Together with Trung Tran-Duc <[EMAIL PROTECTED]> I've ported
mod_ssl 2.1b to the Win32 platform (Windows 95/98/NT) over the last two weeks.
It's not such easy under Win32 to install an SSL-aware Apache as under Unix
(you need for than 15 minutes ;-), but we tried hard to both resembly the Unix
configure mechanism of mod_ssl and to provide a INSTALL.W32 document with lots
of details. Now the most complicated part in installing is actually SSLeay and
not Apache/mod_ssl...
So, when you're running Apache also under Win32 (I assume Unix is your
platform of choice and Win32 is only an _additional_ one) then you now can add
SSL functionality to it, too. In other words: when you've a Win32 Apache
environment available, _PLEASE_ try it out and give us feedback.
On the Unix side there is the upgrade to Apache 1.3.2, various forward ports
from the 2.0 branch and some cleanups.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.1b5 (17-Sep-1998 to 01-Oct-1998)
*) Created a configure.bat script which tries to resemble the
Unix configure script. Enhanced the INSTALL.W32 document.
*) Incorporated the third feeback for the Win32 port from
Trung Tran-Duc <[EMAIL PROTECTED]>.
*) Incorporated the second cut of the Win32 port from
Trung Tran-Duc <[EMAIL PROTECTED]>. Now the buffer code is
finally SSL-aware and a Makefile.nt is provided to build the mod_ssl
sources into a DLL.
*) Replaced some ugly hacking for SSL_CLIENT_CERT_SERIAL
by a more safe and straight-foreward BIO based approach.
Additionally replaced BIO_ctrl stuff with BIO_pending.
*) Use a more graceful shutdown approach when the SSL handshake
or re-negotiation fails instead of immediately dropping the socket
communication.
*) Cleaned up the log messages and levels.
*) Fixed the "SSLVerifyType optional_no_ca" situation: The situation
has to be checked against more SSLeay errors, because under SSLv3
certificate chain loading leads to the presentation of the client CA
certs, too. Here SSLeay gives different errors.
*) Replaced the first cut of the `Recognize HTTP to HTTPS port' stuff with
the real (=clean) variant which doesn't use SSLeay internal hex values,
etc.
*) Upgrade from Apache 1.3.1 to Apache 1.3.2
*) Forward-port from 2.0 branch:
Changed HTTPS support in mod_proxy: the ap_proxy_http_handler() function
is (illegally because of DSO, of course) called used by third-party
modules (like Apache::Proxy). So make make sure we don't change the
signature of this function.
*) Forward-port from 2.0 branch:
Added answer to FAQ `Why is client auth broken after upgrading from
SSLeay 0.8 to 0.9'. Because of the changed hash algorithm used for the
symlinks.
*) Forward-port from 2.0 branch:
Now when `make certificate TYPE=custom' is used the generated
ca.crt/ca.key files are installed, too.
*) Forward-port from 2.0 branch:
Make sure mkcert.sh removes temporary files after work.
*) Enhanced the ssl.crt/Makefile: now <hash>.N extensions are
created when conflicts occur and not only <hash>.0
*) Included a first cut of a port to the Win32 platform by
courtesy of Trung Tran-Duc <[EMAIL PROTECTED]>. Up to know
these are only source changes to make it compile under Win32. No support
for the build process itself (Makefiles, etc.). But the port already
runs on Trung's Windows NT box.
*) Forward port from 2.0 branch:
Enhanced the INSTALL file: Now an example section describes the
installation with mod_perl and PHP3. Beside this some bugs were fixed
and some more NOTEs were added.
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
