Re: SSL stuff
On Thu, Apr 26, 2001 at 02:59:54PM -0700, Roy T. Fielding wrote: Well then, we are screwed until some people lose their attitude problem, or someone else comes along to replace them. That is nothing new. Ah. Then I misinterpreted the situation. I thought both would have liked to have it their way but only one solution should be added. The only reason the tls solution is in the code base is because one of the committers committed something rather than continue to wait until the other committers showed some evidence of life. If you or anyone else with commit access has a better solution, then commit the better solution. I have no more patience left for people who complain about the status quo when they know perfectly well how to change it and have had permission to do so since the London ApacheCon. I don't care if we have five different SSL solutions in the code base, provided they come from people willing and able to maintain them. AFAIK Ralf is working on a mod_ssl port to apache-2.0. And I noticed there is already a modules/ssl/ subdirectory present in CVS. Does that mean that Ralf is free to add mod_ssl in parallel to mod_tls, so that apache-2.0 users will have the choice between the small but sufficient and the bigger but professional SSL solution? Martin -- [EMAIL PROTECTED]| Fujitsu Siemens [EMAIL PROTECTED] | 81730 Munich, Germany
[STATUS] (apache-1.3) Fri Apr 27 06:54:39 EDT 2001
APACHE 1.3 STATUS: -*-text-*- Last modified at [$Date: 2001/04/02 09:22:02 $] Release: 1.3.20-dev: Current version. 1.3.19: Tagged and rolled Feb 26, 2001. Announced Mar 01, 2001. 1.3.18: Not released. (Pulled because of an incorrect unescaping fix. t/r Feb 19, 2001) 1.3.17: Tagged and rolled Jan 26, 2001. Announced Jan 29, 2001. 1.3.16: Not released. (Pulled because of vhosting bug. t/r Jan 20, 2001) 1.3.15: Not released. (Pulled due to CVS dumping core during the tagging when it reached src/os/win32/) 1.3.14: Tagged and Rolled Oct 10, 2000. Released/announced on the 13th. 1.3.13: Not released. (Pulled in the first minutes due to a Netware build bug) 1.3.12: Tagged and rolled Feb. 23, 2000. Released/announced on the 25th. 1.3.11: Tagged and rolled Jan. 19, 2000. Released/announced on the 21st. 1.3.10: Not released. (Pulled at last minute due to a build bug in the MPE port) 1.3.9: Tagged and rolled on Aug. 16. Released and announced on 19th. 1.3.8: Not released. 1.3.7: Not released. 1.3.6: Tagged and rolled on Mar. 22. Released and announced on 24th. 1.3.5: Not released. 1.3.4: Tagged and rolled on Jan. 9. Released on 11th, announced on 12th. 1.3.3: Tagged and rolled on Oct. 7. Released on 9th, announced on 10th. 1.3.2: Tagged and rolled on Sep. 21. Announced and released on 23rd. 1.3.1: Tagged and rolled on July 19. Announced and released. 1.3.0: Tagged and rolled on June 1. Announced and released on the 6th. 2.0 : In alpha development, see httpd-2.0 repository RELEASE SHOWSTOPPERS: RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP: * htpasswd.c and htdigest.c use tmpnam()... consider using mkstemp() when available. Message-ID: [EMAIL PROTECTED] Status: * Dean's unescaping hell (unescaping the various URI components at the right time and place, esp. unescaping the host name). Message-ID: [EMAIL PROTECTED] Status: * Martin observed a core dump because a ipaddr_chain struct contains a NULL-server pointer when being dereferenced by invoking httpd -S. Message-ID: [EMAIL PROTECTED] Status: Workaround enabled. Clean solution can come after 1.3.19 * long pathnames with many components and no AllowOverride None Workaround is to define Directory / with AllowOverride None, which is something all sites should do in any case. Status: Marc was looking at it. * Ronald Tschalär's patch to mod_proxy to allow other modules to set headers too (needed by mod_auth_digest) Message-ID: [EMAIL PROTECTED] Status: Documentation that needs writing: Available Patches (Most