Testing in trunk, 2.4.x seems to be fine. It's the httpd/test/mod_h2/trunk test cases (do not expect you to get that running). I will take a closer look tomorrow as there is more fishy than just the renegotiation. I see more failures than that. I will try an earlier mod_ssl tomorrow and try to narrow it down.
Cheers, Stefan > Am 09.02.2016 um 21:47 schrieb Rainer Jung <rainer.j...@kippdata.de>: > > Am 09.02.2016 um 20:03 schrieb Stefan Eissing: >> >>> Am 09.02.2016 um 19:58 schrieb Rainer Jung <rainer.j...@kippdata.de>: >>> >>> Am 09.02.2016 um 19:20 schrieb Stefan Eissing: >>>> Ah, closer look revealed that the first test was a cipher renegotiation >>>> using HTTP/1.1. That no longer works, but the slave connection checks do. >>>> So, false alarm on that front. Will disable the renegotiation tests that >>>> fail for now until the 1.1.0 openssl work is done... >>>> >>>> Sorry for the confusion. >>>> >>>>> Am 09.02.2016 um 19:11 schrieb Stefan Eissing >>>>> <stefan.eiss...@greenbytes.de>: >>>>> >>>>> With the new renegotiate code, I get failures in trunk for my tests that >>>>> expect renegotiation to fail on slave connections. Rainer, not sure how >>>>> this works now. Can you have a look? >>> >>> No problem, thanks for doing tests as well. Yes, the cipher change reneg is >>> still expected to fail (only when using OpenSSL 1.1.0). >> >> Was using OpenSSL 1.0.2 in my tests... > > That's strange then, because I didn't (intentionally) change the behavior for > pre 1.1.0. Instead I tried to keep the code the same in that case and > postpone any cleanups (let pre-1.1.0 use the same code as 1.1.0) to the time > 1.1.0 runs fine. > > So could it be something else? Is it a test case which is part of the test > suite? If yes, which one? Which version (trunk or 2.4) did you test. I would > try to reproduce here. > > Regards, > > Rainer >
