Re: mod_ssl versions (for mod_md)

[Steffen]

Thanks Yann,

Mod_ssl has specific needed changes for mod_md. Some changes are already 
committed in 2.4.x. 

Mod_md  in 2.4.x-mod_md branch does not build out of the box, because faulting 
mod_ssl:

in ssl_engine_init.c I have to set #define MOD_MD_BACKPORTED   1

Regards,

Steffen

Ps. 
Saw that icing already cleaned up a branche (moved to attic). More to follow ?



> Op 8 jan. 2018 om 14:56 heeft Yann Ylavic  het volgende 
> geschreven:
> 
> Hi Steffen,
> 
>> On Mon, Jan 8, 2018 at 12:50 PM, Steffen  wrote:
>> 
>> When I recall Stefan stated that 2.4.x-mod_md was the branch to test/run
>> mod_md against.
> 
> Clearly, this is the mod_mod that will be released as of 2.4.next, so
> the one to test.
> 
>> 
>> Not anymore, now on git..
>> 
>> .. do not build against 2.4.x-mod_md please. Use only 2.4.x. ..
> 
> Why use git(hub) versions as for httpd releases?
> The 2.4.x-mod_md branch should be self contained, and either work as
> expected thus promoted to 2.4.x with enough votes, or has issues thus
> be reworked/fixed as many times as needed until working as expected.
> 
> I don't know the exact status of mod_md on git(hub), but I expect the
> changes committed to trunk but mostly backported to 2.4.x-mod_md
> (hence to be finally merged to 2.4.x) to be the stable ones, and I
> think it is.
> Whenever an mod_{h2,md} version is stable (per testing by the github
> community), Stefan brings them to httpd's svn.
> 
> He may provide github versions in between httpd releases to keep the
> mod_h2 community up to date (since his release cycle is faster than
> httpd's), but whenever httpd is to be released it usually embeds the
> latest (read most stable) mod_http2 at that time.
> Same for mod_hd I guess, although it is not released in httpd yet.
> 
>> 
>> To test we need to use mod_md from 2.4.x-mod_md branch and mod_ssl from the
>> 2.4.x branch ?
> 
> The first version of mod_md lives in 2.4.x-mod_md and we should
> test/vote this one branch only (regarding mod_md), so please report
> any issue on it with no other change from another branch or git.
> 
> We can keep this branch in sync with the final 2.4.x, like I did this
> weed-end, if we want for example the needed mod_ssl changes committed
> there (because they are not really mod_md specific) to be also in
> 2.4.x-mod_md, so that precisely no "external" change is needed to test
> mod_md on that branch.
> 
>> 
>> Complicated all the versions and usability not same at some point.
> 
> They shouldn't be, and AFAICT, they are not, 2.4.x-mod_md is the
> branch to test as is.
> 
>> 
>> Also to have stuff mod_md  in SVN and GIT makes it not that easy. I
>> suspended my testing mod-md/ssl
> 
> I think you shouldn't bother about other branches/repositories when
> testing httpd releases, it's usually 2.4.x only.
> mod_md is a special case because this is the first release, so per
> definition it's not in 2.4.x yet, hence Stefan created a special
> 2.4.x-"fake" branch (with a better named ;) which we can test as if it
> were the real 2.4.x.
> Let's do that for the special mod_md case of today.
> 
> 
> Regards,
> Yann.

Re: mod_ssl versions (for mod_md)

[Yann Ylavic]

Hi Steffen,

On Mon, Jan 8, 2018 at 12:50 PM, Steffen  wrote:
>
> When I recall Stefan stated that 2.4.x-mod_md was the branch to test/run
> mod_md against.

Clearly, this is the mod_mod that will be released as of 2.4.next, so
the one to test.

>
> Not anymore, now on git..
>
> .. do not build against 2.4.x-mod_md please. Use only 2.4.x. ..

Why use git(hub) versions as for httpd releases?
The 2.4.x-mod_md branch should be self contained, and either work as
expected thus promoted to 2.4.x with enough votes, or has issues thus
be reworked/fixed as many times as needed until working as expected.

I don't know the exact status of mod_md on git(hub), but I expect the
changes committed to trunk but mostly backported to 2.4.x-mod_md
(hence to be finally merged to 2.4.x) to be the stable ones, and I
think it is.
Whenever an mod_{h2,md} version is stable (per testing by the github
community), Stefan brings them to httpd's svn.

