Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 885099 - >=www-servers/apache-2.4.52: add USE flag for mod_tls
Summary: >=www-servers/apache-2.4.52: add USE flag for mod_tls
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Apache Team - Bugzilla Reports
URL:
Whiteboard:
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2022-12-09 23:34 UTC by Enne Eziarc
Modified: 2023-05-15 05:54 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Enne Eziarc 2022-12-09 23:34:02 UTC
mod_tls is an alternative to mod_ssl that uses rustls - that's not yet in portage, but net-misc/curl could use it too.

The interesting parts are: less config footguns than mod_ssl, delegation of OCSP duties to mod_md, possible future http3 support, and the fact that it's not OpenSSL. (I know mod_gnutls also exists but it's somewhat unreliable and a 3rd-party module)
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-12-09 23:56:47 UTC
It would be a lot easier if https://github.com/rustls/rustls-ffi/issues/220 was fixed.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-12-11 01:17:54 UTC
I'm taking a look at this after Luca very kindly put up a fresh PR: https://github.com/rustls/rustls-ffi/pull/274.

(CCing blueness too as we're going to end up adding support in curl.)
Comment 3 Hans de Graaff gentoo-dev Security 2022-12-11 10:33:36 UTC
I can take a look at the apache parts once the rustls commits are in place.
Comment 4 Larry the Git Cow gentoo-dev 2022-12-11 22:50:37 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13c4058a167d8061a2f5615bc19a5333855d8b0c

commit 13c4058a167d8061a2f5615bc19a5333855d8b0c
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-12-11 01:04:36 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-12-11 22:50:24 +0000

    net-misc/curl: add rustls support
    
    Bug: https://bugs.gentoo.org/885099
    Signed-off-by: Sam James <sam@gentoo.org>

 net-misc/curl/curl-7.86.0-r3.ebuild         | 16 +++++++++++++---
 net-misc/curl/metadata.xml                  |  1 +
 profiles/arch/amd64/package.use.mask        |  4 ++++
 profiles/arch/amd64/package.use.stable.mask |  4 ++++
 profiles/arch/base/package.use.mask         |  4 ++++
 profiles/features/wd40/package.use.mask     |  4 ++++
 6 files changed, 30 insertions(+), 3 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a140e368c72711ff551ce639a87af2b4decf3388

commit a140e368c72711ff551ce639a87af2b4decf3388
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-12-11 01:01:08 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-12-11 22:50:23 +0000

    profiles/desc: add rustls for curl_ssl
    
    Bug: https://bugs.gentoo.org/885099
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/desc/curl_ssl.desc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc63dc594a7c8c8f9c9ffaeff8f7bcc6c3c826a8

commit bc63dc594a7c8c8f9c9ffaeff8f7bcc6c3c826a8
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-12-11 00:25:26 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-12-11 22:50:23 +0000

    net-libs/rustls-ffi: new package, add 0.9.1
    
    Bug: https://bugs.gentoo.org/885099
    Signed-off-by: Sam James <sam@gentoo.org>

 net-libs/rustls-ffi/Manifest                       |  61 ++++++++++
 .../files/rustls-ffi-0.9.1-cargo-c.patch           |  61 ++++++++++
 .../files/rustls-ffi-0.9.1-tests-32-bit.patch      | 106 ++++++++++++++++++
 net-libs/rustls-ffi/metadata.xml                   |  11 ++
 net-libs/rustls-ffi/rustls-ffi-0.9.1.ebuild        | 123 +++++++++++++++++++++
 5 files changed, 362 insertions(+)
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-12-11 22:51:56 UTC
(In reply to Hans de Graaff from comment #3)
> I can take a look at the apache parts once the rustls commits are in place.

Cheers graaff. I've rebased https://github.com/gentoo/gentoo/pull/28634 which just has the apache bits. Feel free to take it over (pram into a local branch & push to a new one, or you can have access to my fork if you want). I've tested building apache w/ mod_tls but not configuring or using the module. Happy to hand it off.
Comment 6 Larry the Git Cow gentoo-dev 2023-05-15 05:53:45 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4a4e1c5ea363b43e05b0d3ccd35473120bf3b12

commit b4a4e1c5ea363b43e05b0d3ccd35473120bf3b12
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-12-11 01:04:55 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-15 05:53:10 +0000

    apache-2.eclass: add rustls support
    
    Bug: https://bugs.gentoo.org/885099
    Closes: https://bugs.gentoo.org/903746
    Closes: https://github.com/gentoo/gentoo/pull/28634
    Signed-off-by: Sam James <sam@gentoo.org>

 eclass/apache-2.eclass                      | 1 +
 profiles/arch/amd64/package.use.mask        | 4 ++++
 profiles/arch/amd64/package.use.stable.mask | 4 ++++
 profiles/arch/base/package.use.mask         | 4 ++++
 profiles/features/wd40/package.use.mask     | 1 +
 www-servers/apache/apache-2.4.54-r8.ebuild  | 2 +-
 www-servers/apache/apache-2.4.55-r1.ebuild  | 2 +-
 www-servers/apache/apache-2.4.56.ebuild     | 2 +-
 www-servers/apache/apache-2.4.57.ebuild     | 2 +-
 9 files changed, 18 insertions(+), 4 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7a7e7ee16baea1fdd64f0b6ae34517896f77173

commit b7a7e7ee16baea1fdd64f0b6ae34517896f77173
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-12-11 00:29:58 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-15 05:47:09 +0000

    profiles/desc: add tls for apache2_modules
    
    Bug: https://bugs.gentoo.org/885099
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/desc/apache2_modules.desc | 1 +
 1 file changed, 1 insertion(+)