Hi Sandro, On Friday 26 March 2010, Sandro Tosi wrote: > I've prepared some packages for backport, and copied on [1] (it's > also apt-get-able); I tested them and they work, at least SNI is > fully functional (that's my purpose) > > [1] http://people.debian.org/~morph/bpo/ > > The chain of dependencies are: > > apache2 > +- openssl > +- apr-util > +- apr > +- libtool > > libtool was already in bpo, but was not compiled for amd64, so I've > just rebuilt it; the others are backports from the current versions > in testing.
I have not tested the packages but have some comments: - 2.2.15-2 still has some bugs in mod_reqtimeout, 2.2.15-3 would be better (but will take some time until it hits testing). - it is also possible to use an older openssl, this would just mean that the new 'SSLInsecureRenegotiation' directive would not be available (at least I believe that lenny's openssl already has SNI support). Maybe it would be better not to force people to update that core library. If you want to go with the older openssl, just downgrade the build-depends in apache and mention in the changelog that this removes SSLInsecureRenegotiation. Apart from that, I don't see any problems. Cheers, Stefan -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