likely, these will not be added to the official 1.3 tree, but instead should be ported to 2.0): * A rewrite of ap_unparse_uri_components() by Jeffrey W. Baker [EMAIL PROTECTED] to more fully close some segfault potential. Message-ID: Pine.LNX.4.21.0102102350060.6815-20@desktop Status: Jim +1 (for 1.3.19), Martin +0 * Patch from C. Bottelier [EMAIL PROTECTED] to run Apache without daemonizing the parent process. PR#7040 Status: fanf +1 (except it needs docs) * Andrew Ford's patch (1999/12/05) to add absolute times to mod_expires Message-ID: [EMAIL PROTECTED] Status: Martin +1, Jim +1, Ken +1 (on concept) * Raymond S Brand's path to mod_autoindex to fix the header/readme include processing so the envariables are correct for the included documents. (Actually, there are two variants in the patch message, for two different ways of doing it.) Message-ID: [EMAIL PROTECTED] Status: Martin +1(concept) * Jayaram's patch (10/27/99) for changes to mod_autoindex Problem 1: AddIcon (alttext,icon) ^^DIRECTORY^^ and AddIcon (alttext,icon) ^^BLANKICON^^ should be able to set the alternate text and icon file for any directory/blankicon in a directory listing. This was not happening because the alternate text for ^^DIRECTORY^^ and ^^BLANKICON^^ were hardcoded to DIR and respectively. Problem 2: - IndexIgnore file-extension should hide the files with this file- extension in directory listings. This was NOT happening because the total filename was being compared with the file-extension. Status: Martin +1(untested), Ken +1(untested) * Salvador Ortiz Garcia [EMAIL PROTECTED]' patch to allow DirectoryIndex to refer to URIs for non-static resources. MID: [EMAIL PROTECTED] Status: Ken +1 (on concept), Lars +1 (on concept) * Brian Havard's patch to remove dependency of
[STATUS] (httpd-2.0) Fri Apr 27 06:54:50 EDT 2001
APACHE 2.0 STATUS: -*-text-*- Last modified at [$Date: 2001/04/26 19:08:55 $] Release: 2.0.16 : rolled April 4, 2001 2.0.15 : rolled March 21, 2001 2.0.14 : rolled March 7, 2001 2.0a9 : released December 12, 2000 2.0a8 : released November 20, 2000 2.0a7 : released October 8, 2000 2.0a6 : released August 18, 2000 2.0a5 : released August 4, 2000 2.0a4 : released June 7, 2000 2.0a3 : released April 28, 2000 2.0a2 : released March 31, 2000 2.0a1 : released March 10, 2000 DAEDALUS 2.0 PROBLEMS: * mod_cgid and suexec have a problem co-existing. suexec sees a null command string sometimes. * core dump from 20010422 /usr/local/apache2b/corefiles/httpd.core.3 #0 0x806724c in check_hostalias (r=0x81fd03c) at vhost.c:891 #1 0x8067489 in ap_update_vhost_from_headers (r=0x81fd03c) at vhost.c:978 #2 0x806fa92 in ap_read_request (conn=0x81450fc) at protocol.c:946 #3 0x805a168 in ap_process_http_connection (c=0x81450fc) at http_core.c:274 #4 0x806bc60 in ap_run_process_connection (c=0x81450fc) at connection.c:82 #5 0x806be84 in ap_process_connection (c=0x81450fc) at connection.c:216 #6 0x805fbba in child_main (child_num_arg=65) at prefork.c:807 #7 0x805fd20 in make_child (s=0x80c64fc, slot=65) at prefork.c:880 #8 0x805ffec in perform_idle_server_maintenance () at prefork.c:1021 #9 0x80603d1 in ap_mpm_run (_pconf=0x80c600c, plog=0x80f300c, s=0x80c64fc) at prefork.c:1191 #10 0x80660cd in main (argc=1, argv=0xbfbffdac) at main.c:425 #11 0x8059bf9 in _start () The input data (received in one read from TCP layer): GET /images/apache_sub.gif HTTP/1.1 Accept: */* Referer: http://search.apache.org/index.cgi Accept-Language: en-us Accept-Encoding: gzip, deflate If-Modified-Since: Sat, 02 Dec 1995 21:26:28 GMT If-None-Match: 29e60e-17c3-66972900 User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90) Host: www.apache.org Connection: Keep-Alive * core dump from 20010418 /usr/local/apache2b/corefiles/httpd.core.2 #0 0x2813a3c8 in kill () from /usr/lib/libc.so.4 #1 0x2817609e in abort () from /usr/lib/libc.so.4 #2 0x8065299 in ap_log_assert (szExp=0x80aaa60 total_bytes_left 0 tmplen 0, szFile=0x80aa2aa