Comment 4 for bug 2050017

Revision history for this message
Bryce Harrington (bryce) wrote : Re: [24.04 FEAT] [SEC2339] HSM protected signing support for Apache httpd for openSSL 3.0 with PKCS #11 provider

Thanks for flagging this commit as desired. From the provided link I do see it has landed on the 2.5.x trunk but am not spotting it in the 2.4.x backport branch? That gives me some pause. I would want to better understand the use case or requirement, and how this patch solves them.

The patch doesn't look like it will apply cleanly, although it's not large and doesn't look hard to backport. But I'm more concerned if it has other dependencies from 2.5.x that aren't present in 2.4. Ideally, this would be first backported upstream to the 2.4.x and we (or Debian) could cherrypick it.

Apache2 typically releases every few months but last release was in October, and the CHANGES file looks awfully full, so I'm suspecting we might see a new release. If 2.4.59 were released within a couple weeks and lands in Debian, it might be possible to make it in for the LTS release. Lacking a 2.4.59 release, cherrypicking a patch from 2.4.x is easy prior to feature freeze at the end of February. Other than that, it's less easy and I'd like to first better understand the need.