> It's worth noting that Apache also requires OpenSSL 1.0, which may also > affect what the Shibboleth stack can link against.
No, that code is isolated into shibd, mod_shib doesn't link to it. That was deliberate of course, for exactly this reason. There are edge cases. If you link Xerces to libcurl as a netaccessor, that can link in openssl and impact mod_shib. Otherwise, not generally. -- Scott
