httpd was patched for httpd -v some time ago to report both the compiled and loaded versions of apr[-util].
I'd like to get this into trunk/2.2/2.0 similarly for openssl. It's very common for users to hotfix openssl for security vulnerabilities, but the apache error log remains 'scary' to auditors and administrators... [Tue Mar 20 15:54:21 2007] [notice] Apache/2.0.59 (Unix) DAV/2 CovalentSNMP/3.0. 3 mod_jk/1.2.18 mod_ssl/2.0.59 OpenSSL/0.9.7i PHP/4.4.4 mod_perl/1.999.21 Perl/v 5.8.8 configured -- resuming normal operations [Tue Mar 20 15:59:51 2007] [info] Server: Apache/2.0.59, Interface: mod_ssl/2.0. 59, Library: OpenSSL/0.9.7i Presuming an upgrade to 0.9.7x, for example, my proposed hackery would report [Tue Mar 20 15:54:21 2007] [notice] Apache/2.0.59 (Unix) DAV/2 CovalentSNMP/3.0. 3 mod_jk/1.2.18 mod_ssl/2.0.59 OpenSSL/0.9.7x PHP/4.4.4 mod_perl/1.999.21 Perl/v 5.8.8 configured -- resuming normal operations [Tue Mar 20 15:59:51 2007] [info] mod_ssl built to Server: Apache/2.0.59, Interface: mod_ssl/2.0.59, Library: OpenSSL/0.9.7i So the informational-depth message wouldn't change, picking up any issues with the compilation. (e.g. you would see 2.0.60 compilation even if it's been loaded in 2.0.59, or 0.9.7i even though it's running with 0.9.7x.) So the major change would be to the processing of SSL_VERSION_LIBRARY for version_components, it would now report the running-library stats. A new symbol, SSL_VERSION_LIBRARY_INTERFACE would report the compiled-library tokens shown today. (LIBRARY_INTERFACE is chosen because that's what the module assumed in terms of feature set, etc, for compile-time decisions.) Of course the ssl_var_lookup and ssl_var_lookup_ssl_version both change appropriately. Before I commit anything to trunk, WDYT? Bill
