From: Kaspar Brand Date: Sat, 1 Feb 2014 15:03:52 +0000 (+0000) Subject: Drop stalled RFC 5878 backport proposals (reverted in trunk with r1468131), X-Git-Tag: 2.4.8~173 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0932ca833b9874e8638676ae461102477d3135a3;p=apache Drop stalled RFC 5878 backport proposals (reverted in trunk with r1468131), as they have been obsoleted through "SSLOpenSSLConfCmd ServerInfoFile" meanwhile (r1555683, and CT is no longer using SSL_CTX_use_authz_file either). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1563425 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/STATUS b/STATUS index 7a4de0ac7c..2758f0200c 100644 --- a/STATUS +++ b/STATUS @@ -265,33 +265,6 @@ PATCHES/ISSUES THAT ARE STALLED And wrowe's comment about the 2.2 patch is also valid for 2.4: http://svn.apache.org/viewvc?view=revision&revision=1354823 - * mod_ssl: Add RFC 5878 support. This allows support of mechansisms - such as Certificate Transparency. Note that new - mechanisms are supported without software updates. - trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1352596 - 2.4.x patch: http://people.apache.org/~ben/httpd-2.4-rfc5878.patch - +1: ben, druggeri - -1: kbrand - druggeri note: Needs docs for new directive - kbrand: depends on an unreleased OpenSSL version (1.0.2), and - RFC 5878 is of "Category: Experimental". - The API in the OpenSSL implementation from May 2012 - (http://cvs.openssl.org/chngview?cn=22601) only covers the - privately-defined TLSEXT_AUTHZDATAFORMAT_audit_proof, there's - no support for x509_attr_cert (section 3.3.1 in RFC 5878) or - saml_assertion (3.3.2). SSL_CTX_use_authz_file doesn't have - any docs in OpenSSL, either, and there's no "openssl foo ..." - command or similar to create/manage such files. - Additionally, httpd-2.4-rfc5878.patch includes a build-system - change which is unrelated to this feature. - Note: as of 2013-04-15, r1352596 has been reverted in trunk - (with r1468131), for the reasons explained in the message with id - <515FED7C.5010009@velox.ch> sent to the dev list on 2013-04-06. - ben: not correct that it depends on OpenSSL 1.0.2, it builds with - any version. Also, if you read my note to dev@ you will see - why it is not premature. - minfrin: once this gets docs, +1. - * Makefile.win: Added copying of .vbs / .wsf CGIs to Windows install target. Moved fixing of shebang to separate target so that it is no longer executed by default and all CGIs remain inactive.