and is only removing a "deprecated" function so not strictly necessary for 3.0 either. Need to ponder this one.
   
   Any update on this? Is this fixed by r1893876 (dd5f2cc3dfffafd8c26db4d7bb9571085aed050a) and r1893964 (e77dffef9aa80fa1a7f90b49214dccc3ce957c51) on trunk. Would you propose to merge this to 2.4.x if these two revisions are added?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org

[GitHub] [httpd] ylavic commented on pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl

Posted by GitBox <gi...@apache.org>.

ylavic commented on pull request #258:
URL: https://github.com/apache/httpd/pull/258#issuecomment-995717866


   Merged in r1895868 (769bc2137ac4d146fd6e632688d4afec6658755c).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org

[GitHub] [httpd] ylavic closed pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl

Posted by GitBox <gi...@apache.org>.

ylavic closed pull request #258:
URL: https://github.com/apache/httpd/pull/258


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org