> Am 15.10.2018 um 15:51 schrieb William A Rowe Jr <wr...@rowe-clan.net>:
>
>
>
> On Mon, Oct 15, 2018 at 3:06 AM Stefan Eissing <stefan.eiss...@greenbytes.de>
> wrote:
>
> See my mail on the other thread. It seems that h2 traffic triggers a call
> sequence that exposes a change in OpenSSL behaviour of SSL_read() between
> 1.1.0 and 1.1.1. It looks as if mod_ssl interpreted the return codes of
> SSL_read() in a way that no longer works and that we need to change mod_ssl
> handling here.
>
> Stefan, thanks for the detailed analysis else-thread, and thank you Rainer
> for the detailed defect report. It would be interesting to trigger this
> deliberately in the test framework.
>
> > On October 14, 2018 4:44:04 PM CDT, "Helmut K. C. Tessarek"
> > <tessa...@evermeet.cx> wrote:
> > On 2018-10-10 15:18, Daniel Ruggeri wrote:
> > Hi, all;
> > Please find below the proposed release tarball and signatures:
> > https://dist.apache.org/repos/dist/dev/httpd/
> >
> > I would like to call a VOTE over the next few days to release this
> > candidate tarball as 2.4.36:
> > [ ] +1: It's not just good, it's good enough!
> > [ ] +0: Let's have a talk.
> > [ ] -1: There's trouble in paradise. Here's what's wrong.
>
> Based on the observed change of SSL_read which we had not entirely accounted
> for, I'm -1 for GA release.
>
> I don't think it's helpful for us to ship this defect in any alpha or beta of
> trunk. I'd consider it a showstopper.
Agreed.