not before 2.4.19 -> not before 2.4.20 ...
Am 23.03.2016 um 15:18 schrieb Rainer Jung:
OpenSSL 1.1.0 pre 4 = Beta 1 is out.
I did another round of compatibility updates for mod_ssl. Apart form
fixing Bugs, the OpenSSL 1.1.0 API is supposed to stay stable now. So I
hope mod_ssl can stabilize
OpenSSL 1.1.0 pre 4 = Beta 1 is out.
I did another round of compatibility updates for mod_ssl. Apart form
fixing Bugs, the OpenSSL 1.1.0 API is supposed to stay stable now. So I
hope mod_ssl can stabilize now.
The current code runs the test suite with 1.0.2 and with 1.1.0 without
any ssl
The nice people at OpenSSL have already committed the two patches
(renegotiation with ECDHE ciphers, detecting HTTP-on-HTTPS) and I think
I found an easy way to trigger renegotiation without polling (using
SSL_peek).
The current code runs the test suite with 1.0.2 and with 1.1.0 without
any
I have send a candidate patch for the "talking http on https" patch to
the OpenSSL project. Using this patch and another fix I applied to trunk
for reneg handling in the proxy client case (mod_proxy talking https to
a backend), I'm now down to one remaining test suite failure.
More precisely
The list is getting shorter. The test suite currently only shows a few
failures due to the missing "talking http on https" support.
Am 09.02.2016 um 11:20 schrieb Rainer Jung:
Open problems:
1) HTTP on HTTPS
OpenSSL 1.1.0 currently doesn't support the "HTTP spoken on HT
I started adding support for OpenSSL 1.1.0 in trunk.
As some might know, the OpenSSL API changes and especially many
structures have been made opaque.
I resolved all the stuff that could be done on a local/formal level, but
some items remain, where I'm not sure how to proceed. I have marked
On 09/02/2016 14:36, Rainer Jung wrote:
> Hi Steve,
>
> thanks a lot for your review and comments. More inline.
>
> Am 09.02.2016 um 13:34 schrieb Dr Stephen Henson:
>> On 09/02/2016 10:20, Rainer Jung wrote:
>>>
>>> 3) ssl_engine_ocsp.c
>>>
>>> In modssl_verify_ocsp() the following code
Hi Steve,
thanks a lot for your review and comments. More inline.
Am 09.02.2016 um 13:34 schrieb Dr Stephen Henson:
On 09/02/2016 10:20, Rainer Jung wrote:
3) ssl_engine_ocsp.c
In modssl_verify_ocsp() the following code accesses the struct member "valid",
for which currently no accessor
On 09/02/2016 10:20, Rainer Jung wrote:
>
> 3) ssl_engine_ocsp.c
>
> In modssl_verify_ocsp() the following code accesses the struct member "valid",
> for which currently no accessor function exists in 1.1.0:
>
> 268 else if (cert->valid && X509_check_issued(cert,cert) == X509_V_OK) {
> 269