I'll not say anything about comparisons in general, because either people can
find out the differences theirself or the differences are not actually
important for them (or they would have found it out). But a few technical
questions to Ben follow...
On Wed, May 05, 1999, Ben Laurie wrote:
> [...]
> d) Apache-SSL supports DSOs.
Are you sure, Ben? At least I still cannot image how you support DSO while
Apache-SSL still uses direct symbol references between the Apache core and the
apache_ssl module (the big "no-no" for DSO). Either you mean something
different by DSO ("DSO support" usually means an apache_ssl.so can be built
and used) or my knowledge of DSO lacks some details.
> g) The stuff about passphrases is no different to Apache-SSL [..]
That's IMHO not quite correct or I've overlooked some of your recent
developments, Ben. For instance the pass phrase dialog is reduced to a minimum
when you use lots of virtual hosts (the pass phrases are reused). And the
reason for the possibility to spawn an external program is to allow people to
plug-in smart card applications or similar stuff without patching mod_ssl. It
doesn't increase security, of course. But that's not the goal of this
feature...
> h) replacing gcache with DBM seems a backward step to me.
You've still not said "why"? Because of the DBM key/value size restrictions?
Or because of the lower access? The size restriction is actually no real
problem, because it only means some very large certificate chains cannot be
cached. The lower access might be an argument, but keep in mind that for
mod_ssl 2.3.0 I've already written a shared memory based alternative which
beats both gcache and DBM caches in performance, of course. BTW, the reason
why I've replaced gcache with a DBM approach was not performance: It was
stability.
> Also, I notice that parts of that FAQ were written by me, yet strangely
> there is no credit [...]
Correct. The reason is that you already get proper credit on more prominent
locations (even directly on the website welcome page and the README in
the distribution, etc.) for the _whole_ mod_ssl distribution (where the FAQ is
only a small part). But when you insist on some extra credit in the
FAQ-Chapter you can get it, of course. But please stop such indirect attacks,
Ben. Thanks.
BTW, "the parts of the FAQ" you speak about are actually just two little
entries: "want to run HTTP and HTTPS on the same machine. Is that
possible?" and "Why does my browser hang when I connect to my SSL-aware
Apache server?"....
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
