A lot of fixed and enhancements took place between 2.1b6 and 2.1b7. The most
noticeable enhancement (as I mentioned a few days ago) is Dynamic Shared
Object (DSO) support for mod_ssl. Read http://www.apache.org/docs/dso.html for
more details about DSO and the top-level INSTALL file of mod_ssl and Apache
for installation instructions.
Also as already mentioned last time the DSO support for mod_ssl was not a
trivial change. No, actually I completely rewrote the SSL patch for the Apache
core code into a Extended API (EAPI) patch. This EAPI provides the necessary
flexibility to mod_ssl (and other modules) to both loosely couple those
modules with the Apache core code _and_ also allow loosely communication
_between_ modules. For instance when libssl.so is not loaded (LoadModule
directive) mod_proxy is not HTTPS-Client-aware. Once you load libssl.so
(without any chance for libproxy.so) you get HTTPS-Client support in
mod_proxy. Same for mod_log_config. Unless libssl.so is loaded the %{xxx}c
format is not known. Once you loaded libssl.so the %{xxx}c is available.
Please notice that this is pure _runtime_ and not _compile_ time ;-)
But now it's your turn. After Martin Kraemer and I yesterday have workaround
subtle compiler problems inside the hook mechanism it works fine. (really
interesting: under GCC passing a union and a va_list to a function results in
different values depended where the union is placed in the argument list,
etc.). What we now need is _YOUR_ feedback to make the stuff 100% stable for
2.1.0. So please grab this 2.1b7 stuff any try it out on your platform.
PS: Trung or others: It should be now possible to also build mod_ssl
as a .DLL under Win32. I've no experiences here, so I hope you
contribute a few patches to me which allows us to build mod_ssl
the same way other Apache modules are build.
BTW: With this last EAPI changes, mod_ssl now really has the correct name:
mod_ssl, i.e. it's now _really_ a stand-alone SSL _module_ ;-)
Because all SSL stuff is only done and provided here.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.1b7 (09-Oct-1998 to 30-Oct-1998)
*) Fixed DBM access stuff: An invalid argument was given by the
NDBM emulation layer of DB under FreeBSD 2.2.6.
*) Moved all Crypto/SSL stuff from mod_log_config.c, mod_proxy.c and
proxy_http.c to the new ssl_engine_ext.c file. Now SSLeay is _ONLY_
needed for linking the mod_ssl code itself. There is no more any SSLeay
symbol reference outside mod_ssl.
*) Rewrote the ap_hook mechanism to provide support for loosly coupling
modules together, too. Also support is now provided for up to 8
arguments in function signatures.
*) Added support for a SSL Product ID. To the mod_ssl/x.x.x-y.y.y
string inside libssl.version you now can append a string <product>/x.x.x
and then you get -DSSL_PRODUCT=<hex-value-of-x.x.x>,
-DSSL_PRODUCT_NAME="<product>", -DSSL_PRODUCT_VERSION="x.x.x" and a HTTP
Server field similar to this one: ``Server: Apache/1.3.3 (Unix)
MyStuff/1.0.0 mod_ssl/2.1b7 SSLeay/0.9.0b''. This can be used by RH SWS
or the other forthcoming mod_ssl based SSL product to add the version
string without patching ;-)
*) The ca-fix tool is now generated at the `make certificate' step
on-demand only because it's only needed here. And when mod_ssl is not
enabled this tool cannot be build at all (no SSLeay stuff known).
*) Created a new ssl_engine_io.c source file which now contains
all I/O and buffer related code, i.e. the new EAPI-based stuff plus
the Win32/SSLeay functions for buffer I/O.
*) Because with the help of the EAPI we were now able to add Dynamic Shared
Object (DSO) support for mod_ssl. For this the
src/modules/ssl/Makefile.tmpl, src/modules/ssl/libssl.module and
top-level configure files were adjusted.
*) Replaced SSL code inside mod_log_config.c with EAPI based
code which mainly tries to lookup mod_ssl variables. For this the
ssl_engine_vars.c stuff now exports the ssl_var_lookup() function as the
"ssl::var::lookup" hook.
*) Replaced all hard r->connection->client->ssl references with the
now loosely based ap_ctx_get(r->connection->client->ctx, "ssl").
*) SSL patches -> Generic Extended API patches:
Completely rewrote the Apache code patches: Instead of patching in SSL
specific hooks we now patch in an Extended API which provides mainly the
following new features:
- generic low-level hooks mechanism:
ap_hook_{init,kill},
ap_hook_{configure,register,unregister},
ap_hook_{configured,registered,call}
- buffer hooks:
ap::buff::{read,write,recvwithtimeout,sendwithtimeout}
- generic context mechanism:
ap_ctx_{new,set,get}
- structure context variables:
BUFF->ctx, conn_rec->ctx, request_rec->ctx, server->ctx
ap_global_ctx
- four new high-level module hooks:
add_module, remove_module,
rewrite_command, new_connection
- a new function ap_add_config_define() which does what
option -D does on the command line.
*) Added new backward compatibility stuff to ssl_engine_compat.c:
We use wildcard configuration directive handlers which are used by us to
provide backward compatibility to old obsolete directives via on-the-fly
mapping. Those wildcard handlers are an additional (patched in)
functionality inside the Apache core, of course ;-)
*) Renamed snakeoil.{crt,key} to snakeoil-ca.{crt,key} and created a real
dummy server certificate/key pair as snakeoil.{crt,key} which is now
used under `make certificate TYPE=dummy'. This fixes the recently
occured problem where Netscape rejected the dummy certificates because
they had the CA flag set.
*) Fixed CRYPTO_malloc_init() call for Win32 environment.
*) Added a small stand-alone patch.exe (v2.1) to etc/patch/ for the Win32
port. This is now used per default by configure.bat, but the user can
override it with --with-patch=FILE as under Unix. This way the patching
problems caused by incompatible patch utils should be solved.
*) Fix pathname seperators (slashes) in Win32's configure.bat script
and make configure.bat script accept also Perl 5.003 because 5.004 is
not really needed.
*) Fix `uchar' redefinition problem under AIX.
*) Now a warning is done when HTTPS is configured on a HTTP port.
*) Added configuration parameter checks for various the directives.
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]