Summary: | OPENSSL_NO_SSL_INTERN should not be defined with OPENSSL_VERSION_NUMBER 0x10001000 | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Ryo ONODERA <ryo_on> |
Component: | mod_ssl | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED WONTFIX | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 2.4.2 | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | NetBSD | ||
Attachments: | Exclude 0x10001000 |
Description
Ryo ONODERA
2012-07-05 13:09:36 UTC
Increasing the version check to require 1.0.1-beta1 is a way to address this, that's right, but frankly, the proper fix is for NetBSD to pick up a *released* version of OpenSSL. Both 6.0_BETA2 and 6.99.8 seem to have a snapshot from 5 June 2011 (http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/external/bsd/openssl/dist/crypto/opensslv.h?rev=HEAD) - which lacks numerous fixes compared to 1.0.1, and of course even more compared to 1.0.1c: see e.g. http://cvs.openssl.org/filediff?f=openssl/CHANGES&v1=1.1481.2.56&v2=1.1481.2.56.2.103. I would really urge NetBSD to pull up a more recent OpenSSL *release* (and not repeat the exercise they did in 5.x, with the 0.9.9-dev snapshot... I was really hoping for this to be a one-time screw up). (In reply to comment #1) > I would really urge NetBSD to pull up a more recent OpenSSL *release* (and > not repeat the exercise they did in 5.x, with the 0.9.9-dev snapshot... I > was really hoping for this to be a one-time screw up). Hurrah, seems like someone has listened: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/external/bsd/openssl/dist/crypto/opensslv.h?rev=1.3.4.1&content-type=text/x-cvsweb-markup http://releng.netbsd.org/cgi-bin/req-6.cgi?show=491 |