Re: mod_ssl versions (for mod_md)
Thanks Yann, Mod_ssl has specific needed changes for mod_md. Some changes are already committed in 2.4.x. Mod_md in 2.4.x-mod_md branch does not build out of the box, because faulting mod_ssl: in ssl_engine_init.c I have to set #define MOD_MD_BACKPORTED 1 Regards, Steffen Ps. Saw that icing already cleaned up a branche (moved to attic). More to follow ? > Op 8 jan. 2018 om 14:56 heeft Yann Ylavichet volgende > geschreven: > > Hi Steffen, > >> On Mon, Jan 8, 2018 at 12:50 PM, Steffen wrote: >> >> When I recall Stefan stated that 2.4.x-mod_md was the branch to test/run >> mod_md against. > > Clearly, this is the mod_mod that will be released as of 2.4.next, so > the one to test. > >> >> Not anymore, now on git.. >> >> .. do not build against 2.4.x-mod_md please. Use only 2.4.x. .. > > Why use git(hub) versions as for httpd releases? > The 2.4.x-mod_md branch should be self contained, and either work as > expected thus promoted to 2.4.x with enough votes, or has issues thus > be reworked/fixed as many times as needed until working as expected. > > I don't know the exact status of mod_md on git(hub), but I expect the > changes committed to trunk but mostly backported to 2.4.x-mod_md > (hence to be finally merged to 2.4.x) to be the stable ones, and I > think it is. > Whenever an mod_{h2,md} version is stable (per testing by the github > community), Stefan brings them to httpd's svn. > > He may provide github versions in between httpd releases to keep the > mod_h2 community up to date (since his release cycle is faster than > httpd's), but whenever httpd is to be released it usually embeds the > latest (read most stable) mod_http2 at that time. > Same for mod_hd I guess, although it is not released in httpd yet. > >> >> To test we need to use mod_md from 2.4.x-mod_md branch and mod_ssl from the >> 2.4.x branch ? > > The first version of mod_md lives in 2.4.x-mod_md and we should > test/vote this one branch only (regarding mod_md), so please report > any issue on it with no other change from another branch or git. > > We can keep this branch in sync with the final 2.4.x, like I did this > weed-end, if we want for example the needed mod_ssl changes committed > there (because they are not really mod_md specific) to be also in > 2.4.x-mod_md, so that precisely no "external" change is needed to test > mod_md on that branch. > >> >> Complicated all the versions and usability not same at some point. > > They shouldn't be, and AFAICT, they are not, 2.4.x-mod_md is the > branch to test as is. > >> >> Also to have stuff mod_md in SVN and GIT makes it not that easy. I >> suspended my testing mod-md/ssl > > I think you shouldn't bother about other branches/repositories when > testing httpd releases, it's usually 2.4.x only. > mod_md is a special case because this is the first release, so per > definition it's not in 2.4.x yet, hence Stefan created a special > 2.4.x-"fake" branch (with a better named ;) which we can test as if it > were the real 2.4.x. > Let's do that for the special mod_md case of today. > > > Regards, > Yann.
