On Fri, Mar 01, 2024 at 01:52:15PM +0100, Yann Ylavic wrote: > On Fri, Mar 1, 2024 at 1:42 PM Yann Ylavic <ylavic....@gmail.com> wrote: > > > > On Fri, Mar 1, 2024 at 1:24 PM Joe Orton <jor...@redhat.com> wrote: > > > > > > Do you still want that > > > TestSSLCA.pm change merged? > > > > I think it can be useful for those who test httpd with openssl1 still > > (not maintained anymore, but we have to keep compatibility in 2.4 at > > least). > > But the issue with this patch is that it doesn't check which openssl > version httpd is actually using, so it always generates pkcs#1 keys > even if not needed. > If we had a way to check the system's openssl AND httpd's openssl are > < 3 it would be better, but I don't see how to do this.
I suppose we could export the detected version from configure via apxs -q and pick it up in Apache::Test, but I think it would be likely to make the whole house of cards even more fragile. So I'm not sure it's worth investing effort in that tbh. Better to assume/require that the bin/openssl version matches the version mod_ssl uses. Regards, Joe