mod_tls is an alternative to mod_ssl that uses rustls - that's not yet in portage, but net-misc/curl could use it too. The interesting parts are: less config footguns than mod_ssl, delegation of OCSP duties to mod_md, possible future http3 support, and the fact that it's not OpenSSL. (I know mod_gnutls also exists but it's somewhat unreliable and a 3rd-party module)
It would be a lot easier if https://github.com/rustls/rustls-ffi/issues/220 was fixed.
I'm taking a look at this after Luca very kindly put up a fresh PR: https://github.com/rustls/rustls-ffi/pull/274. (CCing blueness too as we're going to end up adding support in curl.)
I can take a look at the apache parts once the rustls commits are in place.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13c4058a167d8061a2f5615bc19a5333855d8b0c commit 13c4058a167d8061a2f5615bc19a5333855d8b0c Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-11 01:04:36 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-11 22:50:24 +0000 net-misc/curl: add rustls support Bug: https://bugs.gentoo.org/885099 Signed-off-by: Sam James <sam@gentoo.org> net-misc/curl/curl-7.86.0-r3.ebuild | 16 +++++++++++++--- net-misc/curl/metadata.xml | 1 + profiles/arch/amd64/package.use.mask | 4 ++++ profiles/arch/amd64/package.use.stable.mask | 4 ++++ profiles/arch/base/package.use.mask | 4 ++++ profiles/features/wd40/package.use.mask | 4 ++++ 6 files changed, 30 insertions(+), 3 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a140e368c72711ff551ce639a87af2b4decf3388 commit a140e368c72711ff551ce639a87af2b4decf3388 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-11 01:01:08 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-11 22:50:23 +0000 profiles/desc: add rustls for curl_ssl Bug: https://bugs.gentoo.org/885099 Signed-off-by: Sam James <sam@gentoo.org> profiles/desc/curl_ssl.desc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc63dc594a7c8c8f9c9ffaeff8f7bcc6c3c826a8 commit bc63dc594a7c8c8f9c9ffaeff8f7bcc6c3c826a8 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-11 00:25:26 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-11 22:50:23 +0000 net-libs/rustls-ffi: new package, add 0.9.1 Bug: https://bugs.gentoo.org/885099 Signed-off-by: Sam James <sam@gentoo.org> net-libs/rustls-ffi/Manifest | 61 ++++++++++ .../files/rustls-ffi-0.9.1-cargo-c.patch | 61 ++++++++++ .../files/rustls-ffi-0.9.1-tests-32-bit.patch | 106 ++++++++++++++++++ net-libs/rustls-ffi/metadata.xml | 11 ++ net-libs/rustls-ffi/rustls-ffi-0.9.1.ebuild | 123 +++++++++++++++++++++ 5 files changed, 362 insertions(+)
(In reply to Hans de Graaff from comment #3) > I can take a look at the apache parts once the rustls commits are in place. Cheers graaff. I've rebased https://github.com/gentoo/gentoo/pull/28634 which just has the apache bits. Feel free to take it over (pram into a local branch & push to a new one, or you can have access to my fork if you want). I've tested building apache w/ mod_tls but not configuring or using the module. Happy to hand it off.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4a4e1c5ea363b43e05b0d3ccd35473120bf3b12 commit b4a4e1c5ea363b43e05b0d3ccd35473120bf3b12 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-11 01:04:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-15 05:53:10 +0000 apache-2.eclass: add rustls support Bug: https://bugs.gentoo.org/885099 Closes: https://bugs.gentoo.org/903746 Closes: https://github.com/gentoo/gentoo/pull/28634 Signed-off-by: Sam James <sam@gentoo.org> eclass/apache-2.eclass | 1 + profiles/arch/amd64/package.use.mask | 4 ++++ profiles/arch/amd64/package.use.stable.mask | 4 ++++ profiles/arch/base/package.use.mask | 4 ++++ profiles/features/wd40/package.use.mask | 1 + www-servers/apache/apache-2.4.54-r8.ebuild | 2 +- www-servers/apache/apache-2.4.55-r1.ebuild | 2 +- www-servers/apache/apache-2.4.56.ebuild | 2 +- www-servers/apache/apache-2.4.57.ebuild | 2 +- 9 files changed, 18 insertions(+), 4 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7a7e7ee16baea1fdd64f0b6ae34517896f77173 commit b7a7e7ee16baea1fdd64f0b6ae34517896f77173 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-11 00:29:58 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-15 05:47:09 +0000 profiles/desc: add tls for apache2_modules Bug: https://bugs.gentoo.org/885099 Signed-off-by: Sam James <sam@gentoo.org> profiles/desc/apache2_modules.desc | 1 + 1 file changed, 1 insertion(+)