On Wed, Jun 25, 2025 at 03:41:57PM +0200, Ruediger Pluem wrote:
> > --- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
> > +++ httpd/httpd/trunk/modules/ssl/ssl_private.h Wed Jun 25 12:53:18 2025
> > @@ -296,8 +296,12 @@ void free_bio_methods(void);
> >  #define X509_get_notAfter   X509_getm_notAfter
> >  #endif
> >  
> > -#if OPENSSL_VERSION_NUMBER >= 0x10101000L && 
> > !defined(LIBRESSL_VERSION_NUMBER)
> > -#define HAVE_OPENSSL_KEYLOG
> > +/* For OpenSSL 3.5.0+, don't handle $SSLKEYLOGFILE since libssl does -
> > + * unless OpenSSL was built with no-sslkeylog, which drops the env var
> > + * handling, but leaves the API intact. */
> > +#if OPENSSL_VERSION_NUMBER >= 0x10101000L && 
> > !defined(LIBRESSL_VERSION_NUMBER) \
> > +    && (OPENSSL_VERSION_NUMBER <= 0x30500000L || 
> > !defined(OPENSSL_NO_SSLKEYLOG))
> 
> When is OPENSSL_NO_SSLKEYLOG defined? When it was build with no-sslkeylog and 
> thus drops the env var handling?
> And in this case we want to handle it as before?

Yep - exactly right.

Regards, Joe

Reply via email to