Just found this in my spam folder, sorry. On Thu, Mar 05, 2026 at 10:33:22AM +0000, Stephen Farrell wrote: > I'm involved in the DEfO project [1] that's been developing > ECH for OpenSSL. We've now gotten ECH code upstreamed to > the openssl master branch so it should be included in the > upcoming openssl 4.0 release, which is great news (for us:-). > I believe there'll be an alpha release of that about March > 10th. > > I see however, that the openssl master branch now also > has some unrelated changes that break our DEfO CI builds [2] > for httpd (as well as haproxy, lighttpd and nginx;-) due to > some changes in interfaces (some const-ifying, making some > previously exposed structs opaque and some deprecations). > That all caused our DEfO ECH CI setup [2] to show a bunch > of red flags. > > I assume that this is something your project will address, > but in the meantime it may be useful to see the way I hacked > our httpd CI build to get it working with the current openssl > master branch. The relevant commit is [3]. > > Note that those aren't proper fixes, as I'm sure you'd > do something more thorough that works with various openssl > versions, so [3] is just an FYI and not a real patch/PR, > but maybe useful nonetheless. There's nothing really that > tricky to change here, it's just a bit tedious. > > [3] > https://github.com/defo-project/apache-httpd/commit/aa0aef2734a7b2650c0358323267633bd3ed53a6
Thanks a lot, Stephen. I had made a start at this too [1] but the volume of const-ified X509/X509_NAME pointers is indeed really painful. It would be good to fix as many as possible without casting. Regards, Joe [1] https://github.com/apache/httpd/pull/609