core.c, nLine=2555) at log.c:562 #3 0x8075227 in sendfile_it_all (c=0x81470fc, fd=0x814759c, hdtr=0xbfbff670, file_offset=1929216, file_bytes_left=261949, total_bytes_left=261949, flags=0) at core.c:2555 #4 0x80761e2 in core_output_filter (f=0x814737c, b=0x814764c) at core.c:3172 #5 0x806d227 in ap_pass_brigade (next=0x814737c, bb=0x81e80fc) at util_filter.c:240 #6 0x805e696 in check_pipeline_flush (r=0x820803c) at http_request.c:388 #7 0x805e707 in ap_process_request (r=0x820803c) at http_request.c:432 #8 0x805a1a9 in ap_process_http_connection (c=0x81470fc) at http_core.c:280 #9 0x806bc60 in ap_run_process_connection (c=0x81470fc) at connection.c:82 #10 0x806be84 in ap_process_connection (c=0x81470fc) at connection.c:216 #11 0x805fbba in child_main (child_num_arg=272) at prefork.c:807 #12 0x805fd20 in make_child (s=0x80c64fc, slot=272) at prefork.c:880 #13 0x805ffec in perform_idle_server_maintenance () at prefork.c:1021 #14 0x80603d1 in ap_mpm_run (_pconf=0x80c600c, plog=0x80f300c, s=0x80c64fc) at prefork.c:1191 #15 0x80660cd in main (argc=1, argv=0xbfbffadc) at main.c:425 #16 0x8059bf9 in _start () The input data (received in one read from TCP layer): GET /log4j/jakarta-log4j-1.1b2.zip HTTP/1.0 Via: 1.0 MDRPRXY01, 1.0 NS2 Connection: Keep-Alive User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) Host: jakarta.apache.org Accept: application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* Accept-Language: en-us,tscii;q=0.5 Referer: http://jakarta.apache.org/log4j/docs/download.html Accept-Encoding: gzip, deflate RELEASE SHOWSTOPPERS: WARNING: ALWAYS check srclib/apr/STATUS and srclib/apr-util/STATUS * threaded + cgid: apachectl graceful followed by apachectl restart results in all processes but cgid going away; parent died referencing other-child registration structures * There is a bug in how we sort some hooks, at least the pre-config hook. The first time we call the hooks, they are in the correct order, but the second time, we don't sort them correctly. Currently, the modules/http/config.m4 file has been renamed to modules/http/config2.m4 to work around this problem, it should moved back when this is fixed.rbb * Root all file systems with Directory / for
Re: [STATUS] (apache-1.3) Fri Apr 27 06:54:39 EDT 2001
Rodent of Unusual Size [EMAIL PROTECTED] writes: * Doug MacEachern's libapr - Generic Apache Request Library (Alpha) This package contains modules for manipulating client request data via the Apache API with Perl and C. Status: http://perl.apache.org/dist/ (look for the latest libapr-* file) I am not sure where this text is pulled from, but I just wanted to note that libapr works quite well for other projects as well, besides mod_perl. It's a good way of sharing cookie/form handling code between multiple projects. I replaced the code I had written in mod_dtcl with libapr, and it has worked quite well. Ciao, -- David N. Welton Free Software: http://people.debian.org/~davidw/ Apache Tcl: http://tcl.apache.org/ Personal: http://www.efn.org/~davidw/ Work: http://www.innominate.com/
Re: [martin: Cron martin@deejai2 CRONJOBS/httpd-2.0-build]
On Thu, Apr 26, 2001 at 07:00:37PM +0200, Clere Jean-Frederic FSC EP LP COM 5 wrote: The one enclosed should not break the other machines... Now mod_tls works on my machines, that is a nice test/demo tool! Committed, thanks!. Martin -- [EMAIL PROTECTED]| Fujitsu Siemens [EMAIL PROTECTED] | 81730 Munich, Germany
[STATUS] (httpd-2.0) Fri Apr 27 11:08:48 EDT 2001
