I would like us to come to an understanding what our roadmap in
regard to OpenSSL 3.0 is. People keep on asking about it.
Yesterday, I spent some hours hacking at mod_ssl and mod_md to
get it running. I managed to compile it, but it was not working
reliably. Maybe I took some wrong turns somewhere. My observations
below.
With my RM hat on, I see the next release in early December. We
have some fixes to ship and maybe the new http2 implementation.
Personally, I do not see a need for OpenSSL 3.0 in that one. But
if anyone has plans to do it, it would be good to know.
Kind Regards,
Stefan
---------------
Observations hacking on OpenSSL 3.0 compatibility:
- SRP seems to be gone.
- the ENGINE API seems to be gone
- RSA*, DH* and friends are no longer wanted.
Instead, the PKEY API offers replacements.
- This affects reading key parameter from files, afaict.
- Some minor annoyances with BIO_set_callback and
ERR_peek_last..
- I changed EC key generation in mod_md to the new API,
but generation failed at runtime. Maybe a minor glitch
on my part.
- The code overall does not become prettier.
regard to OpenSSL 3.0 is. People keep on asking about it.
Yesterday, I spent some hours hacking at mod_ssl and mod_md to
get it running. I managed to compile it, but it was not working
reliably. Maybe I took some wrong turns somewhere. My observations
below.
With my RM hat on, I see the next release in early December. We
have some fixes to ship and maybe the new http2 implementation.
Personally, I do not see a need for OpenSSL 3.0 in that one. But
if anyone has plans to do it, it would be good to know.
Kind Regards,
Stefan
---------------
Observations hacking on OpenSSL 3.0 compatibility:
- SRP seems to be gone.
- the ENGINE API seems to be gone
- RSA*, DH* and friends are no longer wanted.
Instead, the PKEY API offers replacements.
- This affects reading key parameter from files, afaict.
- Some minor annoyances with BIO_set_callback and
ERR_peek_last..
- I changed EC key generation in mod_md to the new API,
but generation failed at runtime. Maybe a minor glitch
on my part.
- The code overall does not become prettier.