On 6/25/25 2:53 PM, jor...@apache.org wrote:
> Author: jorton
> Date: Wed Jun 25 12:53:18 2025
> New Revision: 1926720
>
> URL: http://svn.apache.org/viewvc?rev=1926720&view=rev
> Log:
> * modules/ssl/ssl_private.h: For OpenSSL >= 3.5.0 drop $SSLKEYLOGFILE
> handling inside mod_ssl where OpenSSL is built to handle that
> internally in libssl.
>
> Modified:
> httpd/httpd/trunk/modules/ssl/ssl_private.h
>
> Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=1926720&r1=1926719&r2=1926720&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_private.h Wed Jun 25 12:53:18 2025
> @@ -296,8 +296,12 @@ void free_bio_methods(void);
> #define X509_get_notAfter X509_getm_notAfter
> #endif
>
> -#if OPENSSL_VERSION_NUMBER >= 0x10101000L &&
> !defined(LIBRESSL_VERSION_NUMBER)
> -#define HAVE_OPENSSL_KEYLOG
> +/* For OpenSSL 3.5.0+, don't handle $SSLKEYLOGFILE since libssl does -
> + * unless OpenSSL was built with no-sslkeylog, which drops the env var
> + * handling, but leaves the API intact. */
> +#if OPENSSL_VERSION_NUMBER >= 0x10101000L &&
> !defined(LIBRESSL_VERSION_NUMBER) \
> + && (OPENSSL_VERSION_NUMBER <= 0x30500000L ||
> !defined(OPENSSL_NO_SSLKEYLOG))
When is OPENSSL_NO_SSLKEYLOG defined? When it was build with no-sslkeylog and
thus drops the env var handling?
And in this case we want to handle it as before?
Regards
RĂ¼diger
