On 2015-06-15 03:36, Gregg Smith wrote:
> On 6/14/2015 6:14 PM, Gregg Smith wrote:
>> On 6/14/2015 2:56 PM, Yann Ylavic wrote:
>>> On Sun, Jun 14, 2015 at 1:31 PM, Gregg Smith<g...@gknw.net> wrote:
>>>> http://people.apache.org/~gsmith/proposal/sslcertificatechainfile_compromise.diff
>>> I'm fine with this approach too.
>>> We have to decide whether a single [warn] is acceptable or not since
>>> it may still confuse startup monitors, which was a point raised in the
>>> [Vote] thread.
>>> I agree that the current patch proposed in STATUS is nearly the same
>>> as not noticing the user since it requires -e info in the command-line
>>> for anything to be visible, but I'm afraid any warning won't be
>>> accepted now...
>>
>> It's a lose/lose situation either way. I didn't pick up on the startup
>> monitors part of the thread.
>>
>> We are almost back to the way it was before the warning, I guess this is
>> fine. No will know the better unless they go fishing for some other problem
>> that may arise. At the very minimum it's something at least, should not make
>> waves and i would bet everyone knows about it now unless 2.4.15 is their
>> first.
>
> If this is their first, probably ought to remove this in httpd-ssl.conf also
>
> # Server Certificate Chain:
> # Point SSLCertificateChainFile at a file containing the
> # concatenation of PEM encoded CA certificates which form the
> # certificate chain for the server certificate. Alternatively
> # the referenced file can be the same as SSLCertificateFile
> # when the CA certificates are directly appended to the server
> # certificate for convenience.
> #SSLCertificateChainFile "@rel_sysconfdir@/server-ca.crt"
>
It is a valid statement, so I think it would be better to keep it and replace
the description with something like
# This directive is deprecated, please concatenate the
# intermediate CA to the SSLCertificateFile.
#SSLCertificateChainFile "@rel_sysconfdir@/server-ca.crt"
As a side note, even I've read the Release Notes I was thankful to see my
console was trashed with the deprecation warning ;)
What I miss is a section on httpd.apache.org/docs/2.4/ with a link list what
has changed since which release.
For example there are section "New features with Apache .." and "Upgrading to
2.4 from 2.2" but no section like
Deprecated / Important changes between 2.4.x and 2.4.y
- mod_cgi: use of the magic mime-type is deprecated
- mod_ssl: SSLCertificateChainFile is deprecated
SSLRequire is deprecated
- mod_ldap: (ldaps://) support has been deprecated to be replaced with TLS
- mod_access_compat: deprecated by the new authz refactoring
- ...
I'm really not a good technical writer, but if such a list is welcome I will
try to do my best to send a patch
