I see 'ocsp' in both lists, and 2>&1 redirects stderr to stdout unambiguously, resulting in correct evaluation of the `openssl list 2>&1` ~! /ocsp/ match.
I will proceed with your veto to remove my " 2>&1" addition, restoring the original test by jorton, if you would like, and leave this file to others willing to solve it for the entire developer community and to conduct themselves appropriately, and we can take our hands off this file. Or you may rescind your veto if this passes your evaluation. His test did not necessarily pass the stderr results for regex evaluation, leaving this compatible with OpenSSL 1.1.0+ only. You can use perl -e 'print "nope\n" if (`openssl list -help 2>&1` !~ /ocsp/);' to evaluate my logic, and repeat while omitting the 2>&1 redirection to evaluate jorton's original logic. On Mon, Oct 15, 2018 at 10:07 AM Jim Jagielski <j...@jagunet.com> wrote: > -1 (veto) > > Please revert. 'list' is NOT a command and this causes OCSP to be skipped. > > % openssl version > OpenSSL 1.0.2p 14 Aug 2018 > % openssl list -commands > openssl:Error: 'list' is an invalid command. > > Standard commands > asn1parse ca ciphers cms > crl crl2pkcs7 dgst dh > dhparam dsa dsaparam ec > ecparam enc engine errstr > gendh gendsa genpkey genrsa > nseq ocsp passwd pkcs12 > pkcs7 pkcs8 pkey pkeyparam > pkeyutl prime rand req > rsa rsautl s_client s_server > s_time sess_id smime speed > spkac srp ts verify > version x509 > > Message Digest commands (see the `dgst' command for more details) > md4 md5 mdc2 rmd160 > sha sha1 > > Cipher commands (see the `enc' command for more details) > aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb > aes-256-cbc aes-256-ecb base64 bf > bf-cbc bf-cfb bf-ecb bf-ofb > camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb > camellia-256-cbc camellia-256-ecb cast cast-cbc > cast5-cbc cast5-cfb cast5-ecb cast5-ofb > des des-cbc des-cfb des-ecb > des-ede des-ede-cbc des-ede-cfb des-ede-ofb > des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb > des-ofb des3 desx idea > idea-cbc idea-cfb idea-ecb idea-ofb > rc2 rc2-40-cbc rc2-64-cbc rc2-cbc > rc2-cfb rc2-ecb rc2-ofb rc4 > rc4-40 seed seed-cbc seed-cfb > seed-ecb seed-ofb zlib > > > % openssl version > OpenSSL 1.0.1e-fips 11 Feb 2013 > % openssl list -commands > openssl:Error: 'list' is an invalid command. > > Standard commands > asn1parse ca ciphers cms > crl crl2pkcs7 dgst dh > dhparam dsa dsaparam ec > ecparam enc engine errstr > gendh gendsa genpkey genrsa > nseq ocsp passwd pkcs12 > pkcs7 pkcs8 pkey pkeyparam > pkeyutl prime rand req > rsa rsautl s_client s_server > s_time sess_id smime speed > spkac ts verify version > x509 > > Message Digest commands (see the `dgst' command for more details) > md2 md4 md5 rmd160 > sha sha1 > > Cipher commands (see the `enc' command for more details) > aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb > aes-256-cbc aes-256-ecb base64 bf > bf-cbc bf-cfb bf-ecb bf-ofb > camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb > camellia-256-cbc camellia-256-ecb cast cast-cbc > cast5-cbc cast5-cfb cast5-ecb cast5-ofb > des des-cbc des-cfb des-ecb > des-ede des-ede-cbc des-ede-cfb des-ede-ofb > des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb > des-ofb des3 desx idea > idea-cbc idea-cfb idea-ecb idea-ofb > rc2 rc2-40-cbc rc2-64-cbc rc2-cbc > rc2-cfb rc2-ecb rc2-ofb rc4 > rc4-40 seed seed-cbc seed-cfb > seed-ecb seed-ofb zlib > > > On Oct 15, 2018, at 10:55 AM, wr...@apache.org wrote: > > > > Author: wrowe > > Date: Mon Oct 15 14:55:27 2018 > > New Revision: 1843917 > > > > URL: http://svn.apache.org/viewvc?rev=1843917&view=rev > > Log: > > Revert r1832567, r1843476, r1843478 > > > > Restore jorton's detection from r1831398, and portably redirect stderr > > to capture and evaluate the available command list, > > from either stdout (1.1.0 and later) or stderr (1.0.2 and prior). > > > > > > Modified: > > httpd/test/framework/trunk/t/ssl/ocsp.t > > > > Modified: httpd/test/framework/trunk/t/ssl/ocsp.t > > URL: > http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/ssl/ocsp.t?rev=1843917&r1=1843916&r2=1843917&view=diff > > > ============================================================================== > > --- httpd/test/framework/trunk/t/ssl/ocsp.t (original) > > +++ httpd/test/framework/trunk/t/ssl/ocsp.t Mon Oct 15 14:55:27 2018 > > @@ -21,7 +21,7 @@ Apache::TestRequest::module('ssl_ocsp'); > > # support in earlier versions without messing around with stderr > > my $openssl = Apache::TestSSLCA::openssl(); > > if (!have_min_apache_version('2.4.26') > > - or system("$openssl ocsp 2>/dev/null") == 0) { > > + or `$openssl list -commands 2>&1` !~ /ocsp/) { > > print "1..0 # skip: No OpenSSL or mod_ssl OCSP support"; > > exit 0; > > } > > > > > >