Anybody thought mod_ssl already has all important features? Then you should
now grab the latest version 2.3.2 and try out the shared memory based session
cache. This is an inter-process SSL session cache residing in a
high-performane hash table which itself is placed in a shared memory segment.
Technically viewed a really interesting and nifty thing, IMHO. At least Unix
hackers will like it ;) But normal users should like it, too. Because it
should provide us with the most robust and fast session cache we can think of.
Actually I'm very pleased about the fact that I finally can provide you this
feature, because it was a _very_ long way to it (such such a long way as for
DSA/DH support, but nearly as long). Half a year ago I've already evaluated
how we can achieve such a cache, but when you're a Unix hacker you know that
shared memory is highly unportable. Because there are lots of possible and
totally different implementations.
For this in January I started to write the MM Shared Memory Library
(http://www.engelschall.com/sw/mm/) which hides all those gory details behind
a nice malloc(3) style API. And MM now _is_ portable. OTOH I needed a
high-performance hash library and found Gray Watson's `Table' library which is
of this type. The only problem was that it works on the heap. But because MM
provides a malloc(3) style API, I was able to easily convert `Table' to work
inside a shared memory segment, of course. So, voila: Merging MM and Table
together we're now able to provide a shared memory session cache for Apache in
a portable way...
When you want to use this feature you need to build Apache+EAPI with MM
library. This is documented in the mod_ssl INSTALL document. So, when you're
an old mod_ssl user, please again have a quick look at this document.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.3.2 (28-May-1999 to 08-Jun-1999)
*) Removed obsolete mca.sh script and updated cca.sh script to current
OpenSSL state.
*) Now "SSLSessionCache none" really disables _all_ caching,
i.e. including the internal OpenSSL cache.
*) Added Shared Memory based SSL Session Cache: A new "SSLSessionCache
shm:/path/to/file(bytes)" variant of the SSL session cache was added.
This uses a high-performance hash table inside a shared memory segment
to provide the fastest inter-process session cache which is possible.
For this Apache+EAPI has to be built with EAPI_MM (linked against the MM
library, the shared memory abstraction).
*) Fixed the EAPI_MM related patches to Apache's src/Configure:
The variables were overridden instead of extended.
*) Added hint to FAQ to make sure people enter the FQDN for CommonName when
generating a server certificate. Added hint to EGD to reference chapter.
*) Some more Win32 fixes.
*) Fixed a session cache problem on shutdowns.
*) Fixed mod_ssl's ``configure --with-mm=DIR''
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
Official Announcement Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
