On 23/12/2011 07:52, Kaspar Brand wrote:
On 22.12.2011 17:53, Dr Stephen Henson wrote:
I've added a few new controls and one new function which should resolve this,
see last few commits.
I deleted a couple of functions duplicating functionality too.
Let me know if you need further details
On 23.12.2011 18:13, Dr Stephen Henson wrote:
Your patch to trunk/2.4.x looks fine. You can simplify the clearing of the
extra
chain slightly by just unconditionally calling: [...]
Thanks, patch adapted and committed in r1222917 and r1222920, respectively.
Kaspar
On 05.08.2011 07:41, Kaspar Brand wrote:
On 03.08.2011 19:29, Dr Stephen Henson wrote:
In OpenSSL 1.0.1 (unreleased) and later there is a feature to make all SSL
related structures opaque and only allow them to be accessed through
functions.
This is enabled by setting OPENSSL_NO_SSL_INTERN
On 22/12/2011 10:59, Kaspar Brand wrote:
On 05.08.2011 07:41, Kaspar Brand wrote:
On 03.08.2011 19:29, Dr Stephen Henson wrote:
In OpenSSL 1.0.1 (unreleased) and later there is a feature to make all SSL
related structures opaque and only allow them to be accessed through
functions.
This is
On 22.12.2011 17:53, Dr Stephen Henson wrote:
I've added a few new controls and one new function which should resolve this,
see last few commits.
I deleted a couple of functions duplicating functionality too.
Let me know if you need further details or it needs fixing.
Thanks for the very
On 11.08.2011 11:34, NormW wrote:
On 11/08/2011 3:12 PM, Kaspar Brand wrote:
That's also fine with me, yes. Generally speaking, are there any rules
for handling this sort of version checks in httpd code (and when
aborting with #error is acceptable)?
No idea if a 'rule' but a search of
On 11/08/2011 3:12 PM, Kaspar Brand wrote:
Hi Gün,
perhaps we should just break compilation with a check in mod_ssl like:
#if OPENSSL_VERSION_NUMBER 0x0090700f
#error mod_ssl requires at least OpenSSL version 0.9.7f!
#endif
That's also fine with me, yes. Generally speaking, are there any
Hi Gün,
thanks for testing! I was wondering if there's some way to check for
OPENSSL_VERSION_NUMBER = 0x0090700f in the NWGNUmakefile (similar to
what is done in configure). Just in case someone tries to compile
against stone-age versions of OpenSSL/NTLS... but perhaps this is a very
unlikely
Hi Kaspar,
Am 10.08.2011 08:54, schrieb Kaspar Brand:
thanks for testing! I was wondering if there's some way to check for
OPENSSL_VERSION_NUMBER= 0x0090700f in the NWGNUmakefile (similar to
what is done in configure). Just in case someone tries to compile
against stone-age versions of
Hi Gün,
perhaps we should just break compilation with a check in mod_ssl like:
#if OPENSSL_VERSION_NUMBER 0x0090700f
#error mod_ssl requires at least OpenSSL version 0.9.7f!
#endif
That's also fine with me, yes. Generally speaking, are there any rules
for handling this sort of version
Hi Kaspar,
Am 07.08.2011 22:23, schrieb Guenter Knauf:
Am 07.08.2011 12:49, schrieb Kaspar Brand:
NetWare folks: please note that I didn't touch modules/ssl/NWGNUmakefile
so far - i.e. it still allows building with the Novell NTLS SDK (in
theory, at least). As I'm neither familiar with the
On 05.08.2011 17:39, William A. Rowe Jr. wrote:
On 8/5/2011 2:57 AM, Stefan Fritsch wrote:
On Friday 05 August 2011, Kaspar Brand wrote:
On 03.08.2011 19:08, William A. Rowe Jr. wrote:
My thought, it probably should be a set of commits;
* Drop SSLC (first patch)
* Drop OpenSSL 0.9.7
Hi Kaspar,
Am 07.08.2011 12:49, schrieb Kaspar Brand:
NetWare folks: please note that I didn't touch modules/ssl/NWGNUmakefile
so far - i.e. it still allows building with the Novell NTLS SDK (in
theory, at least). As I'm neither familiar with the NetWare platform nor
do I have a test
On Friday 05 August 2011, Kaspar Brand wrote:
On 03.08.2011 19:08, William A. Rowe Jr. wrote:
My thought, it probably should be a set of commits;
* Drop SSLC (first patch)
* Drop OpenSSL 0.9.7 (second patch)
* Drop ssl_toolkit_compat wrapper (third patch)
* Warn on 0.9.7 and
On 8/5/2011 2:57 AM, Stefan Fritsch wrote:
On Friday 05 August 2011, Kaspar Brand wrote:
On 03.08.2011 19:08, William A. Rowe Jr. wrote:
My thought, it probably should be a set of commits;
* Drop SSLC (first patch)
* Drop OpenSSL 0.9.7 (second patch)
* Drop ssl_toolkit_compat wrapper
Hi Kaspar,
On Wed, Aug 03, 2011 at 06:23:18PM +0200, Kaspar Brand wrote:
Ok, so the initial version of that patch became relatively large:
https://people.apache.org/~kbrand/mod_ssl-toolkit-support.v1.diff
Thanks so much for taking this on!
