Bug report for Apache httpd-2 [2017/01/15]

2017-01-14 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Re: mod_lets-encrypt

2017-01-14 Thread William A Rowe Jr
On Sat, Jan 14, 2017 at 1:05 PM, Stefan Sperling wrote: > On Sat, Jan 14, 2017 at 07:15:29PM +0100, Dirk-Willem van Gulik wrote: >> In fact - that may be a nice feature - an, essential, empheral port. > > Would that work for web servers behind firewalls? Most configured in that

Re: mod_lets-encrypt

2017-01-14 Thread William A Rowe Jr
On Sat, Jan 14, 2017 at 12:15 PM, Dirk-Willem van Gulik wrote: > > On 14 Jan 2017, at 19:05, William A Rowe Jr wrote: > > Any mod_letsencrypt can provision the certs but needs to do so > while still root, before servicing requests (although there could

Re: mod_lets-encrypt

2017-01-14 Thread Stefan Sperling
On Sat, Jan 14, 2017 at 07:15:29PM +0100, Dirk-Willem van Gulik wrote: > In fact - that may be a nice feature - an, essential, empheral port. Would that work for web servers behind firewalls?

Re: mod_lets-encrypt

2017-01-14 Thread Dirk-Willem van Gulik
> On 14 Jan 2017, at 19:05, William A Rowe Jr wrote: > > On Sat, Jan 14, 2017 at 10:22 AM, Eric Covener wrote: >> On Sat, Jan 14, 2017 at 11:19 AM, Eric Covener wrote: >>> >>> I think if a feature/directive will turn on something

Re: mod_lets-encrypt

2017-01-14 Thread William A Rowe Jr
On Sat, Jan 14, 2017 at 10:22 AM, Eric Covener wrote: > On Sat, Jan 14, 2017 at 11:19 AM, Eric Covener wrote: >> >> I think if a feature/directive will turn on something that will write >> to configured keystores, it really shouldn't do or dictate much else.

Re: mod_lets-encrypt

2017-01-14 Thread Eric Covener
On Sat, Jan 14, 2017 at 11:19 AM, Eric Covener wrote: > > I think if a feature/directive will turn on something that will write > to configured keystores, it really shouldn't do or dictate much else. Poorly phrased, but I think obtaining a cert should be separate from things

Re: mod_lets-encrypt

2017-01-14 Thread Eric Covener
On Sat, Jan 14, 2017 at 10:43 AM, Dirk-Willem van Gulik wrote: > > Where this implies SSLEnable, a set of sane/best-practice. ‘A+’, set of > baseline SSL directives w.r.t. OSCP stapling and so on. And absolutely no > further SSL statements in your vhost. And it implies that

Re: mod_lets-encrypt

2017-01-14 Thread Dirk-Willem van Gulik
(reshuffled top post) On 14 Jan 2017, at 16:07, Rich Bowen wrote: > On Jan 10, 2017 12:15 PM, "Jacob Champion" > wrote: > On 01/10/2017 08:35 AM, Dirk-Willem van Gulik wrote: > Before I send someone into the woods - did

Re: mod_lets-encrypt

2017-01-14 Thread Rich Bowen
I talked with him at linuxcon, but there's been no followup. I for one would love to see this happen. On Jan 10, 2017 12:15 PM, "Jacob Champion" wrote: > On 01/10/2017 08:35 AM, Dirk-Willem van Gulik wrote: > >> Before I send someone into the woods - did anyone consider/do