Updated the PR https://github.com/apache/httpd/pull/179 with r1889009 and recent 2.4.x changes.
> Am 20.04.2021 um 12:05 schrieb Stefan Eissing <stefan.eiss...@greenbytes.de>: > > > >> Am 20.04.2021 um 11:57 schrieb Ruediger Pluem <rpl...@apache.org>: >> >> >> >> On 4/13/21 3:00 PM, Stefan Eissing wrote: >>> The PR 179 <https://github.com/apache/httpd/pull/179> has been updated with >>> the additions of our OCSP hook support in the core server. In case you did >>> not follow it, a short summary of the changes: >>> >>> 1. httpd core offers functions/hooks so that SSL related things >>> can be queried without optional functions. That means all the >>> lookups in modules of the "ssl_is_https(conn_rec *c)" have >>> been converted to direct invocations of "ap_ssl_conn_is_ssl(c)". >>> 2. The provisioning of SSL certificates for servers, as done by mod_md, >>> has also now a central hub in the server. This means other modules >>> besides mod_ssl/mod_md can use/offer certificate services. >>> 3. The OCSP response data that is used in "SSL Stapling" has also now >>> a central hub with functions/hooks. That means other SSL modules can >>> use mod_md services and another OCSP stapling module may be written >>> and installed without changes to SSL modules. >>> >>> All these new server functions/hooks are agnostic of the actual *SSL >>> implementation. One might mix modules using OpenSSL with ones using >>> libressl or exotics like rustls. >>> >>> 4. mod_ssl has been extended to use these new functions/hooks while >>> maintaining its own OPTIONAL functions and support. This should give full >>> backward compatibility for 3rd party modules for interop with mod_ssl. >>> >>> 5. mod_md has been extended to use/register at the new core hooks. The PR >>> also includes a range of other, unrelated enhancements to mod_md, like >>> multiple certificates and EC keys. It would have been possible to separate >>> this out, but it would have required more testing combinations and the >>> number of branches/repros to juggle are already high enough. >>> >>> As will all github PRs, you can get the diff simply by appending ".diff", >>> so <https://github.com/apache/httpd/pull/179.diff> is the whole thing. For >>> easier review, I extract the parts related only to the core server and the >>> ones only related to mod_ssl and attach them here. >>> >>> I would very much appreciate if some of you find the time to point to my >>> mistakes. >>> >> >> As it was easier for me I directly commented on the PR. > > Excellent! Will make an update, probably today. > > /Stefan >> >> Regards >> >> RĂ¼diger
