> Am 28.05.2021 um 03:42 schrieb William A Rowe Jr <wr...@rowe-clan.net>:
>
> On Thu, May 27, 2021, 07:52 Eric Covener <cove...@gmail.com> wrote:
> On Thu, May 27, 2021 at 8:45 AM Rainer Jung <rainer.j...@kippdata.de> wrote:
>
> > is my understanding correct, that even httpd trunk (and then also 2.4.x)
> > needs LDAP support in APR/APU to build mod_ldap and mod_authnz_ldap?
> >
> > So since we removed LDAP support from APR trunk, that means those
> > modules currently can not be build using APR trunk, neither in httpd
> > trunk nor in httpd 2.4.x. Correct?
>
> I think this is correct. This was a pretty heated/sore issue to my
> recollection. Only the removal got done.
>
> That's nearly correct.
>
> The port to ap_ namespace was composed and committed to httpd trunk, by
> myself. And in the heat of the argument, vetoed by the obvious party, so I
> reasonably promptly reverted that, without a few minor tweaks that were still
> necessary across various platforms or httpd build scenarios.
>
> But you can find nearly all the necessary work on httpd trunk history, if
> there's a desire to ressurect the ability for httpd to survive an apr 2
> release. It didn't matter for PCRE, so I don't know that it is a priority.
>
> Any discussion w.r.t. apr project belongs at that project, if there's a
> desire to cause some action there. Based on observations of the huge scale of
> Curl vulnerabilities (which hit us for mod_md, because that is libcurl, as
> opposed to serf or something straightforward as the letsenrypt client), and
> on some additional thoughts shared on apr about further modularizing and
> disconnecting the each-and-every-facility from core apr+util, that would be
> an interesting discussion to have. But it might have even more additional
> resistance based on today's security postures, based on dependencies of
> dependencies security history.
When serf has reached some documentation level comparable to curl, I will have
a look. I encapsulated the curl dependency in mod_md quite well and it should
be easy to provide an alternate implementation to someone who is able to
understand serf. I hope I do not give the impression that I would stop anyone
from adding this.
Back to the beef:
Do I understand this correctly that we have a divergence in features between
APR and AP with APR2 losing support for something AP uses (LDAP) and AP not
willing/able/no time to add this to its code base?
- Stefan
