Am 16.03.2018 um 12:21 schrieb Rainer Jung:
It seems mod_md (trunk and 2.4, currently identical) needs OpenSSL 1.0.2
(for ASN1_TIME_diff), but with a small change (using the already
existing LIBRESSL alternative code) it only needs 1.0.0.
Since we still support 0.9.8a+ for 2.4.x and trunk, I think we need to
add a version check to modules/md/config2.m4, maybe by allowing the
requested version as an argument to APACHE_CHECK_OPENSSL which is
already used there. Currently APACHE_CHECK_OPENSSL uses a hard-coded
0.9.8a check.
I have hopefully fixed the 1.0.2 dependency by 1826973 and proposed it
for backport. About the 1.0.0 dependency, adding version requirementds
as parameters to APACHE_CHECK_OPENSSL is non-trivial, because
APACHE_CHECK_OPENSSL uses caching for its result which would then depend
on the version. Instead I suggest the following (yet untested):
Index: modules/md/config2.m4
===================================================================
--- modules/md/config2.m4 (revision 1826930)
+++ modules/md/config2.m4 (working copy)
@@ -270,6 +270,18 @@
dnl # hook module into the Autoconf mechanism (--enable-md)
APACHE_MODULE(md, [Managed Domain handling], $md_objs, , most, [
APACHE_CHECK_OPENSSL
+ AC_MSG_CHECKING([for OpenSSL version >= 1.0.1])
+ AC_TRY_COMPILE([#include <openssl/opensslv.h>],[
+#if !defined(OPENSSL_VERSION_NUMBER)
+#error "Missing OpenSSL version"
+#endif
+#if OPENSSL_VERSION_NUMBER < 0x10001000L
+#error "Unsupported OpenSSL version " OPENSSL_VERSION_TEXT
+#endif],
+ [AC_MSG_RESULT(OK),
+ [AC_MSG_RESULT(FAILED)
+ ac_cv_openssl=no])
+
if test "x$ac_cv_openssl" = "xno" ; then
AC_MSG_WARN([libssl (or compatible) not found])
enable_md=no
@Stefan: is this dependency on OpenSSL 1.0.0 expected or unexpected?
Regards,
Rainer
