Am 17.10.2018 um 13:41 schrieb Daniel Ruggeri:
Hi, all;
With the fix for detected OpenSSL 1.1.1 issues now backported to 2.4.x,
I would like to tag the next version of our venerable server soon.
I have already successfully completed the test suite against my "latest
sources" docker environment and am watching for any smoke detected in
[1]. Feeling good about this one :-)
How about roughly 24 hours from now?
[1]
https://lists.apache.org/thread.html/48de97bd66ceabcf84a3719b36cd69274cb8c4b64d68c46696beb906@<dev.httpd.apache.org>
There's a new crash report from Michael Kaufmann about one (small)
missing mod_ssl backport that leads to crashes under certain conditions
during renegotiation. That case seems to be not covered by the test
suite. I proposed the backport a few minutes ago. This one is probably a
show-stopper.
And there's another (small) backport candidate (r1844002) that I added
to STATUS now. No crash, but missing config merging leading to
unexpected behavior for some configurations. This one is not a
regression but was introduced this year in 2.4.32.
Finally I observed during my tests for the current 2.4 head some crashes
but only on Solaris and only for statically linked httpd when the event
MPM is used (MPM still dynamically loaded). The crashes always happen
during shutdown and it looks to me as all or most of them happen during
OpenSSL deinit. I vaguely remember there was some discussion about how
to sync OpenSSL unloading between the various consumers we have, eg.
apr-util and mod_ssl. So probably there's currently no easy solution for
this. I don't know whether this is new and it does not happen always.
Not a show-stopper for me, since the crashes only happen when a child
process ends. Still an annoyance, but IMHO not critical.
Regards,
Rainer
