Comment 3 for bug 2050017

------- Comment From <email address hidden> 2024-01-22 08:28 EDT-------
Besides the one commit that adds support for this (https://github.com/apache/httpd/commit/cc796e269d7c4f8d105fa46b590c9301c2a55329) I do see the following commits that are related:

https://github.com/apache/httpd/commit/2412f20b176ff54538b67088a9e643ffed6e87ae and https://github.com/apache/httpd/commit/d3a970420f04f9304e202bd1bdc04cbace9bbbd1 - French translation of related docu.

https://github.com/apache/httpd/commit/f5bf0869c7cfd6723f53115c8483737fce53fd2a
- small fix to compile with OPENSSL_NO_ENGINE environment.

None of those commits are absolutely required, but yo might want to pick them anyway. I am not aware of anything further that would be required to make this work.

I can certainly test a .58+change build for noble once a 24.04 build is available in Tessia (our IBM internal test system installer). Alternatively, if I could install it on 23.10 then it would be even easier.

I can also provide a description how to setup such an environment, it only needs httpd (.58+change), a current opencryptoki (I guess we will get this in 24.04 anyway) and the pkcs11-provider from https://github.com/latchset/pkcs11-provider (must be built from source I guess since not available in Ubuntu distribution), together with a few config file updates to set it up. I guess you can even test it on non-s390x using opencryptoki's soft token.