Re: mod_ssl versions (for mod_md)
Hi Steffen, On Mon, Jan 8, 2018 at 12:50 PM, Steffenwrote: > > When I recall Stefan stated that 2.4.x-mod_md was the branch to test/run > mod_md against. Clearly, this is the mod_mod that will be released as of 2.4.next, so the one to test. > > Not anymore, now on git.. > > .. do not build against 2.4.x-mod_md please. Use only 2.4.x. .. Why use git(hub) versions as for httpd releases? The 2.4.x-mod_md branch should be self contained, and either work as expected thus promoted to 2.4.x with enough votes, or has issues thus be reworked/fixed as many times as needed until working as expected. I don't know the exact status of mod_md on git(hub), but I expect the changes committed to trunk but mostly backported to 2.4.x-mod_md (hence to be finally merged to 2.4.x) to be the stable ones, and I think it is. Whenever an mod_{h2,md} version is stable (per testing by the github community), Stefan brings them to httpd's svn. He may provide github versions in between httpd releases to keep the mod_h2 community up to date (since his release cycle is faster than httpd's), but whenever httpd is to be released it usually embeds the latest (read most stable) mod_http2 at that time. Same for mod_hd I guess, although it is not released in httpd yet. > > To test we need to use mod_md from 2.4.x-mod_md branch and mod_ssl from the > 2.4.x branch ? The first version of mod_md lives in 2.4.x-mod_md and we should test/vote this one branch only (regarding mod_md), so please report any issue on it with no other change from another branch or git. We can keep this branch in sync with the final 2.4.x, like I did this weed-end, if we want for example the needed mod_ssl changes committed there (because they are not really mod_md specific) to be also in 2.4.x-mod_md, so that precisely no "external" change is needed to test mod_md on that branch. > > Complicated all the versions and usability not same at some point. They shouldn't be, and AFAICT, they are not, 2.4.x-mod_md is the branch to test as is. > > Also to have stuff mod_md in SVN and GIT makes it not that easy. I > suspended my testing mod-md/ssl I think you shouldn't bother about other branches/repositories when testing httpd releases, it's usually 2.4.x only. mod_md is a special case because this is the first release, so per definition it's not in 2.4.x yet, hence Stefan created a special 2.4.x-"fake" branch (with a better named ;) which we can test as if it were the real 2.4.x. Let's do that for the special mod_md case of today. Regards, Yann.
Re: mod_ssl versions (for mod_md)
Thanks Eric. Still I think it is not the way to create so much branches here, trunk and 2.4.x should be enough. For extra branches the apache-username space can be used like http://people.apache.org/~icing/ When I recall Stefan stated that 2.4.x-mod_md was the branch to test/run mod_md against. Not anymore, now on git.. .. do not build against 2.4.x-mod_md please. Use only 2.4.x. .. To test we need to use mod_md from 2.4.x-mod_md branch and mod_ssl from the 2.4.x branch ? Complicated all the versions and usability not same at some point. Also to have stuff mod_md in SVN and GIT makes it not that easy. I suspended my testing mod-md/ssl On Saturday 06/01/2018 at 16:58, Eric Covener wrote: On Sat, Jan 6, 2018 at 10:06 AM, Steffenwrote: There are three more, so we have 7 places for mod_ssl: In general, I wouldn't go hunting for alternate places to build/test anything from. You shouldn't feel obligated here beyond what you're interested in. If you want changes before they hit trunk or the 2.4.x-md branch they are probably in github. patches Ignore it -- Don't worry about it unless someone uses it to share a patch with you to test a specific issue. trunk-md Ignore it -- Appears obsolete, not changed in months and mod_md is in trunk 2.4.x-mod_md branch This is where the mod_md backport proposal will eventually come from. If you want to test mod_md on 2.4 before it's in 2.4, using this branch makes sense. This branch will never be released, just merged into 2.4.x when it's ready. 2.4.x This is where actual 2.4 development occurs and where any 2.4.x release will be cut from. No mod_md yet. git v5 patch Ignore it -- No idea, I wouldn't pay any mind to it unless someone directed you to specifically try something in it. trunk This is where normal forward development happens. 2.5.0-alpha Ignore it -- This is just a tag.
