You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by William A Rowe Jr <wr...@rowe-clan.net> on 2015/06/09 17:46:32 UTC
Re: svn commit: r1684457 - /httpd/httpd/branches/2.2.x/STATUS
I don't entirely understand the patch CHANGES, however...
On Tue, Jun 9, 2015 at 10:41 AM, <wr...@apache.org> wrote:
> PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
> [ start all new proposals below, under PATCHES PROPOSED. ]
>
> * mod_ssl: bring SNI behavior into better conformance with RFC 6066
> (also addresses PR 56241)
> trunk patch: https://svn.apache.org/r1585090
> (partial, w/o startup warnings changes)
> 2.4.x patch: https://svn.apache.org/r1588424
> (backported to 2.4.10)
> 2.2.x patch:
> http://people.apache.org/~ylavic/httpd-2.2.x-no_sni_warning.patch
> + +1: ylavic, jorton, wrowe
>
The patch claims both adjusting alerts and changing startup behavior...
--- CHANGES (revision 1684331)
+++ CHANGES (working copy)
@@ -1,6 +1,11 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.30
+ *) mod_ssl: bring SNI behavior into better conformance with RFC 6066:
+ no longer send warning-level unrecognized_name(112) alerts,
+ and limit startup warnings to cases where an OpenSSL version
+ without TLS extension support is used. PR 56241. [Kaspar Brand]
+
*) http: Make ap_die() robust against any HTTP error code and not modify
response status (finally logged) when nothing is to be done.
[Yann Ylavic]
But the patch contains only the first change to code.
@@ -1962,7 +1962,21 @@ int ssl_callback_ServerNameIndication(SSL *ssl, in
"No matching SSL virtual host for servername "
"%s found (using default/first virtual host)",
servername);
- return SSL_TLSEXT_ERR_ALERT_WARNING;
Everything else is commentary. When you backport, Yann, would you correct
the message?
Re: svn commit: r1684457 - /httpd/httpd/branches/2.2.x/STATUS
Posted by Yann Ylavic <yl...@gmail.com>.
On Tue, Jun 9, 2015 at 5:46 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote:
> I don't entirely understand the patch CHANGES, however...
>
> On Tue, Jun 9, 2015 at 10:41 AM, <wr...@apache.org> wrote:
>>
>> PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
>> [ start all new proposals below, under PATCHES PROPOSED. ]
>>
>> * mod_ssl: bring SNI behavior into better conformance with RFC 6066
>> (also addresses PR 56241)
>> trunk patch: https://svn.apache.org/r1585090
>> (partial, w/o startup warnings changes)
>> 2.4.x patch: https://svn.apache.org/r1588424
>> (backported to 2.4.10)
>> 2.2.x patch:
>> http://people.apache.org/~ylavic/httpd-2.2.x-no_sni_warning.patch
>> + +1: ylavic, jorton, wrowe
>
>
> The patch claims both adjusting alerts and changing startup behavior...
The CHANGES entry is, but not the patch (and STATUS entry), as per:
>> trunk patch: https://svn.apache.org/r1585090
>> (partial, w/o startup warnings changes)
above.
>
> Everything else is commentary. When you backport, Yann, would you correct
> the message?
Done in r1684462.
Thanks for noticing.