On 7/3/20 10:54 AM, Graham Leggett wrote:
> On 29 Jun 2020, at 16:37, Ruediger Pluem <rpl...@apache.org> wrote:
>
>> Makes sense.
>> Do you see a possibility to merge this code and the one of ap_md5digest to a
>> more generic procedure that
>> allows to choose the digest algorithm while using 'MMAPED' reads?
>> BTW: Is sha1 mandatory for strong etags? If not wouldn't MD5 be enough and
>> if MD5 is seen as too insecure
>> why isn't sha1?
>
> I chose sha1 as it was a) widely available in APR and b) better than md5, but
> that was it.
>
> I am wondering if for 2.4 if we use md5 instead, and then set Content-MD5 at
> the same time in the same code instead of calculating the md5 twice.
>
> Then - as per the removal of Content-MD5 from
> https://tools.ietf.org/html/rfc7231#appendix-B - we separately switch it to
> sha1 and remove Content-MD5 in trunk.
Thanks for the pointer. Is Content-MD5 really used? And given that it has been
removed in the RFC my approach would be as follows:
1. Continue with your new additions as is. Do not try to merge any of this code
with Content-MD5 related content.
2. Backport them.
3. Leave Content-MD5 untouched in 2.4.x.
4. Remove Content-MD5 in trunk.
Regards
RĂ¼diger
