Comment 2 for bug 1951476

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

I worked on this a little bit.

I backported the 10 patches that are currently present in the PR mentioned above (, and verified that they seem to address the problem, at least in the sense that they make mod_ssl loadable again when using OpenSSL 3.

I ran apache2's autopkgtests and most of them succeeded; the only failure I'm seeing is actually not related to apache2, and is instead a problem with an uninstallable package currently in jammy-proposed.

The situation here is very similar to what's happening with net-snmp and squid: there are upstream patches that can "fix" the compatibility issue with OpenSSL, but upstream is still not entirely comfortable with them. In apache2's case, this situation a bit more complicated because there is apparently a behaviour change/regression that has been found with OpenSSL 3:

I will keep an eye on the progress of apache2's PR and see what happens. It'd probably be a good idea to have someone from the Security team take a look at this possible regression and assess it.