From: Kaspar Brand Date: Mon, 15 Apr 2013 15:59:05 +0000 (+0000) Subject: update comment, and move proposal to stalled section for 2.2.x, too X-Git-Tag: 2.2.25~87 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c367b8e416e2d4451f5c07c463213fdc40b51742;p=thirdparty%2Fapache%2Fhttpd.git update comment, and move proposal to stalled section for 2.2.x, too git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1468132 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/STATUS b/STATUS index 6c788655a25..0b9c92a0cb3 100644 --- a/STATUS +++ b/STATUS @@ -129,29 +129,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: mod_ssl is not loaded, but right now it would fail. An mmn minor bump would also be required for API addition. - * mod_ssl: Add RFC 5878 support. This allows support of mechanisms - such as Certificate Transparency. Note that new - mechanisms are supported without software updates. - trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1352596 - 2.2.x patch: http://people.apache.org/~ben/httpd-2.2-rfc5878.patch - +1: ben, druggeri - -1: kbrand - druggeri note: Needs docs for new directive - kbrand: depends on an unreleased OpenSSL version (1.0.2), and - RFC 5878 is of "Category: Experimental". Seems premature - to me to consider for backporting to 2.4/2.2 at this point. - The API in the OpenSSL implementation from May 2012 - (http://cvs.openssl.org/chngview?cn=22601) only covers the - privately-defined TLSEXT_AUTHZDATAFORMAT_audit_proof, there's - no support for x509_attr_cert (section 3.3.1 in RFC 5878) or - saml_assertion (3.3.2). SSL_CTX_use_authz_file doesn't have - any docs in OpenSSL, either, and there's no "openssl foo ..." - command or similar to create/manage such files. Trunk is - the right place where it can grow. - ben: not correct that it depends on OpenSSL 1.0.2, it builds with - any version. Also, if you read my note to dev@ you will see - why it is not premature. - * mod_proxy_http: Use the same hostname for SNI as for the HTTP request when forwarding to SSL backends. PR: 53134 @@ -381,4 +358,26 @@ PATCHES/ISSUES THAT ARE STALLED 2.2 patch: http://people.apache.org/~fuankg/diffs/httpd-2.2.x-cross_compile.diff fuankg: on hold until we agree for a better and more simple solution ... - + * mod_ssl: Add RFC 5878 support. This allows support of mechanisms + such as Certificate Transparency. Note that new + mechanisms are supported without software updates. + trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1352596 + 2.2.x patch: http://people.apache.org/~ben/httpd-2.2-rfc5878.patch + +1: ben, druggeri + -1: kbrand + druggeri note: Needs docs for new directive + kbrand: depends on an unreleased OpenSSL version (1.0.2), and + RFC 5878 is of "Category: Experimental". + The API in the OpenSSL implementation from May 2012 + (http://cvs.openssl.org/chngview?cn=22601) only covers the + privately-defined TLSEXT_AUTHZDATAFORMAT_audit_proof, there's + no support for x509_attr_cert (section 3.3.1 in RFC 5878) or + saml_assertion (3.3.2). SSL_CTX_use_authz_file doesn't have + any docs in OpenSSL, either, and there's no "openssl foo ..." + command or similar to create/manage such files. + Note: as of 2013-04-15, r1352596 has been reverted in trunk, + (with r1468131), for the reasons explained in the message with id + <515FED7C.5010009@velox.ch> sent to the dev list on 2013-04-06. + ben: not correct that it depends on OpenSSL 1.0.2, it builds with + any version. Also, if you read my note to dev@ you will see + why it is not premature.