[jira] [Resolved] (AXIS2C-1481) SSL support should not be ifdef'ed out

Wed, 28 Jan 2026 12:48:05 -0800 


     [ 
https://issues.apache.org/jira/browse/AXIS2C-1481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Lazarski resolved AXIS2C-1481.
-------------------------------------
    Resolution: Won't Fix

Closing as "Won't Fix" with the following rationale:                            
              
                                                                                
              
  1. Age and inactivity: This issue is nearly 16 years old with no assignee or 
implementation 
  attempts, suggesting limited community demand.                                
              
  2. Disproportionate effort: The implementation would require substantial 
architecture       
  changes (dynamic loading, function pointer management, platform abstractions) 
for limited   
  practical benefit.                                                            
              
  3. Current approach is reasonable: Compile-time SSL configuration is a 
well-established     
  pattern used by many projects (libcurl, Apache httpd modules, etc.). The 
current            
  implementation provides clear error messages 
(AXIS2_ERROR_INVALID_TRANSPORT_PROTOCOL) when  
  HTTPS URLs are used without SSL support.                                      
              
  4. Modern build practices: Most package managers (apt, yum, brew) build with 
SSL enabled by 
  default. Users building from source can easily add --with-openssl.            
              
  5. Security consideration: Dynamic loading introduces potential security 
risks (library     
  injection, version mismatches) that static linking avoids. 

> SSL support should not be ifdef'ed out
> --------------------------------------
>
>                 Key: AXIS2C-1481
>                 URL: https://issues.apache.org/jira/browse/AXIS2C-1481
>             Project: Axis2-C
>          Issue Type: Improvement
>          Components: transport/http
>            Reporter: Nadir K. Amra
>            Priority: Major
>
> Currently in the HTTP transport code, one needs to build the source if one 
> wants SSL to be enabled, and provide the SSL library since this appears to be 
> statically(?) bound to the code. 
>  
> SSL support in the Axis2/C should not be ifdef'ed.  It should always be 
> enabled.   If the SSL library (e.g. OpenSSL) is not there, then we should log 
> an error but I do not think we should have to recompile code to add SSL 
> support. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to