I'd like to drop support for versions of OpenSSL older than 1.0 in the trunk mod_ssl. We have 200+ lines of compat macro junk and still six different compiler warnings remain in a trunk build against 1.0.0.
pro: simplify code: remove ssl_toolkit_compat.h and all compat macro mess which litters the code pro: simplify testing: no longer have to test/worry about regressing builds against N subtly different versions of the OpenSSL API all pro: can drop the internal CRL revocation code in favour of OpenSSL's pro: users will be "encouraged" to upgrade to a modern OpenSSL which has secure TLS reneg con: trunk/2.3 won't build on all platforms/distros which ship natively with OpenSSL < 1.0 (duh) con: I presume this will mean dropping support for the RSA/... toolkits, if they even work still, which I very much doubt So... love/hate? Regards, Joe