Mark,
On 5/31/22 12:48, Mark Thomas wrote:
On 31/05/2022 17:34, Christopher Schultz wrote:
Mark,
On 5/31/22 11:30, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
commit b6952740dd64fa8ea7edd1764d4b14661527a0eb
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed May 25 16:15:02 2022 +0100
Minimum OpenSSl version is 3.0.0 is keylog callback is always
available
If the minimum version of OpenSSL is 3.0.0, then probably MANY MANY
#ifdefs can be removed.
Removing the would, of course, cause lots of merge conflicts when
back-ports are done so it's probably not worth it. Given that (chaos),
I'm curious: why did you remove this one in particular?
A lot look like they might need to stay - at least in some form - if we
want to continue to support LibreSSL in Tomcat Native 2.0.x.
Oh, right... there's that.
I do have a large commit that removes a lot of unused code. I need to
wait until Tomcat Native 1.2.34 is released before I merge that commit
else Tomcat 10.1.x won't be able to use Tomcat Native unless you build
Tomcat native from source.
I'm generally removing stuff as I spot that it is no longer required. My
intention is to remove everything I can. The merge conflicts might not
be too bad...
On that topic, I originally made the decision to keep LibreSSL support
when I thought that 10.1.x would required Tomcat Native 2.0.x. The plan
has since shifted and 10.1.x will ship with Tomcat Native 2.0.x but will
still be able to use (a sufficiently recent) Tomcat Native 1.2.x. With
that in mind, do we want to keep LibreSSL support in Tomcat Native 2.0.x?
IMO libressl support is a *very* nice to have. If it's not to much
trouble, I think we should try to support it. Theoretically, it has API
(ABI?) compatibility with OpenSSL (1.x) so it shouldn't be thqt bad if
we still support earlier versions OpenSSL. But since you've bumped-up
the requirement to 3.0.x... I'm not sure where that leaves us.
There is a large deployment of OpenSSL 1.x that isn't likely to change
for a while. I still see many environments on 1.0.x these days, and they
wouldn't be able to upgrade to tcnative 2, which isn't necessarily a
deal-breaker. I wouldn't want to require tcnative-2 on 10.0 or below any
time soon, possible ever. So I think there's still quite a future for
tcnative-1.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
