OpenSSL 3.0 deprecations
FYI: here's a list of symbols for which I get deprecation warnings when compiling httpd 2.4.58 (plus bundled APU) against current OpenSSL 3.1.3. or 3.0.11: srclib/apr-util/crypto/apr_crypto_openssl.c:141:5: warning: 'ENGINE_load_builtin_engines' is deprecated (declared at include/openssl/engine.h:358): Since OpenSSL 3.0 srclib/apr-util/crypto/apr_crypto_openssl.c:142:5: warning: 'ENGINE_register_all_complete' is deprecated (declared at include/openssl/engine.h:415): Since OpenSSL 3.0 srclib/apr-util/crypto/apr_crypto_openssl.c:208:9: warning: 'ENGINE_finish' is deprecated (declared at include/openssl/engine.h:628): Since OpenSSL 3.0 srclib/apr-util/crypto/apr_crypto_openssl.c:209:9: warning: 'ENGINE_free' is deprecated (declared at include/openssl/engine.h:493): Since OpenSSL 3.0 srclib/apr-util/crypto/apr_crypto_openssl.c:326:9: warning: 'ENGINE_by_id' is deprecated (declared at include/openssl/engine.h:336): Since OpenSSL 3.0 srclib/apr-util/crypto/apr_crypto_openssl.c:330:9: warning: 'ENGINE_init' is deprecated (declared at include/openssl/engine.h:620): Since OpenSSL 3.0 srclib/apr-util/crypto/apr_crypto_openssl.c:331:13: warning: 'ENGINE_free' is deprecated (declared at include/openssl/engine.h:493): Since OpenSSL 3.0 support/ab.c:769:25: warning: 'EVP_PKEY_get1_EC_KEY' is deprecated (declared at include/openssl/evp.h:1377): Since OpenSSL 3.0 support/ab.c:770:25: warning: 'EC_KEY_get0_group' is deprecated (declared at include/openssl/ec.h:1037): Since OpenSSL 3.0 support/ab.c:771:25: warning: 'EC_KEY_free' is deprecated (declared at include/openssl/ec.h:1006): Since OpenSSL 3.0 support/ab.c:1431:13: warning: 'BIO_set_callback' is deprecated (declared at include/openssl/bio.h:279): Since OpenSSL 3.0 modules/ssl/ssl_engine_config.c:611:5: warning: 'ENGINE_by_id' is deprecated (declared at include/openssl/engine.h:336): Since OpenSSL 3.0 modules/ssl/ssl_engine_config.c:613:9: warning: 'ENGINE_free' is deprecated (declared at include/openssl/engine.h:493): Since OpenSSL 3.0 modules/ssl/ssl_engine_config.c:618:9: warning: 'ENGINE_get_first' is deprecated (declared at include/openssl/engine.h:318): Since OpenSSL 3.0 modules/ssl/ssl_engine_config.c:620:13: warning: 'ENGINE_get_id' is deprecated (declared at include/openssl/engine.h:552): Since OpenSSL 3.0 modules/ssl/ssl_engine_config.c:621:42: warning: 'ENGINE_get_name' is deprecated (declared at include/openssl/engine.h:553): Since OpenSSL 3.0 modules/ssl/ssl_engine_config.c:624:13: warning: 'ENGINE_get_next' is deprecated (declared at include/openssl/engine.h:323): Since OpenSSL 3.0 modules/ssl/ssl_engine_init.c:483:9: warning: 'ENGINE_by_id' is deprecated (declared at include/openssl/engine.h:336): Since OpenSSL 3.0 modules/ssl/ssl_engine_init.c:493:13: warning: 'ENGINE_ctrl' is deprecated (declared at include/openssl/engine.h:429): Since OpenSSL 3.0 modules/ssl/ssl_engine_init.c:497:9: warning: 'ENGINE_set_default' is deprecated (declared at include/openssl/engine.h:708): Since OpenSSL 3.0 modules/ssl/ssl_engine_init.c:508:9: warning: 'ENGINE_free' is deprecated (declared at include/openssl/engine.h:493): Since OpenSSL 3.0 modules/ssl/ssl_engine_init.c:574:9: warning: 'SRP_VBASE_new' is deprecated (declared at include/openssl/srp.h:176): Since OpenSSL 3.0 modules/ssl/ssl_engine_init.c:583:9: warning: 'SRP_VBASE_init' is deprecated (declared at include/openssl/srp.h:180): Since OpenSSL 3.0 modules/ssl/ssl_engine_init.c:591:9: warning: 'SSL_CTX_set_srp_username_callback' is deprecated (declared at include/openssl/ssl.h:1900): Since OpenSSL 3.0 modules/ssl/ssl_engine_init.c:593:9: warning: 'SSL_CTX_set_srp_cb_arg' is deprecated (declared at include/openssl/ssl.h:1902): Since OpenSSL 3.0 modules/ssl/ssl_engine_init.c:1318:5: warning: 'DH_get0_p' is deprecated (declared at