APACHE 2.0 STATUS: -*-text-*- Last modified at [$Date: 2001/04/26 19:08:55 $] Release: 2.0.16 : rolled April 4, 2001 2.0.15 : rolled March 21, 2001 2.0.14 : rolled March 7, 2001 2.0a9 : released December 12, 2000 2.0a8 : released November 20, 2000 2.0a7 : released October 8, 2000 2.0a6 : released August 18, 2000 2.0a5 : released August 4, 2000 2.0a4 : released June 7, 2000 2.0a3 : released April 28, 2000 2.0a2 : released March 31, 2000 2.0a1 : released March 10, 2000 DAEDALUS 2.0 PROBLEMS: * mod_cgid and suexec have a problem co-existing. suexec sees a null command string sometimes. * core dump from 20010422 /usr/local/apache2b/corefiles/httpd.core.3 #0 0x806724c in check_hostalias (r=0x81fd03c) at vhost.c:891 #1 0x8067489 in ap_update_vhost_from_headers (r=0x81fd03c) at vhost.c:978 #2 0x806fa92 in ap_read_request (conn=0x81450fc) at protocol.c:946 #3 0x805a168 in ap_process_http_connection (c=0x81450fc) at http_core.c:274 #4 0x806bc60 in ap_run_process_connection (c=0x81450fc) at connection.c:82 #5 0x806be84 in ap_process_connection (c=0x81450fc) at connection.c:216 #6 0x805fbba in child_main (child_num_arg=65) at prefork.c:807 #7 0x805fd20 in make_child (s=0x80c64fc, slot=65) at prefork.c:880 #8 0x805ffec in perform_idle_server_maintenance () at prefork.c:1021 #9 0x80603d1 in ap_mpm_run (_pconf=0x80c600c, plog=0x80f300c, s=0x80c64fc) at prefork.c:1191 #10 0x80660cd in main (argc=1, argv=0xbfbffdac) at main.c:425 #11 0x8059bf9 in _start () The input data (received in one read from TCP layer): GET /images/apache_sub.gif HTTP/1.1 Accept: */* Referer: http://search.apache.org/index.cgi Accept-Language: en-us Accept-Encoding: gzip, deflate If-Modified-Since: Sat, 02 Dec 1995 21:26:28 GMT If-None-Match: 29e60e-17c3-66972900 User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90) Host: www.apache.org Connection: Keep-Alive * core dump from 20010418 /usr/local/apache2b/corefiles/httpd.core.2 #0 0x2813a3c8 in kill () from /usr/lib/libc.so.4 #1 0x2817609e in abort () from /usr/lib/libc.so.4 #2 0x8065299 in ap_log_assert (szExp=0x80aaa60 total_bytes_left 0 tmplen 0, szFile=0x80aa2aa core.c, nLine=2555) at log.c:562 #3 0x8075227 in sendfile_it_all (c=0x81470fc, fd=0x814759c, hdtr=0xbfbff670, file_offset=1929216, file_bytes_left=261949, total_bytes_left=261949, flags=0) at core.c:2555 #4 0x80761e2 in core_output_filter (f=0x814737c, b=0x814764c) at core.c:3172 #5 0x806d227 in ap_pass_brigade (next=0x814737c, bb=0x81e80fc) at util_filter.c:240 #6 0x805e696 in check_pipeline_flush (r=0x820803c) at http_request.c:388 #7 0x805e707 in ap_process_request (r=0x820803c) at http_request.c:432 #8 0x805a1a9 in ap_process_http_connection (c=0x81470fc) at http_core.c:280 #9 0x806bc60 in ap_run_process_connection (c=0x81470fc) at connection.c:82 #10 0x806be84 in ap_process_connection (c=0x81470fc) at connection.c:216 #11 0x805fbba in child_main (child_num_arg=272) at prefork.c:807 #12 0x805fd20 in make_child (s=0x80c64fc, slot=272) at prefork.c:880 #13 0x805ffec in perform_idle_server_maintenance () at prefork.c:1021 #14 0x80603d1 in ap_mpm_run (_pconf=0x80c600c, plog=0x80f300c, s=0x80c64fc) at prefork.c:1191 #15 0x80660cd in main (argc=1, argv=0xbfbffadc) at main.c:425 #16 0x8059bf9 in _start () The input data (received in one read from TCP layer): GET /log4j/jakarta-log4j-1.1b2.zip HTTP/1.0 Via: 1.0 MDRPRXY01, 1.0 NS2 Connection: Keep-Alive User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) Host: jakarta.apache.org Accept: application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* Accept-Language: en-us,tscii;q=0.5 Referer: http://jakarta.apache.org/log4j/docs/download.html Accept-Encoding: gzip, deflate RELEASE SHOWSTOPPERS: WARNING: ALWAYS check srclib/apr/STATUS and srclib/apr-util/STATUS * threaded + cgid: apachectl graceful followed by apachectl restart results in all processes but cgid going away; parent died referencing other-child registration structures * There is a bug in how we sort some hooks, at least the pre-config hook. The first time we call the hooks, they are in the correct order, but the second time, we don't sort them correctly. Currently, the modules/http/config.m4 file has been renamed to modules/http/config2.m4 to work around this problem, it should moved back when this is fixed.rbb * Root all file systems with Directory / for
Re: [PATCH] apxs -c -o library *.c does not work.
