On Mon, Mar 29, 1999, [EMAIL PROTECTED] wrote:
> "Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
>
> > Another update is available before new features will be introduced (in 2.2.8):
> > mod_ssl 2.2.7 for Apache 1.3.6. This version mainly contains support for the
> > MSIE client workaround. Additionally some memory leaks were fixed. The next
> > version (2.2.8) will introduce shared memory support for EAPI together with a
> > high-performance shared memory based session cache (is already implemented and
> > works fine, but needs some more cleanups and testing).
>
> Would you be willing to comment on this "shared memory support for EAPI
> together with a high-performance shared memory based session cache"? Are
> you referring to the SSL session cache when you say "shared memory based
> session cache"?
Yes.
> Will there be just one shared memory pool, or will there be
> a shared memory pool per module?
EAPI provides a global shared memory segment in which modules can allocate
sub-pools (the "shared memory pools" I've announced on new-httpd). But my
mod_ssl session cache currently is based on level deeper and allocated it's
own private shared memory segment to allow a larger cache size.
> Unless there is some standard way to come
> up with session id's then there is the possiblity that modules could use
> the same session id within the same pool which would be bad.
I don't understand your problem. I think you image the shared memory pool
incorrectly. A shared memory pool in Apache is just a shared memory segment
with a malloc(3)-style API on top of it which allocates chunks inside this
segment. The session cache is then nothing more than a hash-table which
allocates it's pieces inside this shared memory segment with the
malloc(3)-style API.
So why should be there a conflict between modules? The hash table is private
to mod_ssl even when the whole shared memory segment in which it stays is
shared by all modules. Don't think that a shared memory segment is treated as
a single hash table or cache structure. The shared memory segment is the
underlaying object for a malloc-library the same way the malloc(3)-library
allocates from the heap.
> Which leads me
> to beleive that it would be nice to have a "tighter integration" between
> other modules, "the session cache" and the SSL session id. Since there is a
> good amount of assurance that this SSL session id cannot be spoofed unlike
> other methods based on cookies or some such thing. Recent events not with
> standing.
Sorry, I still don't understand the point here, too. Why do you want that
other modules should be able to access the session ids in the session cache?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