He may provide github versions in between httpd releases to keep the
mod_h2 community up to date (since his release cycle is faster than
httpd's), but whenever httpd is to be released it usually embeds the
latest (read most stable) mod_http2 at that time.
Same for mod_hd I guess, although it is not released in httpd yet.

>
> To test we need to use mod_md from 2.4.x-mod_md branch and mod_ssl from the
> 2.4.x branch ?

The first version of mod_md lives in 2.4.x-mod_md and we should
test/vote this one branch only (regarding mod_md), so please report
any issue on it with no other change from another branch or git.

We can keep this branch in sync with the final 2.4.x, like I did this
weed-end, if we want for example the needed mod_ssl changes committed
there (because they are not really mod_md specific) to be also in
2.4.x-mod_md, so that precisely no "external" change is needed to test
mod_md on that branch.

>
> Complicated all the versions and usability not same at some point.

They shouldn't be, and AFAICT, they are not, 2.4.x-mod_md is the
branch to test as is.

>
> Also to have stuff mod_md  in SVN and GIT makes it not that easy. I
> suspended my testing mod-md/ssl

I think you shouldn't bother about other branches/repositories when
testing httpd releases, it's usually 2.4.x only.
mod_md is a special case because this is the first release, so per
definition it's not in 2.4.x yet, hence Stefan created a special
2.4.x-"fake" branch (with a better named ;) which we can test as if it
were the real 2.4.x.
Let's do that for the special mod_md case of today.


Regards,
Yann.

Re: mod_ssl versions (for mod_md)

[Steffen]

Thanks Eric.


Still I think it is not the way to create so much branches here, trunk 
and 2.4.x should be enough.



For extra branches the apache-username  space can be used  like  
http://people.apache.org/~icing/


When I recall Stefan stated that 2.4.x-mod_md was the branch to 
test/run mod_md against.


Not anymore, now on git..

.. do not build against 2.4.x-mod_md please. Use only 2.4.x. ..

To test we need to use mod_md from 2.4.x-mod_md branch and mod_ssl 
from the 2.4.x branch ?


Complicated all the versions and usability not same at some point.

Also to have stuff mod_md  in SVN and GIT makes it not that easy. I 
suspended my testing mod-md/ssl





On Saturday 06/01/2018 at 16:58, Eric Covener  wrote:
On Sat, Jan 6, 2018 at 10:06 AM, Steffen  
wrote:


There are three more, so we have   7 places for mod_ssl:


In general, I wouldn't go hunting for alternate places to build/test
anything from.   You shouldn't feel obligated here beyond what you're
interested in. If you want changes before they hit trunk or the
2.4.x-md branch they are probably in github.



patches


Ignore it -- Don't worry about it unless someone uses it to share a
patch with you to test a specific issue.



trunk-md


Ignore it -- Appears obsolete, not changed in months and mod_md is in 
trunk




2.4.x-mod_md branch


This is where the mod_md backport proposal will eventually come from.
If you want to test mod_md on 2.4 before it's in 2.4, using this
branch makes sense.

This branch will never be released, just merged into 2.4.x when it's 
ready.




2.4.x


This is where actual 2.4 development occurs and where any 2.4.x
release will be cut from. No mod_md yet.



git v5 patch


Ignore it -- No idea, I wouldn't pay any mind to it unless someone
directed you to specifically try something in it.



trunk


This is where normal forward development happens.



2.5.0-alpha


Ignore it -- This is just a tag.

Re: mod_ssl versions (for mod_md)

[Gregg Smith]

On 1/5/2018 2:25 PM, Yann Ylavic wrote:

Hi Steffen,

On Fri, Jan 5, 2018 at 10:26 PM, Steffen  wrote:


What is the one we have to test for next 2.4.30, special mod_md 1.1.8


I have just synchonized the 2.4.x-mod_md branch with 2.4.x (resolving
only a tiny conflict in a comment).
So they should be exactly the same (mod_ssl included), except for the
pure mod_md changes, thus you should use the 2.4.x-mod_md branch I
guess.

Attached is the diff between the two branches' mod_ssl (svn diff -x-p
--- httpd/httpd/branches/2.4.x-mod_md/modules/ssl/ssl_engine_init.c 
2018/01/05 15:34:15	1820314
+++ httpd/httpd/branches/2.4.x-mod_md/modules/ssl/ssl_engine_init.c 
2018/01/05 22:04:52	1820360

@@ -32,6 +32,22 @@
 #include "mpm_common.h"
 #include "mod_md.h"

+/* Use the header, once mod_md is backported. break the dependency loop 
for now. */

+#define MOD_MD_BACKPORTED   0

#define MOD_MD_BACKPORTED   1
This branch does have MOD_MD_BACKPORTED after all.