Uh oh! I just committed Henri's version. It fixes some deficiencies already, therefore I don't want to remove the patch again. Martin On Fri, Apr 27, 2001 at 05:43:27PM +0200, Clere Jean-Frederic FSC EP LP COM 5 wrote: I have tried: apxs -c -o mod_jk.so *.c, but the result was not the one I expect... -- [EMAIL PROTECTED]| Fujitsu Siemens [EMAIL PROTECTED] | 81730 Munich, Germany
Re: [STATUS] (httpd-2.0) Fri Apr 27 06:54:50 EDT 2001
On Fri, Apr 27, 2001 at 06:54:51AM -0400, Rodent of Unusual Size wrote: Last modified at [$Date: 2001/04/26 19:08:55 $] Release: 2.0.16 : rolled April 4, 2001 2.0.15 : rolled March 21, 2001 2.0.14 : rolled March 7, 2001 We're on 2.0.18-dev now, where's the entry for 2.0.17 gone? It's in now. 2.0.17 rolled April 17 Bill
Re: SSL stuff
Martin Kraemer wrote: On Wed, Apr 25, 2001 at 10:03:38AM -0700, Greg Stein wrote: ... I agree that mod_tls isn't an advanced module, but it is a way to remove some of the politics from the SSL modules in Apache. Bingo. We've got two camps that disagree at a basic level. Fine, they can continue with their rock throwing, and the core Apache will do its own thing independently. The SSL situation will then just disappear since Apache will simply come with a solution. I disagree completely. Neither is the Apache Group going to get to a point where the political disagreement becomes any better, nor will Apache simply come with a solution within the next years. - the mod_ssl author is not going to add any functionality to mod_tls, because he says it is an almost 1:1 copy of a OpenSSL example, which is nothing but the OpenSSL version of Hello World. Instead, he will remain in the unlucky situation where he is forced to maintain mod_ssl for apache-2.x separately. mod_tls is merely the module that implements SSL/TLS _as a filter_, and no more - the criticism makes no sense in that context. - The mod_tls author alone will never get it to a point where it is fit for professional use. That is certainly my biased opinion, because I use mod_ssl. The mod_tls author wasn't intending to, alone. - Current users of mod_ssl will demand professional quality because most of them, ehhm, *ARE* using it in professional environment. They will therefore not consider mod_tls. (I for one am maintaining the mod_ssl enhanced version of Apache for BS2000. I did consider different solutions, but they were ususable, in comparison to mod_ssl). - If both were going to collaborate on the mod_tls-to-be, the situation would be different. But it was politically unwise not to ask the mod_ssl author before the mod_tls author added mod_tls to apache-2.0. Now the situation is even worse than when both authors had their own patches, because one author has his solution *in* the server source tree, and the other author doesn't. mod_tls is not a solution - it is a small part of one, and a part that is needed by any complete one. - The remaining Apache Group members either never used SSL in the first place, or are selling mod_ssl today as a commercial product. The former are quite happy to see the RD version grow from 12kB to a professional solution (which will take years if experienced SSL developers work on it, and with experienced I do not only mean experienced programmers, but also those who have experience with making a product _fit_for_market_ like adding good documentation, making it easily configurable, robust, flexible, and the like). The latter are quite satisfied that they have mod_ssl (under a different name) in their drawers, because it means they have an advantage over the competition (which still plays with the mod_tls toy). Face it: mod_ssl IS the profesional solution, and that is the reason why other (already professional) SSL solutions for Apache-1.3 were ditched and replaced by mod_ssl (and not by Apache-SSL). mod_tls looks like the right approach, technically, but why not add mod_tls to mod_ssl, which gives us (and the world) a world-class SSL server based on the World-class HTTP server? That could be a basis where collaboration would make sense, and other mod_ssl/Apache-SSL users could help us iron out any 2.x related things. But starting from scratch is IMHO not the way to get mod_tls up and running within the next 2 years. I'm going to amaze everyone by agreeing - I don't think there are enough people interested to make this approach work. Furthermore, I'm also quite happy to start from a ported mod_ssl as a basis (yes, really). I would also like to stop supporting Apache-SSL, and I can only do that if there's decent SSL support that I can work on in Apache. I agree that mod_ssl is favoured, for whatever reason, and therefore I will now agree to not oppose its inclusion in Apache. However, it really should use the filter in mod_tls to do the SSL - that was actually considerably hard to get right. And there's a bunch of other stuff that should be done to make SSL support properly modular. I'm happy to work with Ralf to make that happen, if the result will belong to the ASF. Cheers, Ben. -- http://www.apache-ssl.org/ben.html There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff ApacheCon 2001! http://ApacheCon.com/
Re: SSL stuff
On Fri, Apr 27, 2001 at 09:22:51AM -0400, Jim Jagielski wrote: ... I don't think we (the ASF) should take any sort of position is which is the better choice, or even make editorial statements regarding the various solutions though :) If it is in our tree, then we damn well better be making an editorial statement. Outside our tree (e.g. ApacheSSL vs mod_ssl), then you're absolutely right. Cheers, -g -- Greg Stein, http://www.lyra.org/
Re: cvs commit: apache-1.3/src/ap ap_snprintf.c
In article [EMAIL PROTECTED] you wrote: [...] Make ap_snprintf() more robust against border situations with floating point numbers. The patch adds handling for nan and inf only for %f, %e and %E. What about %g abd %G? I think the same checks should be applied to them, too. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com
Re: global pools
On Thu, Apr 26, 2001 at 09:29:47PM -0700, Roy T. Fielding wrote: ... Is there some reason that apr can't give us the global pool, or allow us to give it the global pool? I can't think of one, so I'd be fine with seeing apr_initialize() return a global pool. Cheers, -g -- Greg Stein, http://www.lyra.org/
Re: Some mod_tls questions
Graham Leggett wrote: Hi all, I want to be able to insert the mod_tls filters at the relevant places in the proxy so as to support backend TLS to https:// and ftps:// URLs. Trouble is, the sense of the certificates will be the other way around - I would need to specify a set of root certificates instead of a single cert/key combination. Is this the case? Or can I put in a set of root certs where the cert/key pairs are? Sorry for the delay - the intent of mod_tls is to provide filters for all SSL/TLS use in Apache - however, it is more subtle than you think - SSL is not symmetric, so several things have to be done differently when you are using it for a client as opposed to when it is being used as a server. One thing is the certs, another is the SSL method (a thing that is internal to OpenSSL - chooses client or server and SSL version) and, of course, the client initiates the connection instead of accepting an incoming one. mod_tls should provide the functionality for either direction (much of it is common), but currently doesn't - I'd suggest we think about this when the (anticipated) flurry of work that's about to happen dies down, if that's OK with you. Cheers, Ben. -- http://www.apache-ssl.org/ben.html There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff ApacheCon 2001! http://ApacheCon.com/
Re: thread locking within apr file io
Paul J. Reder wrote: Greg Ames wrote: It would be great if somebody could beat it up on a live non-FreeBSD system, and tell us what happens. I'll run it through my battery of abuse tests tonight. If it survives the carnage then we'll be in good shape. After running the threaded mpm through a variety of abuse tests it seems to be running fine except in two cases. Startup, SIGWINCH, and normal request processing under a variety of loads run as expected. Problem 1: SIGHUP and SIGTERM take a few seconds to clear out the workers, then takes an additional 20 to 30 seconds to clear out the server processes. After the 20-30 second delay it does what it is supposed to (restart or shutdown). I am looking into the reason for the delay. During the 20-30 second delay after the SIGHUP the server does not serve any pages until it restarts. Once it