On 6/14/2015 6:14 PM, Gregg Smith wrote:
On 6/14/2015 2:56 PM, Yann Ylavic wrote:
On Sun, Jun 14, 2015 at 1:31 PM, Gregg Smith<g...@gknw.net> wrote:
http://people.apache.org/~gsmith/proposal/sslcertificatechainfile_compromise.diff
I'm fine with this approach too.
We have to decide whether a single [warn] is acceptable or not since
it may still confuse startup monitors, which was a point raised in the
[Vote] thread.
I agree that the current patch proposed in STATUS is nearly the same
as not noticing the user since it requires -e info in the command-line
for anything to be visible, but I'm afraid any warning won't be
accepted now...
It's a lose/lose situation either way. I didn't pick up on the startup
monitors part of the thread.
We are almost back to the way it was before the warning, I guess this
is fine. No will know the better unless they go fishing for some other
problem that may arise. At the very minimum it's something at least,
should not make waves and i would bet everyone knows about it now
unless 2.4.15 is their first.
If this is their first, probably ought to remove this in httpd-ssl.conf also
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convenience.
#SSLCertificateChainFile "@rel_sysconfdir@/server-ca.crt"