+#if MOD_MD_BACKPORTED
+#include "mod_md.h"
+#else
+APR_DECLARE_OPTIONAL_FN(int,
+md_is_managed, (struct server_rec *));
+APR_DECLARE_OPTIONAL_FN(apr_status_t,
+md_get_certificate, (struct server_rec *, 
apr_pool_t *,

+ const char **pkeyfile,
+ const char **pcertfile));
+APR_DECLARE_OPTIONAL_FN(int,
+md_is_challenge, (struct conn_rec *, const char *,
+  X509 **pcert, EVP_PKEY **pkey));
+#endif
+
 APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, init_server,
 (server_rec *s,apr_pool_t *p,int 
is_proxy,SSL_CTX *ctx),
 (s,p,is_proxy,ctx), OK, DECLINED)> 
Regards,

Yann.


Regards,

Gregg

Re: mod_ssl versions (for mod_md)

[Eric Covener]

On Sat, Jan 6, 2018 at 10:06 AM, Steffen  wrote:
> There are three more, so we have   7 places for mod_ssl:

In general, I wouldn't go hunting for alternate places to build/test
anything from.   You shouldn't feel obligated here beyond what you're
interested in. If you want changes before they hit trunk or the
2.4.x-md branch they are probably in github.

> patches

Ignore it -- Don't worry about it unless someone uses it to share a
patch with you to test a specific issue.

> trunk-md

Ignore it -- Appears obsolete, not changed in months and mod_md is in trunk

> 2.4.x-mod_md branch

This is where the mod_md backport proposal will eventually come from.
If you want to test mod_md on 2.4 before it's in 2.4, using this
branch makes sense.

This branch will never be released, just merged into 2.4.x when it's ready.

> 2.4.x

This is where actual 2.4 development occurs and where any 2.4.x
release will be cut from. No mod_md yet.

> git v5 patch

Ignore it -- No idea, I wouldn't pay any mind to it unless someone
directed you to specifically try something in it.

> trunk

This is where normal forward development happens.

> 2.5.0-alpha

Ignore it -- This is just a tag.

Re: mod_ssl versions (for mod_md)

[Steffen]

There are three more, so we have   7 places for mod_ssl:

patches
trunk-md
2.4.x-mod_md branch
2.4.x
git v5 patch
trunk
2.5.0-alpha

Please be clear what is what and which are obsolete ? It is a mess for me. 



> Op 6 jan. 2018 om 12:17 heeft Steffen  het volgende 
> geschreven:
> 
> Sorry overlooked it: the change is included in 2.4.x-mod_md and not in 2.4.x.
> mod_ssl in 2.4.x-mod_md branch does not build out of the box:
> 
> in ssl_engine_init.c have to set #define MOD_MD_BACKPORTED   1
> 
> 
>> On 6-1-2018 08:07, Steffen wrote:
>> Not sure: Looks that now we loose the latest change yesterday from icing in 
>> 2.4.x-mod_md branch ?
>> 
>> 
>>  Begin Message 
>> Group: gmane.comp.apache.devel
>> MsgID: 

Re: mod_ssl versions (for mod_md)

[Steffen]

Sorry overlooked it: the change is included in 2.4.x-mod_md and not in 2.4.x.
 
mod_ssl in 2.4.x-mod_md branch does not build out of the box:


in ssl_engine_init.c have to set #define MOD_MD_BACKPORTED   1


On 6-1-2018 08:07, Steffen wrote:

Not sure: Looks that now we loose the latest change yesterday from icing in 
2.4.x-mod_md branch ?


 Begin Message 
Group: gmane.comp.apache.devel
MsgID: 

Re: mod_ssl versions (for mod_md)

[Steffen]

Not sure: Looks that now we loose the latest change yesterday from icing in 
2.4.x-mod_md branch ?


 Begin Message  
Group: gmane.comp.apache.devel 
MsgID: 

mod_ssl versions (for mod_md)

[Steffen]

Today icing made an other change to mod_ssl in the 2.4.x-mod_md branch 
and yesterday in 2.4.x branch.


When I am not wrong,  we have now 4 different versions of mod_ssl:

2.4.x-mod_md branch
2.4.x
git v5 patch
trunk

What is the one we have to test for next 2.4.30, special mod_md 1.1.8