[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Backport apache2 version >= 2.2.12 ?

Hi Sandro,

On Friday 26 March 2010, Sandro Tosi wrote:
> I've prepared some packages for backport, and copied on [1] (it's
>  also apt-get-able); I tested them and they work, at least SNI is
>  fully functional (that's my purpose)
> 
> [1] http://people.debian.org/~morph/bpo/
> 
> The chain of dependencies are:
> 
> apache2
>  +- openssl
>  +- apr-util
>     +- apr
>        +- libtool
> 
> libtool was already in bpo, but was not compiled for amd64, so I've
> just rebuilt it; the others are backports from the current versions
>  in testing.

I have not tested the packages but have some comments:

- 2.2.15-2 still has some bugs in mod_reqtimeout, 2.2.15-3 would be 
better (but will take some time until it hits testing).

- it is also possible to use an older openssl, this would just mean 
that the new 'SSLInsecureRenegotiation' directive would not be 
available (at least I believe that lenny's openssl already has SNI 
support). Maybe it would be better not to force people to update that 
core library. If you want to go with the older openssl, just downgrade 
the build-depends in apache and mention in the changelog that this 
removes SSLInsecureRenegotiation.

Apart from that, I don't see any problems.

Cheers,
Stefan
Reply to: