You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by kb...@apache.org on 2013/04/15 17:59:05 UTC
svn commit: r1468132 - in /httpd/httpd/branches: 2.2.x/STATUS 2.4.x/STATUS
Author: kbrand
Date: Mon Apr 15 15:59:05 2013
New Revision: 1468132
URL: http://svn.apache.org/r1468132
Log:
update comment, and move proposal to stalled section for 2.2.x, too
Modified:
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.4.x/STATUS
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1468132&r1=1468131&r2=1468132&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Mon Apr 15 15:59:05 2013
@@ -129,29 +129,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
mod_ssl is not loaded, but right now it would fail.
An mmn minor bump would also be required for API addition.
- * mod_ssl: Add RFC 5878 support. This allows support of mechanisms
- such as Certificate Transparency. Note that new
- mechanisms are supported without software updates.
- trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1352596
- 2.2.x patch: http://people.apache.org/~ben/httpd-2.2-rfc5878.patch
- +1: ben, druggeri
- -1: kbrand
- druggeri note: Needs docs for new directive
- kbrand: depends on an unreleased OpenSSL version (1.0.2), and
- RFC 5878 is of "Category: Experimental". Seems premature
- to me to consider for backporting to 2.4/2.2 at this point.
- The API in the OpenSSL implementation from May 2012
- (http://cvs.openssl.org/chngview?cn=22601) only covers the
- privately-defined TLSEXT_AUTHZDATAFORMAT_audit_proof, there's
- no support for x509_attr_cert (section 3.3.1 in RFC 5878) or
- saml_assertion (3.3.2). SSL_CTX_use_authz_file doesn't have
- any docs in OpenSSL, either, and there's no "openssl foo ..."
- command or similar to create/manage such files. Trunk is
- the right place where it can grow.
- ben: not correct that it depends on OpenSSL 1.0.2, it builds with
- any version. Also, if you read my note to dev@ you will see
- why it is not premature.
-
* mod_proxy_http: Use the same hostname for SNI as for the HTTP request when
forwarding to SSL backends.
PR: 53134
@@ -381,4 +358,26 @@ PATCHES/ISSUES THAT ARE STALLED
2.2 patch: http://people.apache.org/~fuankg/diffs/httpd-2.2.x-cross_compile.diff
fuankg: on hold until we agree for a better and more simple solution ...
-
+ * mod_ssl: Add RFC 5878 support. This allows support of mechanisms
+ such as Certificate Transparency. Note that new
+ mechanisms are supported without software updates.
+ trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1352596
+ 2.2.x patch: http://people.apache.org/~ben/httpd-2.2-rfc5878.patch
+ +1: ben, druggeri
+ -1: kbrand
+ druggeri note: Needs docs for new directive
+ kbrand: depends on an unreleased OpenSSL version (1.0.2), and
+ RFC 5878 is of "Category: Experimental".
+ The API in the OpenSSL implementation from May 2012
+ (http://cvs.openssl.org/chngview?cn=22601) only covers the
+ privately-defined TLSEXT_AUTHZDATAFORMAT_audit_proof, there's
+ no support for x509_attr_cert (section 3.3.1 in RFC 5878) or
+ saml_assertion (3.3.2). SSL_CTX_use_authz_file doesn't have
+ any docs in OpenSSL, either, and there's no "openssl foo ..."
+ command or similar to create/manage such files.
+ Note: as of 2013-04-15, r1352596 has been reverted in trunk,
+ (with r1468131), for the reasons explained in the message with id
+ <51...@velox.ch> sent to the dev list on 2013-04-06.
+ ben: not correct that it depends on OpenSSL 1.0.2, it builds with
+ any version. Also, if you read my note to dev@ you will see
+ why it is not premature.
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1468132&r1=1468131&r2=1468132&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Mon Apr 15 15:59:05 2013
@@ -290,19 +290,19 @@ PATCHES/ISSUES THAT ARE STALLED
-1: kbrand
druggeri note: Needs docs for new directive
kbrand: depends on an unreleased OpenSSL version (1.0.2), and
- RFC 5878 is of "Category: Experimental". Seems premature
- to me to consider for backporting to 2.4/2.2 at this point.
+ RFC 5878 is of "Category: Experimental".
The API in the OpenSSL implementation from May 2012
(http://cvs.openssl.org/chngview?cn=22601) only covers the
privately-defined TLSEXT_AUTHZDATAFORMAT_audit_proof, there's
no support for x509_attr_cert (section 3.3.1 in RFC 5878) or
saml_assertion (3.3.2). SSL_CTX_use_authz_file doesn't have
any docs in OpenSSL, either, and there's no "openssl foo ..."
- command or similar to create/manage such files. Trunk is
- the right place where it can grow.
- Finally, httpd-2.4-rfc5878.patch includes a build-system change
- which is unrelated to this feature (see separate proposal from
- rjung below, ssl-support-uninstalled-openssl-2_4.patch).
+ command or similar to create/manage such files.
+ Additionally, httpd-2.4-rfc5878.patch includes a build-system
+ change which is unrelated to this feature.
+ Note: as of 2013-04-15, r1352596 has been reverted in trunk
+ (with r1468131), for the reasons explained in the message with id
+ <51...@velox.ch> sent to the dev list on 2013-04-06.
ben: not correct that it depends on OpenSSL 1.0.2, it builds with
any version. Also, if you read my note to dev@ you will see
why it is not premature.