Bug 960082

Summary:	Backport ALPN support to openssl-1.0.1i
Product:	[openSUSE] openSUSE Distribution	Reporter:	Stelian Ionescu <sionescu>
Component:	Other	Assignee:	Vítězslav Čížek <vcizek>
Status:	RESOLVED WONTFIX	QA Contact:	E-mail List <qa-bugs>
Severity:	Enhancement
Priority:	P5 - None	CC:	astieger, meissner, vcizek
Version:	Leap 42.1
Target Milestone:	---
Hardware:	Other
OS:	Other
Whiteboard:
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Bug Depends on:
Bug Blocks:	960083
Attachments:	openssl-ALPN-debug-info.patch openssl-ALPN-tests.patch openssl-ALPN.patch

Description Stelian Ionescu 2015-12-22 18:47:58 UTC

ALPN support is required for apache2-2.4.17+ with mod_http2
https://build.opensuse.org/package/view_file/home:sionescu:server/openssl/openssl-ALPN.patch
https://build.opensuse.org/package/view_file/home:sionescu:server/openssl/openssl-ALPN-tests.patch
https://build.opensuse.org/package/view_file/home:sionescu:server/openssl/openssl-ALPN-debug-info.patch

Comment 1 Vítězslav Čížek 2015-12-23 11:51:03 UTC

Thanks for the patches.
They are fine, I made only two small corrections.

openssl-ALPN-tests.patch:
corrected a hunk modifying ssltest usage
openssl-ALPN.patch:
moved one misplaced #endif in s_server.c

openSUSE update that will add the ALPN support has been started.

Comment 2 Bernhard Wiedemann 2015-12-23 12:00:20 UTC

This is an autogenerated message for OBS integration:
This bug (960082) was mentioned in
https://build.opensuse.org/request/show/350514 42.1+13.1+13.2 / openssl

Comment 3 Andreas Stieger 2015-12-23 12:12:17 UTC

This feature first appeared in OpenSSL 1.0.2. Downgrading to feature/enhancement.

Apache httpd 2.4.17+ is not in openSUSE Leap 42.1, so it's not a bug within the distribution, only when upgrading to unsupported packages.

On the maintenance submission SR#350514 :

openSUSE:Leap:42.1:Update/openssl is inherited from SUSE:SLE-12-SP1:Update. If that is to remain the case, this backport must go through SLE maintenance, and even the SLE feature process as it adds functionality. Otherwise we need to split the package.

Recommend we save this for SLE 12 SP2 and openSUSE Leap 42.1, and users wishing to run mod_http2 from development packages update their openssl version to match.

Unless there is comment to the contrary I am going to reject this proposed update.

Comment 4 Andreas Stieger 2016-01-01 21:10:35 UTC

I declined SR#350514 42.1+13.1+13.2 / openssl for the reason given.

A final state of this feature request might be resolved - wontfix.

Comment 5 Vítězslav Čížek 2016-01-05 10:30:38 UTC

Stelian,
The ALPN support has to wait for Leap 42.2.
In the meantime, you'll have to either maintain your own fork of openssl or use 1.0.2 from Base:System.
Leap 42.2 will definitely ship ALPN-capable openssl, because anything lower than 1.0.2 won't be supported by upstream at the time.
(https://www.openssl.org/policies/releasestrat.html)

Comment 6 Marcus Meissner 2016-01-11 15:33:15 UTC

Created attachment 661345 [details]
openssl-ALPN-debug-info.patch

openssl-ALPN-debug-info.patch

Comment 7 Marcus Meissner 2016-01-11 15:33:51 UTC

Created attachment 661346 [details]
openssl-ALPN-tests.patch

openssl-ALPN-tests.patch

Comment 8 Marcus Meissner 2016-01-11 15:34:08 UTC

Created attachment 661347 [details]
openssl-ALPN.patch

openssl-ALPN.patch

Comment 9 Marcus Meissner 2016-01-11 15:34:39 UTC

i am tracking this as feature 320292 for SLES 12 SP2 internally, which will feed it back to 42.2.