On 02.08.2011 22:39, William A. Rowe Jr. wrote: > On 7/31/2011 4:17 AM, Kaspar Brand wrote: >>> - drop support for OpenSSL < 0.9.7a >>> - drop support for non-OpenSSL/derivatives of OpenSSL >> >> Ok, then my next step is working on a patch which takes care of these >> two points, I guess. > > +1
Ok, so the initial version of that patch became relatively large: https://people.apache.org/~kbrand/mod_ssl-toolkit-support.v1.diff Even though trunk is CTR, I'm somewhat reluctant with simply going ahead and would appreciate if people could comment on this approach (e.g. if it's fine or splitting up would be preferred, etc.). In theory, the changes could be limited to the autoconf stuff - i.e., guard against OpenSSL < 0.9.7 and not detect BSAFE SSL-C any longer in configure, and leave the mod_ssl code as is, mostly. I don't think that's what we want, however, so I tried to get rid of as much of the macro cruft as possible (drop ssl_toolkit_compat.h, remove obsolete ifdef'ed code and so on). I successfully compiled trunk with the above patch against the following OpenSSL versions (w/o warnings): 0.9.7, 0.9.8, 1.0.0d (NB: by 0.9.7, I'm referring to the initial release in that series, not the 0.9.7a patch release). Finally, I also ran the t/ssl tests against the three versions with these OpenSSL releases, and all of them passed. Thanks for commenting on / reviewing the current patch version. Kaspar