On 04/18/2016 05:03 PM, Rainer Jung wrote: > Hi Mark, > > Am 18.04.2016 um 16:37 schrieb Mark Thomas: >> I'd like to get the next tc-native release out before the end of the >> month so the next round of Tomcat releases can pick it up - particularly >> the cert chain from Java keystore fix. >> >> I'm intending to tag in ~24 hours. Please reply if you need me to delay. > > Current code status: > > a) I tried to keep compatibility with OpenSSL 1.0.2 all the time. Any > breaks would be unintended. At least things compiled here. More eyes and > tests for the changes applied since 1.2.5 are very welcome. > > b) it will not compile with against latest OpenSSL 1.1.0 beta, because > to stay compatible with 1.1.0 head we had to use more recent OpenSSL > functions introduced after the last beta > > c) it will not compile with the latest OpenSSL 1.1.0 snapshot either, > because I haven't yet found a solution to an API change only introduced > last week > > I'll see whether I find a fix for c) so that the release would at least > work with a current OpenSSL 1.1.0 snapshot. Even if not, I think you can > release, because OpenSSL 1.1.0 head still doesn't seem to be API stable, > so we are not at the end of changes anyhows. > > Background infoRecently there was another opaqueness change in OpenSSL > 1.1.0 head. There's one incompatibility remaining between tcnative head > and OpenSSL 1.1.0 head for which I didn't find an immediate replacement. > So compiling against latest 1.1.0 snapshots will result in a compilation > error in ssl_verify_CRL(). > > The CRL handling code is very different from what we can find in OpenSSL > example/apps code and it could well be, that we should replace a bigger > part of that code with some pre-cooked cert validation function (call) > in OpenSSL.
Is mod_ssl also affected by those API changes? Cheers Jean-Frederic --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
