43931 – OpenSSL autoconfig support for mod_ssl

Bug 43931 - OpenSSL autoconfig support for mod_ssl

Summary: OpenSSL autoconfig support for mod_ssl

Status:	RESOLVED LATER

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_ssl (show other bugs)
Version:	2.2.6
Hardware:	Other other

Importance:	P2 enhancement (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:	MassUpdate

Depends on:
Blocks:

Reported:	2007-11-21 09:55 UTC by Dr Stephen Henson
Modified:	2018-11-07 21:09 UTC (History)
CC List:	1 user (show)

Attachments
OpenSSL autoconfig support patch (5.85 KB, patch) 2007-11-21 09:56 UTC, Dr Stephen Henson	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dr Stephen Henson 2007-11-21 09:55:08 UTC

This patch adds support for the OpenSSL autoconfig mechanism. The autoconfig
mechanism can be used to perform a number of OpenSSL specific configuration
tasks, currently this includes: fine tuned ENGINE configuration, adding ASN1
OIDs and enabling FIPS mode (where supported). The number of autoconfig tasks
OpenSSL supports is likely to be expanded in future.

Oddly there are calls to initialize the config modules in mod_ssl but no
explicit call to CONF_modules_load_file().

OpenSSL has supported autoconfig since version 0.9.7.

Comment 1 Dr Stephen Henson 2007-11-21 09:56:32 UTC

Created attachment 21172 [details]
OpenSSL autoconfig support patch

Comment 2 Ruediger Pluem 2007-11-21 12:44:02 UTC

What happens if OPENSSLconfig is on and OPENSSLconfigfile is not set so that
OPENSSLconfig  is TRUE but OPENSSLconfigfile is NULL. Whats the outcome of
CONF_modules_load_file in this case?

Comment 3 Dr Stephen Henson 2007-11-21 14:47:54 UTC

In that case it uses the standard OpenSSL configuration file location which is
/usr/local/ssl/openssl.cnf by default but it that can be changed by OpenSSL
compile time options.

Comment 4 Markus Kilås 2014-07-19 14:14:33 UTC

To bad this wasn't merged.

Still no way to configure an SSLCryptoDevice/engine in mod_ssl?

Comment 5 William A. Rowe Jr. 2018-11-07 21:09:21 UTC

Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.