Re: trunk/rc usable with OpenSSL 3.0.0 ?

Mon, 13 Sep 2021 02:16:30 -0700 

Hi Dennis,

Am 13.09.2021 um 11:05 schrieb Dennis Clarke:

On 9/13/21 04:22, Joe Orton wrote:

On Mon, Sep 13, 2021 at 01:23:37AM -0400, Dennis Clarke wrote:


ALL :


I may receive no reply to this but in general I have been able to build
Apache httpd from any release tarball as well as from trunk. When httpd
needed to get TLS 1.3 working it was a slam dunk to get that working and
it did. However now we have OpenSSL 3.0.0 and it seems that neither the
latest RC works nor does trunk.

So then ... how to proceed ?


What fails with trunk?

It's expected that httpd 2.4 doesn't support 3.0 yet, hopefully we can
get this in for a future release but OpenSSL 3.0 has been a moving
target until just six days ago.

Regards, Joe



Why "expected" that httpd 2.4 doesn't support 3.0 ?



"expected" in the sense that the httpd project developers know about 
this. So "we" expect it.



While I realize that 3.0.0 is very shiney new and still has a green glow
to is we also know that the beta program has been in place for months
and the release candidates go back a year.



We did successfully test 3.0.0 alpha and beta in combination with the 
previous 2.4 releases. See for instance my release vote mails then.



3.0.0 use in combination with httpd 2.4.x did only break recently, due 
to changes in 3.0.0 that were not part of earlier alpha and beta 
releases. That's why we only recently got aware of needed mod_ssl 
changes to again make it work with 3.0.0. As mentioned by others the 
2.4.49 release is important for other reasons and we do not want to 
break it due to last minute mod_ssl changes, which would only be useful 
for a minority of users. Most would not yet go with OpenSSL 3.0.0.



Joe (Orton) has provided a pull request for 2.4.x based on httpd trunk 
to again support OpenSSL 3.0.0 and that's why he is interested in your 
observed httpd trunk failures with 3.0.0.



You have me at a loss.


Hopefully our situation is now understandable again?


That Apache httpd, the biggest web server on planet Earth ( let me check
mars ) has never looked at OpenSSL 3.0.0 as an event in the mail? It has
been shipped. Delivered. Done. It works. What are you saying?



We - for instance me - look at it since quite some time. The breaks were 
introduced recently in OpenSSL land. That's why we need a few weeks to 
react.


Thanks for caring about httpd in Solaris land!

Regards,

Rainer






















					Reply via email to