From: Kaspar Brand <kbrand@apache.org>
Date: Sat, 1 Feb 2014 15:03:52 +0000 (+0000)
Subject: Drop stalled RFC 5878 backport proposals (reverted in trunk with r1468131),
X-Git-Tag: 2.2.27~59
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d4d5f55fda83ea4f57aec2396d3e175fac1efde8;p=thirdparty%2Fapache%2Fhttpd.git

Drop stalled RFC 5878 backport proposals (reverted in trunk with r1468131),
as they have been obsoleted through "SSLOpenSSLConfCmd ServerInfoFile"
meanwhile (r1555683, and CT is no longer using SSL_CTX_use_authz_file either).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1563425 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index 4e55870916e..903fd000693 100644
--- a/STATUS
+++ b/STATUS
@@ -328,28 +328,3 @@ PATCHES/ISSUES THAT ARE STALLED
     2.4 patch: http://people.apache.org/~fuankg/diffs/httpd-2.4.x-cross_compile.diff
     2.2 patch: http://people.apache.org/~fuankg/diffs/httpd-2.2.x-cross_compile.diff
     fuankg: on hold until we agree for a better and more simple solution ...
-
-  * mod_ssl: Add RFC 5878 support. This allows support of mechanisms
-             such as Certificate Transparency. Note that new
-             mechanisms are supported without software updates.
-    trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1352596
-    2.2.x patch: http://people.apache.org/~ben/httpd-2.2-rfc5878.patch
-    +1: ben, druggeri
-    -1: kbrand
-    druggeri note: Needs docs for new directive
-    kbrand: depends on an unreleased OpenSSL version (1.0.2), and
-            RFC 5878 is of "Category: Experimental".
-            The API in the OpenSSL implementation from May 2012
-            (http://cvs.openssl.org/chngview?cn=22601) only covers the
-            privately-defined TLSEXT_AUTHZDATAFORMAT_audit_proof, there's
-            no support for x509_attr_cert (section 3.3.1 in RFC 5878) or
-            saml_assertion (3.3.2). SSL_CTX_use_authz_file doesn't have
-            any docs in OpenSSL, either, and there's no "openssl foo ..."
-            command or similar to create/manage such files.
-            Note: as of 2013-04-15, r1352596 has been reverted in trunk,
-            (with r1468131), for the reasons explained in the message with id
-            <515FED7C.5010009@velox.ch> sent to the dev list on 2013-04-06.
-    ben: not correct that it depends on OpenSSL 1.0.2, it builds with
-         any version. Also, if you read my note to dev@ you will see
-         why it is not premature.
-