Even though trunk is CTR, I'm somewhat reluctant
On 03.08.2011 19:08, William A. Rowe Jr. wrote:
My thought, it probably should be a set of commits;
* Drop SSLC (first patch)
* Drop OpenSSL 0.9.7 (second patch)
* Drop ssl_toolkit_compat wrapper (third patch)
* Warn on 0.9.7 and some 0.9.8 flavors (last patch)
Ok, I'll try splitting
On 03.08.2011 19:29, Dr Stephen Henson wrote:
In OpenSSL 1.0.1 (unreleased) and later there is a feature to make all SSL
related structures opaque and only allow them to be accessed through
functions.
This is enabled by setting OPENSSL_NO_SSL_INTERN before including any OpenSSL
headers.
On 02.08.2011 22:39, William A. Rowe Jr. wrote:
On 7/31/2011 4:17 AM, Kaspar Brand wrote:
- drop support for OpenSSL 0.9.7a
- drop support for non-OpenSSL/derivatives of OpenSSL
Ok, then my next step is working on a patch which takes care of these
two points, I guess.
+1
Ok, so the
On 8/3/2011 11:23 AM, Kaspar Brand wrote:
Ok, so the initial version of that patch became relatively large:
https://people.apache.org/~kbrand/mod_ssl-toolkit-support.v1.diff
Even though trunk is CTR, I'm somewhat reluctant with simply going ahead
and would appreciate if people could
On 03/08/2011 18:08, William A. Rowe Jr. wrote:
On 8/3/2011 11:23 AM, Kaspar Brand wrote:
Ok, so the initial version of that patch became relatively large:
https://people.apache.org/~kbrand/mod_ssl-toolkit-support.v1.diff
Even though trunk is CTR, I'm somewhat reluctant with simply going
On 7/31/2011 4:17 AM, Kaspar Brand wrote:
Hi Rainer,
There was a similar discussion RFC: drop support for OpenSSL 1.0 in
trunk/2.3? on this list in May/June 2010.
Thanks for the pointer! (Too long ago for me to remember, but should
have searched the archives, that's true.)
- drop
Hi Kaspar,
On 31.07.2011 09:38, Kaspar Brand wrote:
I'm considering cleaning up some of the cert revocation checking code in
mod_ssl, in particular ssl_callback_SSLVerify_CRL(), which currently has
the following comment:
* OpenSSL provides the general mechanism to deal with CRLs but does
Hi Rainer,
There was a similar discussion RFC: drop support for OpenSSL 1.0 in
trunk/2.3? on this list in May/June 2010.
Thanks for the pointer! (Too long ago for me to remember, but should
have searched the archives, that's true.)
- drop support for OpenSSL 0.9.7a
- drop support for
On 31.07.2011 11:17, Kaspar Brand wrote:
Hi Rainer,
There was a similar discussion RFC: drop support for OpenSSL 1.0 in
trunk/2.3? on this list in May/June 2010.
Thanks for the pointer! (Too long ago for me to remember, but should
have searched the archives, that's true.)
No problem at
25 matches
Mail list logo