include/openssl/dh.h:266): Since OpenSSL 3.0 modules/ssl/ssl_engine_init.c:1539:9: warning: 'DH_free' is deprecated (declared at include/openssl/dh.h:207): Since OpenSSL 3.0 modules/ssl/ssl_engine_init.c:1556:9: warning: 'EC_KEY_new_by_curve_name' is deprecated (declared at include/openssl/ec.h:1001): Since OpenSSL 3.0 modules/ssl/ssl_engine_init.c:1578:5: warning: 'EC_KEY_free' is deprecated (declared at include/openssl/ec.h:1006): Since OpenSSL 3.0 modules/ssl/ssl_engine_init.c:1843:9: warning: 'SRP_VBASE_free' is deprecated (declared at include/openssl/srp.h:178): Since OpenSSL 3.0 modules/ssl/ssl_engine_io.c:2288:9: warning: 'BIO_set_callback' is deprecated (declared at include/openssl/bio.h:279): Since OpenSSL 3.0 modules/ssl/ssl_engine_io.c:2291:13: warning: 'BIO_set_callback' is deprecated (declared at include/openssl/bio.h:279): Since OpenSSL 3.0 modules/ssl/ssl_engine_kernel.c:545:5: warning: 'SSL_get_srp_username' is deprecated (declared at include/openssl/ssl.h:1914): Since OpenSSL 3.0 modules/ssl/ssl_engine_kernel.c:2594:13: warning: 'BIO_set_callback' is deprecated (declared at include/openssl/bio.h:279): Since OpenSSL 3.0
Re: [VOTE] Release httpd-2.4.58-rc3 as httpd-2.4.58
> Am 19.10.2023 um 13:27 schrieb Rainer Jung : > > Am 16.10.23 um 17:08 schrieb Stefan Eissing via dev: >> Hi all, >> after fixing my merge mistake in rc2 (sorry!), we go again: >> Please find below the proposed release tarball and signatures: >> https://dist.apache.org/repos/dist/dev/httpd/ >> I would like to call a VOTE over the next few days to release >> this candidate tarball httpd-2.4.58-rc3 as 2.4.58: >> [X] +1: It's not just good, it's good enough! >> [ ] +0: Let's have a talk. >> [ ] -1: There's trouble in paradise. Here's what's wrong. >> The computed digests of the tarball up for vote are: >> sha256: 503a7da4a4a27fd496037998b17078dc9fe004db32c657c96cce8356b8aa2eb6 >> *httpd-2.4.58-rc3.tar.gz >> sha512: >> 5c11faf0572035ef67b27775d975999411c689cb774553175299a9e99b63d3d7138b0c7f15048ec28038494d8513689f916202c2289d557947d8b190d46ca9f3 >> *httpd-2.4.58-rc3.tar.gz >> The SVN candidate source is found at tags/2.4.58-rc3-candidate. >> Cheers, >> Stefan > > I know I am late, but for the sake of completeness my test results: I am happy nevertheless (and relieved that it went well)! Thanks for these awesome test coverage, Rainer. Cheers, Stefan > +1 to release and thanks a bunch for RM! > > The full range of unit tests is still running, but enough have completed for > a vote. > > - Sigs and hashes OK > - contents of tarballs identical > - contents of tag and tarballs identical > except for expected deltas > > Built on > > - SLES 11+12+15 (64 Bits) > - RHEL 6+7+8+9 (64 Bits) > > For all platforms built > > - with default (shared) and static modules > - with module set reallyall > - using --enable-load-all-modules > > - using libraries > - APR/APU >- bundled deps tarball >- 1.7.4/1.6.3 >- 1.6.5/1.6.3 >- 1.7.x(r1911757)/1.7.x(r1911757) with libxml2 >- 1.7.x(r1911757)/1.7.x(r1911757) with expat >- 1.6.x(r1908753)/1.6.x(r1911757) >- trunk(r1911757) with libxml2 >- trunk(r1911757) with expat > - OpenSSL 3.1.3, 3.0.11, 1.1.1w, >and for all except RHEL 9 >also 1.1.1, 1.0.2u, 1.0.2 > - expat 2.5.0 > - pcre 10.42 > - lua 5.4.6 (compiled with LUA_COMPAT_MODULE) > - libxml2 2.11.5 > - libnghttp2 1.57.0 > - brotli 1.1.0 > - curl 8.4.0 > - jansson 2.14 > - libldap 2.6.6 (2.5.7 with OpenSSL 1.1.1, > 2.4.59 with OpenSSL 1.0.2*) > > - in total 200 builds per platform (80 for RHEL 9) > > - Tool chain: >- platform gcc >- CFLAGS: -O2 -g -Wall -fno-strict-aliasing > > All builds succeeded. > > - compiler warnings: > > - deprecation warnings when building against OpenSSL 3.1.3, see other thread > > Tested for > > - SLES 11+12+15 > - RHEL 6+7+8+9 > - MPMs prefork, worker, event > - log level trace8 > - Perl client bundle build against OpenSSL 3.1.0beta1-1, > 3.0.0, 1.1.1g plus patches, 1.1.0l, 1.0.2u and 1.1.0l-1 > (RHEL 9 3.1.2-1, 3.0.10-1, 1.1.1w-1) > > Every OpenSSL version in the client tested with every OpenSSL version in the > server. 