I would like us to come to an understanding what our roadmap in regard to OpenSSL 3.0 is. People keep on asking about it.
Yesterday, I spent some hours hacking at mod_ssl and mod_md to get it running. I managed to compile it, but it was not working reliably. Maybe I took some wrong turns somewhere. My observations below. With my RM hat on, I see the next release in early December. We have some fixes to ship and maybe the new http2 implementation. Personally, I do not see a need for OpenSSL 3.0 in that one. But if anyone has plans to do it, it would be good to know. Kind Regards, Stefan --------------- Observations hacking on OpenSSL 3.0 compatibility: - SRP seems to be gone. - the ENGINE API seems to be gone - RSA*, DH* and friends are no longer wanted. Instead, the PKEY API offers replacements. - This affects reading key parameter from files, afaict. - Some minor annoyances with BIO_set_callback and ERR_peek_last.. - I changed EC key generation in mod_md to the new API, but generation failed at runtime. Maybe a minor glitch on my part. - The code overall does not become prettier.