You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@httpd.apache.org by GitBox <gi...@apache.org> on 2021/07/26 11:27:19 UTC
[GitHub] [httpd] notroj opened a new pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl
notroj opened a new pull request #258:
URL: https://github.com/apache/httpd/pull/258
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org
[GitHub] [httpd] sergiodj commented on pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl
Posted by GitBox <gi...@apache.org>.
sergiodj commented on pull request #258:
URL: https://github.com/apache/httpd/pull/258#issuecomment-980438771
Hi @notroj,
We're starting our transition to OpenSSL 3 in Ubuntu and apache2 is one of the affected packages due to mod_ssl's incompatibility. I've been monitoring the situation here to check what's going to happen with this PR, but decided to ping you directly and check if there are any news regarding it, specifically when considering the possible regression you mentioned above.
For what's worth, I backported this set of patches to our current apache2 package in Ubuntu and was able to verify that they build fine with OpenSSL 3. We have some automated tests (autopkgtests) for the package, and they seem to succeed as well.
Thanks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org
[GitHub] [httpd] notroj commented on pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl
Posted by GitBox <gi...@apache.org>.
notroj commented on pull request #258:
URL: https://github.com/apache/httpd/pull/258#issuecomment-991031191
I found one more bug when testing a debug build. I will fix that too and then propose the backport.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org
[GitHub] [httpd] notroj commented on pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl
Posted by GitBox <gi...@apache.org>.
notroj commented on pull request #258:
URL: https://github.com/apache/httpd/pull/258#issuecomment-925710412
One behaviour change (regression?) has been reported from testing this in Fedora.
With r1890067 (9eb262fb1a1957433c4bc072c292a36e3e6fe683) enabling the OpenSSL auto-DH-parameter selection *overrides* user-supplied DH parameters which are now ignored. This is not necessary for OpenSSL 1.1 (which that patch affects) and is only removing a "deprecated" function so not strictly necessary for 3.0 either. Need to ponder this one.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org
[GitHub] [httpd] minfrin commented on pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl
Posted by GitBox <gi...@apache.org>.
minfrin commented on pull request #258:
URL: https://github.com/apache/httpd/pull/258#issuecomment-992321305
Backported to v2.4.52 as follows:
```
*) mod_ssl: Updates to support OpenSSL 3.x
trunk patch: https://svn.apache.org/r1519264
https://svn.apache.org/r1737657
https://svn.apache.org/r1876934
https://svn.apache.org/r1876936
https://svn.apache.org/r1876938
https://svn.apache.org/r1890067
https://svn.apache.org/r1890076
https://svn.apache.org/r1891138
https://svn.apache.org/r1893876
https://svn.apache.org/r1893964
https://svn.apache.org/r1894716
https://svn.apache.org/r1895774
backport PR: https://github.com/apache/httpd/pull/258
2.4.x patch: https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/258.patch
or https://people.apache.org/~jorton/mod_ssl-openssl3.patch
+1: jorton, minfrin, ylavic
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org
[GitHub] [httpd] rpluem edited a comment on pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl
Posted by GitBox <gi...@apache.org>.
rpluem edited a comment on pull request #258:
URL: https://github.com/apache/httpd/pull/258#issuecomment-988839413
> One behaviour change (regression?) has been reported from testing this in Fedora.
>
> With r1890067 ([9eb262f](https://github.com/apache/httpd/commit/9eb262fb1a1957433c4bc072c292a36e3e6fe683)) enabling the OpenSSL auto-DH-parameter selection _overrides_ user-supplied DH parameters which are now ignored. This is not necessary for OpenSSL 1.1 (which that patch affects) and is only removing a "deprecated" function so not strictly necessary for 3.0 either. Need to ponder this one.
Any update on this? Is this fixed by r1893876 (dd5f2cc3dfffafd8c26db4d7bb9571085aed050a) and r1893964 (e77dffef9aa80fa1a7f90b49214dccc3ce957c51) on trunk? Would you propose to merge this to 2.4.x if these two revisions are added?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org
[GitHub] [httpd] rpluem commented on pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl
Posted by GitBox <gi...@apache.org>.
rpluem commented on pull request #258:
URL: https://github.com/apache/httpd/pull/258#issuecomment-988839413
> One behaviour change (regression?) has been reported from testing this in Fedora.
>
> With r1890067 ([9eb262f](https://github.com/apache/httpd/commit/9eb262fb1a1957433c4bc072c292a36e3e6fe683)) enabling the OpenSSL auto-DH-parameter selection _overrides_ user-supplied DH parameters which are now ignored. This is not necessary for OpenSSL 1.1 (which that patch affects) and is only removing a "deprecated" function so not strictly necessary for 3.0 either. Need to ponder this one.
Any update on this? Is this fixed by r1893876 (dd5f2cc3dfffafd8c26db4d7bb9571085aed050a) and r1893964 (e77dffef9aa80fa1a7f90b49214dccc3ce957c51) on trunk. Would you propose to merge this to 2.4.x if these two revisions are added?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org
[GitHub] [httpd] ylavic commented on pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl
Posted by GitBox <gi...@apache.org>.
ylavic commented on pull request #258:
URL: https://github.com/apache/httpd/pull/258#issuecomment-995717866
Merged in r1895868 (769bc2137ac4d146fd6e632688d4afec6658755c).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org
[GitHub] [httpd] ylavic closed pull request #258: 2.4.x: OpenSSL 3.0 compatibility fixes for mod_ssl
Posted by GitBox <gi...@apache.org>.
ylavic closed pull request #258:
URL: https://github.com/apache/httpd/pull/258
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org