> From: Justin Erenkrantz [mailto:[EMAIL PROTECTED]] > > At some point, Larry Rosenman <[EMAIL PROTECTED]> excited the electrons: > > I submitted 8712 a month or more ago, and have gotten NO feedback at > > all. > > FreeBSD is packaging their version with mod_ssl. We don't include > mod_ssl with 1.3. We have no control over the configuration that > FreeBSD decides to use. I would refer back to the FreeBSD port > maintainer and help them come up with a configuration that isn't > susceptable to this problem. I'm not really sure how we can fix > this problem considering that the ASF has no control over mod_ssl > or FreeBSD's configurations that they use. The ASF distribution > does not contain <IfDefine SSL> in its default configuration. > > As a hint to the FreeBSD maintainer, the idea here is to always > load the mod_ssl library and then conditionally execute the SSL > directives. I do not believe that loading DSOs conditionally is > what we intended with the <IfDefine> construct.
Actually loading the module inside the <IfDefine> is exactly what was meant. The bug here is in apxs not FreeBSD. I considered answering this PR the same way you did Justin, but it is our problem. The problem is how apxs is adding modules. Currently, apxs looks for the last LoadModule in the config file, and just adds a new line after it. If the last module you load in your config is mod_ssl, then you are susceptible to this problem. The solution is to have a line like: #LoadModule goes here and always key off of that line. Ryan
