On 6/14/2015 2:54 AM, Yann Ylavic wrote:
On Sun, Jun 14, 2015 at 11:29 AM,<gsm...@apache.org> wrote:
Author: gsmith
Date: Sun Jun 14 09:29:50 2015
New Revision: 1685371
URL: http://svn.apache.org/r1685371
Log:
-1 vote w/ comment
Modified:
httpd/httpd/branches/2.4.x/STATUS
Modified: httpd/httpd/branches/2.4.x/STATUS
URL:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1685371&r1=1685370&r2=1685371&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Sun Jun 14 09:29:50 2015
@@ -207,6 +207,8 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
2.4.x patch:
http://people.apache.org/~ylavic/httpd-2.4.x-deprecated_SSLCertificateChainFile_once.patch
trunk works (modulo CHANGES, above is a review patch only)
+1: ylavic, trawick
+ -1: gsmith, Tested, don't work! APLOG_INFO|APLOG_STARTUP will not work
+ together. Similar APLOG_* caveat as APLOG_TOCLIENT.
Indeed...
So, AIUI, it won't be logged unless httpd is started with -e info or more.
Isn't that finally what we want since [warn] seems to high?
Ok, yes that does work, this has been a day of learning.
However doing so I think the original intent is now lost which is to
inform the user of SSLCertificateChainFile's deprecation. The
unfortunate result of which was the hundreds/thousands of warnings 3
times over on servers with many ssl hosts. At least I got it three times
per host, but I only have a few. It also didn't take a -e warn to get it.
Now however should I want to follow up and use -e info, it's a game of
what-a-mole cause it will only tell me the first place in my config it's
at, not all of them. So essentially I would have to fix one, start again
with -e to find the next. Let's assume I don't have search & replace or
have included many conf files and do not have find in files at my disposal.
I think we can do both, not require a -e and simply inform the user
(just once at startup) of SSLCertificateChainFile's deprecation and then
give them list with -e info should they care to follow up on it.
I have reverted my -1 and will move out of the way. 2.4.14 is kaput with
the chunk size regression so we have a small window.
As my day must end now, this is untested. But wouldn't this be a
compromise to both? They will normally be gently informed (once) but -e
info will inundated them with every line in every file they are using
SSLCertificateChainFile in. In this case at lease they have requested it.
http://people.apache.org/~gsmith/proposal/sslcertificatechainfile_compromise.diff