restarts, it performs normally. Problem 2: The problem related to perform_idle_server_maintenance still exists. This is as expected since we haven't done anything to fix it yet. I did experience one anomaly which I cannot reproduce. At one point while testing SIGHUP and SIGWINCH under mild load I ended up with 1300+ workers (noticeably higher than the configured 10*32 max). Apache was still spawning more when I checked and killed it. All of the server processes were owned by pid=1, all of the workers were owned by their respective server process. The main Apache process was still intact. There was nothing interesting in the log. Try as I might I could not get it to happen again, so I must assume it has something to do with the Indian Burial ground that my house was built on (**insert suitably spooky music here**). All in all (except for the delay) threaded mpm works well. Feel free to bang on it. It should perform well with a suitably high (but not 0) MaxRequestsPerChild setting (perhaps 5). Good luck all. -- Paul J. Reder --- The strength of the Constitution lies entirely in the determination of each citizen to defend it. Only if every single citizen feels duty bound to do his share in this defense are the constitutional rights secure. -- Albert Einstein
Re: Minor security issue in httpd.conf - .your_domain.com
Dale Ghent wrote: Besides, I believe that most DNS servers (at least later versions of BIND) reject hostnames which have underscores (_) in them as non-legal characters in DNS. That is what I thought, too, but I received som spam to-day which included a hostname with an embedded '_' -- and I was able to follow the link to that page.. here it is: URL:http://recycler_1.tripod.com/recyclersguide/. -- #kenP-)} Ken Coarhttp://Golux.Com/coar/ Apache Software Foundation http://www.apache.org/ Apache Server for Dummies http://Apache-Server.Com/ Apache Server Unleashed http://ApacheUnleashed.Com/
Re: thread locking within apr file io
Paul J. Reder wrote: Greg Ames wrote: It would be great if somebody could beat it up on a live non-FreeBSD system, and tell us what happens. I'll run it through my battery of abuse tests tonight. If it survives the carnage then we'll be in good shape. After running the threaded mpm through a variety of abuse tests it seems to be running fine except in two cases. Startup, SIGWINCH, and normal request processing under a variety of loads run as expected. Problem 1: SIGHUP and SIGTERM take a few seconds to clear out the workers, then takes an additional 20 to 30 seconds to clear out the server processes. After the 20-30 second delay it does what it is supposed to (restart or shutdown). I am looking into the reason for the delay. During the 20-30 second delay after the SIGHUP the server does not serve any pages until it restarts. Once it restarts, it performs normally. Couldn't this just be a variation of problem 2? Threads will not go away until the connection closes. Could instrument the join code to see if it is worker threads hanging around. Bill
Re: [PATCH] get threaded MPM to terminate
On Wed, 25 Apr 2001, Roy T. Fielding wrote: replacement works better than what we have now in CVS. The claim that the pipe of death is somehow better than 1.3 signals is just wrong. if you use signals then you have a requirment that all libraries linked with httpd be signal safe. good luck. -dean
Re: global pools
i suppose pcommands data could be allocated in pglobal instead... -dean On Thu, 26 Apr 2001, Roy T. Fielding wrote: Once upon a time, httpd would create a global pool as the result from alloc_init and use that pool as the parent of almost all of the other pools (I say almost only because there is one pcommands pool that was separate, though I don't know why). Now, httpd tells apr to initialize itself and alloc, but doesn't get the global pool in return. httpd then needs to create other global pools. I think this is leading to cases where the proper cleanups are not being done, but its a little hard to tell because there isn't much in the way of continuity (pools are created in subroutines, assumed to exist at a higher level, and then destroyed in other places). Yuck. Is there some reason that apr can't give us the global pool, or allow us to give it the global pool? Roy