Hi Jeff, Thanks for the response. You’re right, this does look to be in Apache 2.2.12 at this time. I was taking this from CHANGES, and it states: Changes with Apache 2.4.13
*) mod_ssl: make sure to consistently output SSLCertificateChainFile deprecation warnings, when encountered in a VirtualHost block. [Falco Schwarz <hiding falco.me>] This is why I was so concerned. Having this drop to one output should help, but it still may cause concerns for scripts that expect 0 output from a restart service script. — Jacob Perkins Product Owner cPanel Inc. jacob.perk...@cpanel.net <mailto:jacob.perk...@cpanel.net> Office: 713-529-0800 x 4046 Cell: 713-560-8655 > On Jun 12, 2015, at 11:48 AM, Jeff Trawick <traw...@gmail.com> wrote: > > On Fri, Jun 12, 2015 at 12:35 PM, Jacob Perkins <jacob.perk...@cpanel.net > <mailto:jacob.perk...@cpanel.net>> wrote: > +1 to Noels comments. We have a ton of servers running Apache 2.4 with our > control panel. Doing this in a point release will cause us to have to change > our product instead of doing a regular Apache release. > > When you have a server with 10k+ SSL vhosts, this can cause massive, > unexpected problems. I have a feeling that this will cause massive headaches > with all those running Apache 2.4. > > Thanks to Noel's comments, we have dropped this to one message at a quieter > log level for the next 2.4.x release, and we can assist with a tiny patch to > any recent 2.4.x. > > It doesn't make sense for us to hold up a release when that change has been > in the last several releases however. (That's a high barrier for making > progress.) > > Make sense? > > > — > Jacob Perkins > Product Owner > cPanel Inc. > > jacob.perk...@cpanel.net <mailto:jacob.perk...@cpanel.net> > Office: 713-529-0800 x 4046 <tel:713-529-0800%20x%C2%A04046> > Cell: 713-560-8655 <tel:713-560-8655> > >> On Jun 11, 2015, at 8:37 PM, Noel Butler <noel.but...@ausics.net >> <mailto:noel.but...@ausics.net>> wrote: >> >> On 12/06/2015 00:08, Jim Jagielski wrote: >> >>> >>> I'm calling a VOTE on releasing these as Apache httpd 2.4.14 GA. >>> >>> [ ] +1: Good to go >>> [ ] +0: meh >>> [ ] -1: Danger Will Robinson. And why. >>> >> -1 >> >> "The SSLCertificateChainFile directive () is deprecated, SSLCertificateFile >> should be used instead" >> >> The constant warnings on start, stop, and even reload for every single SSL >> host is unacceptable. >> >> This should never have been contemplated for a "point" release anyway. >> >> Clearly no consideration has been given to the headaches and collateral >> damage this will cause, some hosts have tens of thousands of SSL hosts, even >> a server reload will flood the hell out of them, most system/CP scripts look >> for a specific, or no output, after reload, this results in unexpected >> output and will trigger alarms, likely causing many systems to think " oh >> there was a problem adding this host, so I wont continue adding them into >> anything else and fail the entire new customer process" again, creating >> serious problems for those required to maintain these things. >> >> >> It might be fine and dandy for a stand alone single SSL host server that is >> manually managed, but dont forget many hosts run up to 2+K hosts on a single >> server with many of them SSL, that is a lot of change when you have a server >> room half full of them, not to mention any inhouse scripting or control >> panels that will need to be modified to cater for such changes to create the >> new certs and deal with it all. >> >> >> I for one will not place this release on any production servers. My >> recommendation is that chainfile remain as it is - at the very least for the >> 2.4 series, and if it is not enough to stop or delay this release to revert, >> then I sincerely hope it is changed in trunk for the next. >> >> > > > > > -- > Born in Roswell... married an alien... > http://emptyhammock.com/ <http://emptyhammock.com/>
signature.asc
Description: Message signed with OpenPGP using GPGMail