Merge r1926720, r1926722 from trunk:

* modules/ssl/ssl_private.h: For OpenSSL >= 3.5.0 drop $SSLKEYLOGFILE
  handling inside mod_ssl where OpenSSL is built to handle that
  internally in libssl.

* modules/ssl/ssl_private.h: Fix logic in r1926720 HAVE_OPENSSL_KEYLOG macro,
  thanks to rpluem.

Reviewed by: rpluem
Submitted by: jorton
Reviewed by: jorton, rpluem, ylavic
Github: closes #538


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1927023 13f79535-47bb-0310-9956-ffa450edef68

Author: notroj

changes-entries/ssl-less-keylog.txt

@@ -0,0 +1,3 @@
+  *) mod_ssl: Drop $SSLKEYLOGFILE handling internally for OpenSSL 3.5
+     builds which enable it in libssl natively.  [Joe Orton]
+

modules/ssl/ssl_private.h

@@ -290,8 +290,16 @@ void free_bio_methods(void);
 #define X509_get_notAfter   X509_getm_notAfter
 #endif
 
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
-#define HAVE_OPENSSL_KEYLOG
+/* The SSL_CTX_set_keylog_callback() API is present in 1.1.1+.
+ * 
+ * OpenSSL 3.5+ also provides optional native handling of
+ * $SSLKEYLOGFILE inside libssl, which duplicates the mod_ssl support.
+ * The mod_ssl support is hence disabled for 3.5+, unless that OpenSSL
+ * feature is itself disabled (and OPENSSL_NO_SSLKEYLOG is defined).
+ */
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) \
+    && (OPENSSL_VERSION_NUMBER <= 0x30500000L || defined(OPENSSL_NO_SSLKEYLOG))
+#define HAVE_OPENSSL_KEYLOG 
 #endif
 
 #ifdef HAVE_FIPS