You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by William A Rowe Jr <wr...@rowe-clan.net> on 2015/06/09 17:46:32 UTC

Re: svn commit: r1684457 - /httpd/httpd/branches/2.2.x/STATUS

I don't entirely understand the patch CHANGES, however...

On Tue, Jun 9, 2015 at 10:41 AM, <wr...@apache.org> wrote:

>  PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
>    [ start all new proposals below, under PATCHES PROPOSED. ]
>
>     * mod_ssl: bring SNI behavior into better conformance with RFC 6066
>       (also addresses PR 56241)
>       trunk patch: https://svn.apache.org/r1585090
>                    (partial, w/o startup warnings changes)
>       2.4.x patch: https://svn.apache.org/r1588424
>                    (backported to 2.4.10)
>       2.2.x patch:
> http://people.apache.org/~ylavic/httpd-2.2.x-no_sni_warning.patch
> +     +1: ylavic, jorton, wrowe
>

The patch claims both adjusting alerts and changing startup behavior...

--- CHANGES	(revision 1684331)
+++ CHANGES	(working copy)
@@ -1,6 +1,11 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.30

+  *) mod_ssl: bring SNI behavior into better conformance with RFC 6066:
+     no longer send warning-level unrecognized_name(112) alerts,
+     and limit startup warnings to cases where an OpenSSL version
+     without TLS extension support is used. PR 56241. [Kaspar Brand]
+
   *) http: Make ap_die() robust against any HTTP error code and not modify
      response status (finally logged) when nothing is to be done.
[Yann Ylavic]


But the patch contains only the first change to code.

@@ -1962,7 +1962,21 @@ int ssl_callback_ServerNameIndication(SSL *ssl, in
                               "No matching SSL virtual host for servername "
                               "%s found (using default/first virtual host)",
                               servername);
-                return SSL_TLSEXT_ERR_ALERT_WARNING;



Everything else is commentary.  When you backport, Yann, would you correct
the message?

Re: svn commit: r1684457 - /httpd/httpd/branches/2.2.x/STATUS

Posted by Yann Ylavic <yl...@gmail.com>.

On Tue, Jun 9, 2015 at 5:46 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote:
> I don't entirely understand the patch CHANGES, however...
>
> On Tue, Jun 9, 2015 at 10:41 AM, <wr...@apache.org> wrote:
>>
>>  PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
>>    [ start all new proposals below, under PATCHES PROPOSED. ]
>>
>>     * mod_ssl: bring SNI behavior into better conformance with RFC 6066
>>       (also addresses PR 56241)
>>       trunk patch: https://svn.apache.org/r1585090
>>                    (partial, w/o startup warnings changes)
>>       2.4.x patch: https://svn.apache.org/r1588424
>>                    (backported to 2.4.10)
>>       2.2.x patch:
>> http://people.apache.org/~ylavic/httpd-2.2.x-no_sni_warning.patch
>> +     +1: ylavic, jorton, wrowe
>
>
> The patch claims both adjusting alerts and changing startup behavior...

The CHANGES entry is, but not the patch (and STATUS entry), as per:

>>       trunk patch: https://svn.apache.org/r1585090
>>                    (partial, w/o startup warnings changes)

above.

>
> Everything else is commentary.  When you backport, Yann, would you correct
> the message?

Done in r1684462.
Thanks for noticing.