Greg Ames wrote:
please see rev. 558039. requests_this_child does not need to be 100% accurate.
the cure below is worse than the disease.
Greg
-requests_this_child--; /* FIXME: should be synchronized - aaron */
+apr_atomic_dec32(requests_this_child); /* much slower than
sebb wrote:
On 14/06/07, Dmytro Fedonin [EMAIL PROTECTED] wrote:
Looking through 'server/mpm/worker/worker.c' I have found such a
combination of TODO/FIXME comments:
1)
/* TODO: requests_this_child should be synchronized - aaron */
if (requests_this_child = 0) {
2)
requests_this_child--; /*
William A. Rowe, Jr. wrote:
Darryl Miles wrote:
Your thinking is correct there is a problem. Those OpenSSL functions
are not documented in my man page but exist in the library. Yes there
is a read-test-write race window by using those APIs alone.
Nope. This is set when the server process
Frank wrote:
Joe Orton wrote:
On Wed, Dec 06, 2006 at 06:20:55PM +, Darryl Miles wrote:
[...]
Is there an API to get the current value ?
Yes, CRYPTO_get_locking_callback/CRYPTO_get_id_callback.
[...]
I already know that this functions exists. But what if my module gets
inited before
Frank wrote:
William A. Rowe, Jr. wrote:
Nick Kew wrote:
[...]
An SSL_CTX can't be cross-threaded. If the scope of use of that CTX is
restricted to one thread at a time, then yes, OpenSSL has been threadsafe
for a very very long time.
You mean if I were able to create one SSL_CTX for every
Nick Kew wrote:
Unless OpenSSL nomenclature is rather confusing here, an SSL_CTX
sounds like the kind of thing you would instantiate per-connection
or per-request. Does your module act on a request or a connection?
Maybe a bit of background reading and examination of reference
Jeff Trawick wrote:
I know... that's why I asked :)
We're up to two great answers to disable some output from the server
that isn't required by the HTTP protocol anyway:
1) modify the source
2) install third-party module
ROFL. Please add to the list:
3) Start a new apache-httpd fork.
Frank wrote:
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init ( ctx);
EVP_EncryptInit ( ctx, EVP_bf_cbc (), key, iv);
EVP_EncryptUpdate ( ctx, outbuf, olen, inbuff, n);
EVP_EncryptFinal ( ctx, outbuf + olen, tlen);
Because 'EVP_CIPHER_CTX_init' is 'slow', I want to call it once! (Yes! I
can call it
Joe Orton wrote:
What I do with OpenSSL in neon is to check that the existing callback is
NULL before registering a new callback; and likewise to check that the
ID callback is the one neon previously registered before un-registering
it later. If everybody did that it would be relatively safe.
Mads Toftum wrote:
+1 - looking at the number of IIS targeted worms that keep hitting my
apache installs seem to suggest that obscuring the server name will at
most lead to a false sense of security. Besides, if you really care, I'm
pretty sure it wouldn't be all that hard to guess what server
Joshua Slive wrote:
noteSetting directiveServerTokens/directive to less than
codeminimal/code is not recommended because it makes it more
difficult to debug interoperational problems./note
And my +1 isn't very strong. I have no problem with saying that this
small bit of advertising is the tiny
Henri Gomez wrote:
Well you we always indicate some sort of CPU power for a remote (a sort
of bogomips) and use this in computation.
Why should the CPU power matter, what if the high power CPU is getting
all the complex requests and the lower power CPU is ending up with
simple request
Henri Gomez wrote:
The TomcatoMips indicator was just something to tell that it's not the
raw CPU power which is important, but the estimated LOAD capacity of
an instance.
But its still apache working out TomcatoMips. I think that approach is
still flawed.
I'm saying only the server end
I'm interested in your comments (good and bad) on implementing a new
option to ProxyPass which would make apache perform a redirect when the
proxy server or balancer cluster is not available. This minics the same
functionality of a dedicated hardware load balancer by issuing a HTTP
redirect
14 matches
Mail list logo
