[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2.4.3x regression w/SSL vhost configs

> Am 12.04.2018 um 11:23 schrieb Yann Ylavic <ylavic.dev@xxxxxxxxx>:
> Hi Stefan,
> On Thu, Apr 12, 2018 at 11:09 AM, Stefan Eissing
> <stefan.eissing@xxxxxxxxxxxxx> wrote:
>>> Am 11.04.2018 um 22:24 schrieb Yann Ylavic <ylavic.dev@xxxxxxxxx>:
>>> On Wed, Apr 11, 2018 at 7:54 PM, Joe Orton <jorton@xxxxxxxxxx> wrote:
>>>> Is mod_md expected to work for vhosts without "SSLEngine on/optional"
>>>> configured explicitly?  Didn't get a clear answer to this before.
>>> Dunno, but wouldn't be worried to much is that were a new requirement
>>> for it to work explicitely.
>> I think mod_md will survive if mod_ssl switches off the new flag. mod_md
>> itself however uses it and needs the functionality.
> I think it was less about AP_MODULE_FLAG_ALWAYS_MERGE than whether
> mod_md should work/handle (or not) for vhosts switched from SSLEngine
> "undef" to "on" implicitely (i.e. the ssl_init_Module() code patched
> by Joe), than .
> My opinion is that if it did work in 2.4.33 (but wouldn't anymore
> after the patch), it's not really an issue because mod_md is
> experimental still and, more importantly, you like things to be said
> explicitly :)


If memory serves me well, the mod_ssl issue really came up when I
epxerimented with a global "SSLEngine *:443" where individual
vhosts no longer needed any SSL* basically...