18 unit test runs (3 MPMS x 6 OpenSSL clients) per server build. > > About 2.400 unit test runs are done, most with server OpenSSL 3.1 and 3.0, > for RHEL 9 also 1.1.1. > > Some local adjustments to tests were used: > > - t/modules/buffer.t: removing huge buffer tests > -my $bigsize = 10; > +my $bigsize = 5; > > The following test failures were seen: > > a t/modules/buffer.t line 37 > Not a regression > Only on RHEL 6, SLES 11. > > c t/modules/sed.t line 37 test 3 > Not a regression > Only on RHEL 6, SLES 11. > > > Regards, > > Rainer
Re: [VOTE] Release httpd-2.4.58-rc3 as httpd-2.4.58
Am 16.10.23 um 17:08 schrieb Stefan Eissing via dev: Hi all, after fixing my merge mistake in rc2 (sorry!), we go again: Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball httpd-2.4.58-rc3 as 2.4.58: [X] +1: It's not just good, it's good enough! [ ] +0: Let's have a talk. [ ] -1: There's trouble in paradise. Here's what's wrong. The computed digests of the tarball up for vote are: sha256: 503a7da4a4a27fd496037998b17078dc9fe004db32c657c96cce8356b8aa2eb6 *httpd-2.4.58-rc3.tar.gz sha512: 5c11faf0572035ef67b27775d975999411c689cb774553175299a9e99b63d3d7138b0c7f15048ec28038494d8513689f916202c2289d557947d8b190d46ca9f3 *httpd-2.4.58-rc3.tar.gz The SVN candidate source is found at tags/2.4.58-rc3-candidate. Cheers, Stefan I know I am late, but for the sake of completeness my test results: +1 to release and thanks a bunch for RM! The full range of unit tests is still running, but enough have completed for a vote. - Sigs and hashes OK - contents of tarballs identical - contents of tag and tarballs identical except for expected deltas Built on - SLES 11+12+15 (64 Bits) - RHEL 6+7+8+9 (64 Bits) For all platforms built - with default (shared) and static modules - with module set reallyall - using --enable-load-all-modules - using libraries - APR/APU - bundled deps tarball - 1.7.4/1.6.3 - 1.6.5/1.6.3 - 1.7.x(r1911757)/1.7.x(r1911757) with libxml2 - 1.7.x(r1911757)/1.7.x(r1911757) with expat - 1.6.x(r1908753)/1.6.x(r1911757) - trunk(r1911757) with libxml2 - trunk(r1911757) with expat - OpenSSL 3.1.3, 3.0.11, 1.1.1w, and for all except RHEL 9 also 1.1.1, 1.0.2u, 1.0.2 - expat 2.5.0 - pcre 10.42 - lua 5.4.6 (compiled with LUA_COMPAT_MODULE) - libxml2 2.11.5 - libnghttp2 1.57.0 - brotli 1.1.0 - curl 8.4.0 - jansson 2.14 - libldap 2.6.6 (2.5.7 with OpenSSL 1.1.1, 2.4.59 with OpenSSL 1.0.2*) - in total 200 builds per platform (80 for RHEL 9) - Tool chain: - platform gcc - CFLAGS: -O2 -g -Wall -fno-strict-aliasing All builds succeeded. - compiler warnings: - deprecation warnings when building against OpenSSL 3.1.3, see other thread Tested for - SLES 11+12+15 - RHEL 6+7+8+9 - MPMs prefork, worker, event - log level trace8 - Perl client bundle build against OpenSSL 3.1.0beta1-1, 3.0.0, 1.1.1g plus patches, 1.1.0l, 1.0.2u and 1.1.0l-1 (RHEL 9 3.1.2-1, 3.0.10-1, 1.1.1w-1) Every OpenSSL version in the client tested with every OpenSSL version in the server. 18 unit test runs (3 MPMS x 6 OpenSSL clients) per server build. About 2.400 unit test runs are done, most with server OpenSSL 3.1 and 3.0, for RHEL 9 also 1.1.1. Some local adjustments to tests were used: - t/modules/buffer.t: removing huge buffer tests -my $bigsize = 10; +my $bigsize = 5; The following test failures were seen: a t/modules/buffer.t line 37 Not a regression Only on RHEL 6, SLES 11. c t/modules/sed.t line 37 test 3 Not a regression Only on RHEL 6, SLES 11. Regards, Rainer
my blog about h2 rapid reset and httpd
https://github.com/icing/blog/blob/main/h2-rapid-reset.md Cheers, Stefan