From a0288891f509762663e88df1fbe3f222e09b1601 Mon Sep 17 00:00:00 2001
From: Kaspar Brand <kbrand@apache.org>
Date: Sat, 30 Nov 2013 06:49:58 +0000
Subject: [PATCH] Remove obsolete TODOs for mod_ssl:

No, we don't - it was removed in r90511.

DH keys are changed for every connection, SSL_OP_SINGLE_DH_USE
is applied since mod_ssl's initial commit (r88988).

We no longer have our own CRL callback (delegated to OpenSSL
as of r1165056), so this is effectively moot.

ssl_engine_pphrase.c needs to be simplified, not blown up further
(see also https://issues.apache.org/bugzilla/show_bug.cgi?id=24031,
which few [if any] people really seem to miss)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1546690 13f79535-47bb-0310-9956-ffa450edef68
---
 STATUS | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/STATUS b/STATUS
index b021317e1f..fbb0dbc009 100644
--- a/STATUS
+++ b/STATUS
@@ -323,22 +323,10 @@ RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
 
 TODO ISSUES REMAINING IN MOD_SSL:
 
-  * Do we need SSL_set_read_ahead()?
-
   * SSLRequire directive (parsing of) leaks memory
 
-  * Diffie-Hellman-Parameters for temporary keys are hardcoded in
-    ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says:
-    "it is suggested that keys be changed daily or every 500
-    transactions, and more often if possible."
-
   * ssl_var_lookup could be rewritten to be MUCH faster
 
-  * CRL callback should be pluggable
-
-  * ssl_engine_pphrase.c needs to be reworked so it is generic enough
-    to also decrypt proxy keys
-
 WISH LIST
   * mod_proxy: Ability to run SSL over proxy gateway connections,
     encrypting (or reencrypting) at the proxy.
-- 
2.40.0