[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#828236: Apache2 with openssl 1.1.0

On Wed, Nov 09, 2016 at 11:44:49PM +0100, Stefan Fritsch wrote:
> Hi Kurt,
> 
> On Sunday, 25 September 2016 19:51:08 CET Debian Bug Tracking System wrote:
> > Processing commands for control@bugs.debian.org:
> > > tags 828236 + patch
> > 
> > Bug #828236 [src:apache2] apache2: FTBFS with openssl 1.1.0
> > Added tag(s) patch.
> 
> I am sorry, but I don't feel qualified to review that patch (or the upstream 
> branch 2.4.x-openssl-1.1.0-compat which has a different implementation). In 
> apache, there is lots of subtle interaction between TLS-renegotiation and 
> access control. Therefore I want to have the patch reviewed by someone who 
> knows mod_ssl well before I include it in Debian. Also, having openssl 1.1 
> support only in testing/unstable won't give apache enough exposure to ensure 
> that nothing is broken in complex configurations. 
> 
> Currently there is no movement upstream to finish the openssl 1.1 support any 
> time soon. This means that it is very unlikely that apache2 will get fixed in 
> time for stretch.

I would really like to see apache to support openssl 1.1.0. Is
there some way I can help get this done?


Kurt
Reply to: