This patch adds support for the OpenSSL autoconfig mechanism. The autoconfig mechanism can be used to perform a number of OpenSSL specific configuration tasks, currently this includes: fine tuned ENGINE configuration, adding ASN1 OIDs and enabling FIPS mode (where supported). The number of autoconfig tasks OpenSSL supports is likely to be expanded in future. Oddly there are calls to initialize the config modules in mod_ssl but no explicit call to CONF_modules_load_file(). OpenSSL has supported autoconfig since version 0.9.7.
Created attachment 21172 [details] OpenSSL autoconfig support patch
What happens if OPENSSLconfig is on and OPENSSLconfigfile is not set so that OPENSSLconfig is TRUE but OPENSSLconfigfile is NULL. Whats the outcome of CONF_modules_load_file in this case?
In that case it uses the standard OpenSSL configuration file location which is /usr/local/ssl/openssl.cnf by default but it that can be changed by OpenSSL compile time options.
To bad this wasn't merged. Still no way to configure an SSLCryptoDevice/engine in mod_ssl?
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd. As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd. If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question. If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with. Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.