On Fri, Mar 1, 2024 at 2:12 PM Joe Orton <jor...@redhat.com> wrote: > > On Fri, Mar 01, 2024 at 01:52:15PM +0100, Yann Ylavic wrote: > > On Fri, Mar 1, 2024 at 1:42 PM Yann Ylavic <ylavic....@gmail.com> wrote: > > > > > > On Fri, Mar 1, 2024 at 1:24 PM Joe Orton <jor...@redhat.com> wrote: > > > > > > > > Do you still want that > > > > TestSSLCA.pm change merged? > > > > > > I think it can be useful for those who test httpd with openssl1 still > > > (not maintained anymore, but we have to keep compatibility in 2.4 at > > > least). > > > > But the issue with this patch is that it doesn't check which openssl > > version httpd is actually using, so it always generates pkcs#1 keys > > even if not needed. > > If we had a way to check the system's openssl AND httpd's openssl are > > < 3 it would be better, but I don't see how to do this. > > I suppose we could export the detected version from configure via apxs > -q and pick it up in Apache::Test, but I think it would be likely to > make the whole house of cards even more fragile. So I'm not sure it's > worth investing effort in that tbh. Better to assume/require that the > bin/openssl version matches the version mod_ssl uses.
Yes agreed, let's drop this patch. There is still the $APACHE_TEST_OPENSSL_CMD workaround to force the openssl version used by the framework to align with httpd's (for those who want to test with openssl < 3). Thanks! Yann. > > Regards, Joe >