Re: mod_ssl versions (for mod_md)
On 1/5/2018 2:25 PM, Yann Ylavic wrote: Hi Steffen, On Fri, Jan 5, 2018 at 10:26 PM, Steffenwrote: What is the one we have to test for next 2.4.30, special mod_md 1.1.8 I have just synchonized the 2.4.x-mod_md branch with 2.4.x (resolving only a tiny conflict in a comment). So they should be exactly the same (mod_ssl included), except for the pure mod_md changes, thus you should use the 2.4.x-mod_md branch I guess. Attached is the diff between the two branches' mod_ssl (svn diff -x-p --- httpd/httpd/branches/2.4.x-mod_md/modules/ssl/ssl_engine_init.c 2018/01/05 15:34:15 1820314 +++ httpd/httpd/branches/2.4.x-mod_md/modules/ssl/ssl_engine_init.c 2018/01/05 22:04:52 1820360 @@ -32,6 +32,22 @@ #include "mpm_common.h" #include "mod_md.h" +/* Use the header, once mod_md is backported. break the dependency loop for now. */ +#define MOD_MD_BACKPORTED 0 #define MOD_MD_BACKPORTED 1 This branch does have MOD_MD_BACKPORTED after all. +#if MOD_MD_BACKPORTED +#include "mod_md.h" +#else +APR_DECLARE_OPTIONAL_FN(int, +md_is_managed, (struct server_rec *)); +APR_DECLARE_OPTIONAL_FN(apr_status_t, +md_get_certificate, (struct server_rec *, apr_pool_t *, + const char **pkeyfile, + const char **pcertfile)); +APR_DECLARE_OPTIONAL_FN(int, +md_is_challenge, (struct conn_rec *, const char *, + X509 **pcert, EVP_PKEY **pkey)); +#endif + APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, init_server, (server_rec *s,apr_pool_t *p,int is_proxy,SSL_CTX *ctx), (s,p,is_proxy,ctx), OK, DECLINED)> Regards, Yann. Regards, Gregg
Re: mod_ssl versions (for mod_md)
On Sat, Jan 6, 2018 at 10:06 AM, Steffenwrote: > There are three more, so we have 7 places for mod_ssl: In general, I wouldn't go hunting for alternate places to build/test anything from. You shouldn't feel obligated here beyond what you're interested in. If you want changes before they hit trunk or the 2.4.x-md branch they are probably in github. > patches Ignore it -- Don't worry about it unless someone uses it to share a patch with you to test a specific issue. > trunk-md Ignore it -- Appears obsolete, not changed in months and mod_md is in trunk > 2.4.x-mod_md branch This is where the mod_md backport proposal will eventually come from. If you want to test mod_md on 2.4 before it's in 2.4, using this branch makes sense. This branch will never be released, just merged into 2.4.x when it's ready. > 2.4.x This is where actual 2.4 development occurs and where any 2.4.x release will be cut from. No mod_md yet. > git v5 patch Ignore it -- No idea, I wouldn't pay any mind to it unless someone directed you to specifically try something in it. > trunk This is where normal forward development happens. > 2.5.0-alpha Ignore it -- This is just a tag.
Re: mod_ssl versions (for mod_md)
There are three more, so we have 7 places for mod_ssl: patches trunk-md 2.4.x-mod_md branch 2.4.x git v5 patch trunk 2.5.0-alpha Please be clear what is what and which are obsolete ? It is a mess for me. > Op 6 jan. 2018 om 12:17 heeft Steffenhet volgende > geschreven: > > Sorry overlooked it: the change is included in 2.4.x-mod_md and not in 2.4.x. > mod_ssl in 2.4.x-mod_md branch does not build out of the box: > > in ssl_engine_init.c have to set #define MOD_MD_BACKPORTED 1 > > >> On 6-1-2018 08:07, Steffen wrote: >> Not sure: Looks that now we loose the latest change yesterday from icing in >> 2.4.x-mod_md branch ? >> >> >> Begin Message >> Group: gmane.comp.apache.devel >> MsgID:
Re: mod_ssl versions (for mod_md)
Sorry overlooked it: the change is included in 2.4.x-mod_md and not in 2.4.x. mod_ssl in 2.4.x-mod_md branch does not build out of the box: in ssl_engine_init.c have to set #define MOD_MD_BACKPORTED 1 On 6-1-2018 08:07, Steffen wrote: Not sure: Looks that now we loose the latest change yesterday from icing in 2.4.x-mod_md branch ? Begin Message Group: gmane.comp.apache.devel MsgID:
Re: mod_ssl versions (for mod_md)
Not sure: Looks that now we loose the latest change yesterday from icing in 2.4.x-mod_md branch ? Begin Message Group: gmane.comp.apache.devel MsgID:
mod_ssl versions (for mod_md)
Today icing made an other change to mod_ssl in the 2.4.x-mod_md branch and yesterday in 2.4.x branch. When I am not wrong, we have now 4 different versions of mod_ssl: 2.4.x-mod_md branch 2.4.x git v5 patch trunk What is the one we have to test for next 2.4.30, special mod_md 1.1.8