You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Roy T. Fielding" <fi...@ebuilt.com> on 2001/06/01 23:24:26 UTC
Re: [PATCH] TLS cleanup
> So now all the user needs to specify is --enable-tls, and only --with-ssl=dir
> if configure cannot find the SSL toolkit.
That's a reasonable theory, but note that the existing tls check allows
more options than the openssl check. I think we need to head in this
direction but replace the existing "search for openssl" code with a
simpler AC_TRY_LINK check that was specific to the minimum SSL library
needed to compile those modules.
....Roy
Re: [PATCH] TLS cleanup
Posted by Ben Laurie <be...@algroup.co.uk>.
"Roy T. Fielding" wrote:
>
> On Sun, Jun 03, 2001 at 11:01:01PM -0700, Ryan Morgan wrote:
> > On Fri, Jun 01, 2001 at 02:24:26PM -0700, Roy T. Fielding wrote:
> > > > So now all the user needs to specify is --enable-tls, and only --with-ssl=dir
> > > > if configure cannot find the SSL toolkit.
> > >
> > > That's a reasonable theory, but note that the existing tls check allows
> > > more options than the openssl check. I think we need to head in this
> > > direction but replace the existing "search for openssl" code with a
> > > simpler AC_TRY_LINK check that was specific to the minimum SSL library
> > > needed to compile those modules.
> >
> > Yep, an all-in-one check is what is needed, although mod_tls only works
> > with OpenSSL at the moment. (Correct me if I'm wrong)
> >
> > The reason I submitted the patch is because the current checks for OpenSSL
> > are incorrect. $SSLDIR/include/openssl is added to INCLUDES causing the
> > compile to break when trying to include "openssl/ssl.h".
> >
> > I just figured it would be easier to move over to the CHECK_SSL_TOOLKIT
> > macro than try to maintain two checks that should do the same thing.
>
> No question about that -- it is what I said in the commitlog when I
> created that macro. The point is that we have to get Ben Laurie to
> check if the macro is sufficient for mod_tls, as it was specifically
> written for the very latest version of openssl (I do not know why
> mod_ssl depends on that version) and I only tested it with mod_ssl.
The latest version of OpenSSL is pretty much a requirement for security
reasons, which is why...
> I would prefer a real autoconf macro that actually checks for the
> feature needed by our use of SSL.
...is not really the way to go (at least at this point).
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
Re: [PATCH] TLS cleanup
Posted by "Roy T. Fielding" <fi...@ebuilt.com>.
On Sun, Jun 03, 2001 at 11:01:01PM -0700, Ryan Morgan wrote:
> On Fri, Jun 01, 2001 at 02:24:26PM -0700, Roy T. Fielding wrote:
> > > So now all the user needs to specify is --enable-tls, and only --with-ssl=dir
> > > if configure cannot find the SSL toolkit.
> >
> > That's a reasonable theory, but note that the existing tls check allows
> > more options than the openssl check. I think we need to head in this
> > direction but replace the existing "search for openssl" code with a
> > simpler AC_TRY_LINK check that was specific to the minimum SSL library
> > needed to compile those modules.
>
> Yep, an all-in-one check is what is needed, although mod_tls only works
> with OpenSSL at the moment. (Correct me if I'm wrong)
>
> The reason I submitted the patch is because the current checks for OpenSSL
> are incorrect. $SSLDIR/include/openssl is added to INCLUDES causing the
> compile to break when trying to include "openssl/ssl.h".
>
> I just figured it would be easier to move over to the CHECK_SSL_TOOLKIT
> macro than try to maintain two checks that should do the same thing.
No question about that -- it is what I said in the commitlog when I
created that macro. The point is that we have to get Ben Laurie to
check if the macro is sufficient for mod_tls, as it was specifically
written for the very latest version of openssl (I do not know why
mod_ssl depends on that version) and I only tested it with mod_ssl.
I would prefer a real autoconf macro that actually checks for the
feature needed by our use of SSL.
....Roy
Re: [PATCH] TLS cleanup
Posted by Ryan Morgan <rm...@covalent.net>.
On Fri, Jun 01, 2001 at 02:24:26PM -0700, Roy T. Fielding wrote:
> > So now all the user needs to specify is --enable-tls, and only --with-ssl=dir
> > if configure cannot find the SSL toolkit.
>
> That's a reasonable theory, but note that the existing tls check allows
> more options than the openssl check. I think we need to head in this
> direction but replace the existing "search for openssl" code with a
> simpler AC_TRY_LINK check that was specific to the minimum SSL library
> needed to compile those modules.
>
Yep, an all-in-one check is what is needed, although mod_tls only works
with OpenSSL at the moment. (Correct me if I'm wrong)
The reason I submitted the patch is because the current checks for OpenSSL
are incorrect. $SSLDIR/include/openssl is added to INCLUDES causing the
compile to break when trying to include "openssl/ssl.h".
I just figured it would be easier to move over to the CHECK_SSL_TOOLKIT
macro than try to maintain two checks that should do the same thing.
-Ryan