> Am 01.11.2021 um 15:24 schrieb Joe Orton <jor...@redhat.com>: > > On Sun, Oct 31, 2021 at 01:35:09PM +0100, ste...@eissing.org wrote: >> I would like us to come to an understanding what our roadmap in >> regard to OpenSSL 3.0 is. People keep on asking about it. >> >> Yesterday, I spent some hours hacking at mod_ssl and mod_md to >> get it running. I managed to compile it, but it was not working >> reliably. Maybe I took some wrong turns somewhere. My observations >> below. > > What are you talking about exactly here? trunk should compile and run > fine already with 3.0 except if you build OpenSSL without deprecated > functions which AFAIK nobody sane will do, or at least, no sane > distributor will do, because the world is not ready.
I was trying to make it work without deprecated functions. Sorry, to have not been more clear. If we regard 3.0 conformance including those, then this is a non-issue, aside from actually testing that it still works. >> With my RM hat on, I see the next release in early December. We >> have some fixes to ship and maybe the new http2 implementation. >> >> Personally, I do not see a need for OpenSSL 3.0 in that one. But >> if anyone has plans to do it, it would be good to know. > > I would still like to get a Travis job testing against 3.0, on my TODO, > but I don't know of any compatilibity problems not covered in trunk / > https://github.com/apache/httpd/pull/258 (outside use of deprecated > functions anyway). > > Regards, Joe > > >> >> Kind Regards, >> Stefan >> >> --------------- >> Observations hacking on OpenSSL 3.0 compatibility: >> >> - SRP seems to be gone. >> - the ENGINE API seems to be gone >> - RSA*, DH* and friends are no longer wanted. >> Instead, the PKEY API offers replacements. >> - This affects reading key parameter from files, afaict. >> - Some minor annoyances with BIO_set_callback and >> ERR_peek_last.. >> - I changed EC key generation in mod_md to the new API, >> but generation failed at runtime. Maybe a minor glitch >> on my part. >> - The code overall does not become prettier. >> >> >> >
