From: Kaspar Brand Date: Sat, 30 Nov 2013 06:49:58 +0000 (+0000) Subject: Remove obsolete TODOs for mod_ssl: X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a053f47d8e55b178133a41a51513ae79451c5d8f;p=thirdparty%2Fapache%2Fhttpd.git Remove obsolete TODOs for mod_ssl: No, we don't - it was removed in r90511. DH keys are changed for every connection, SSL_OP_SINGLE_DH_USE is applied since mod_ssl's initial commit (r88988). We no longer have our own CRL callback (delegated to OpenSSL as of r1165056), so this is effectively moot. ssl_engine_pphrase.c needs to be simplified, not blown up further (see also https://issues.apache.org/bugzilla/show_bug.cgi?id=24031, which few [if any] people really seem to miss) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1546690 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/STATUS b/STATUS index b021317e1f1..fbb0dbc0091 100644 --- a/STATUS +++ b/STATUS @@ -323,22 +323,10 @@ RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP: TODO ISSUES REMAINING IN MOD_SSL: - * Do we need SSL_set_read_ahead()? - * SSLRequire directive (parsing of) leaks memory - * Diffie-Hellman-Parameters for temporary keys are hardcoded in - ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says: - "it is suggested that keys be changed daily or every 500 - transactions, and more often if possible." - * ssl_var_lookup could be rewritten to be MUCH faster - * CRL callback should be pluggable - - * ssl_engine_pphrase.c needs to be reworked so it is generic enough - to also decrypt proxy keys - WISH LIST * mod_proxy: Ability to run SSL over proxy gateway connections, encrypting (or reencrypting) at the proxy.