On 3/23/20 2:48 PM, Ruediger Pluem wrote:
>
>
> On 3/23/20 2:44 PM, Rainer Jung wrote:
>> The dependency on SSL_CTX_get_min_proto_version() and
>> SSL_CTX_get_max_proto_version() was introduced in October by Yann's
>> "r1868645 mod_ssl: negotiate the TLS protocol version per name based vhost
>> configuration".
>>
>> Although the set variants are available in 1.1.0, the set were added later
>> in 1.1.0g.
>>
>> Not sure, whether adjusting the version check as done now is the right fix.
>> At least it unbreaks building httpd against OpenSSL
>> 1.1.0-1.1.0f.
>>
>> The original change has been backported to 2.4.x, so building that for the
>> above OpenSSL versions is currently broken.
>
> IMHO we should backport it then once clarified that this is the correct thing
> to do and ensure that it gets in 2.4.43.
> I think this is a release blocker.
Question is if we should increase the Openssl version number to the same level
for the #if around
ssl_callback_ClientHello and the respective callback registering code.
Regards
RĂ¼diger
