Guenter Knauf wrote:
> would be really great if I could get some votes on the gen_test_char
> change - it doesnt alter code for any other platform, but only makes it
> possible to decouple gen_test_char from APR with a define so I'm able to
> build a native version of it when cross-compiling:
> ht
Nick Kew wrote:
> I've updated the trunk patch in the light of your
> comments in r795642.
>
> If you're happy with that, feel free to apply the
> same additional patch to the backport proposal
> and carry my +1 across.
>
> I won't revisit STATUS until we've had time for
> your reaction, and any
Plüm, Rüdiger, VF-Group wrote:
> Haven't thought this through but from a first glance it makes sense that
> the next provider can continue if the first one had a fatal error.
+1.
Regards,
Graham
--
smime.p7s
Description: S/MIME Cryptographic Signature
Akins, Brian wrote:
> This is how I envisioned the async stuff working.
>
> -Async event thread is used only for input/output of httpd to/from network*
> -After we read the headers, we pass the request/connection to the worker
> threads. Each request is "sticky" to a thread. Request stuff may b
Paul Querna wrote:
> It breaks the 1:1: connection mapping to thread (or process) model
> which is critical to low memory footprint, with thousands of
> connections, maybe I'm just insane, but all of the servers taking
> market share, like lighttpd, nginx, etc, all use this model.
>
> It also pre
Paul Querna wrote:
> Yes, but in a separate process it has fault isolation.. and we can
> restart it when it fails, neither of which are true for modules using
> the in-process API directly -- look at the reliability of QMail, or
> the newer architecture of Google's Chrome, they are both great
> e
Paul Querna wrote:
> Nah, 90% of what is done in moduels today should be out of process aka
> in FastCGI or another method, but out of process. (regardless of
> MPM)
You're just moving the problem from one server to another, the problem
remains unsolved. Whether the code runs within httpd spa
Paul Querna wrote:
> Can't sleep, so finally writing this email I've been meaning to write
> for about 7 months now :D
>
> One of the challenges in the Simple MPM, and to a smaller degree in
> the Event MPM, is how to manage memory allocation, destruction, and
> thread safety.
>
> A 'simple' exa
Dirk-Willem van Gulik wrote:
> So what we did in the mid '90 when we where hit by pretty much the same
> was a bit simpler - any client which did not complete its headers within
> a a few seconds (or whatever a SLIP connection over a few k baud or so
> would need) was simply handed off by passing
Rich Bowen wrote:
>
> On Jun 4, 2009, at 22:53, Graham Leggett wrote:
>
>>> This approach doesn't require any changes to httpd itself as the
>>> ability to do this becomes a feature of just the module supporting
>>> that scripting language, eg, mod_lua.
Graham Dumpleton wrote:
> Since you are talking here about runtime decisions based on a specific
> request, rather than auto generation of the static configuration in
> once off phase, it almost sounds like all you need is a way of having
> the lua code which would be associated with a specific ha
Brian McCallister wrote:
> I would like to see the *output* of configuration be a struct (of
> structs), and the actual config files are never looked at again (until
> reload). At that point we don't need to care how it is built, and we
> can try using lua, vcl, xml, jelly, groovy, windows ini fil
Akins, Brian wrote:
>> This does IMHO not address any of the problems users usually have and
>> that are mainly due to a lack of validation.
>
> First of all, I don't really care about "normal" users, to be honest. Admit
> it, I'm not the only one. However, I do know that we can't just break
> e
Jim Jagielski wrote:
> Well, that's the question, isn't it? I can't align the idea
> of trunk being a candidate for 2.4 and trunk being a place for
> people to experiment...
>
> What do we want 2.4 to be and do. And how.
>
> Once we define (and agree) to that, we know how close (or far)
> trunk
Jim Jagielski wrote:
> I'll stop worrying about 2.2 when 2.4 comes closer to being a reality.
>
> Not saying that releasing 2.4 isn't worth it, but there have been stops and
> starts all along the way, and I think we need to be clear on what we
> expect 2.4 to be. Until then, we have no clear def
Paul Querna wrote:
> Stop worrying about 2.2, and just focus on doing it right -- then ship
> 2.4 in 3-4 months imo, trunk really isn't that far off from being a
> decent 2.4, it just needs some cleanup in a few areas. It has already
> been 3.5 years since 2.2.0 came out, its time to move on in my
Paul Querna wrote:
> Using this structure, you can implement a dynamic load balancer
> without having to modify the core. I think the key is to _stop_
> passing around the gigantic monolithic proxy_worker structures, and go
> to having providers that do simple operations: get a list, sort the
> l
Xavier Beaudouin wrote:
> My module is a mass virtual hosting system. It take data from ldap /
> database uppon http request and point DocumentRoot in the correct place.
>
> I need some stuff to cache Host vs DocumentRoot into memory for a small
> amount of time... eg about 10 minutes should be v
Xavier Beaudouin wrote:
> I am the developper of mod_vhs and I wish to use mod_memcache as caching
> engine for my module.
>
> Is there any users of mod_memcache because I really like to see how I
> can use this code into my module.
>
> By the way, I really like to drop my libhome stuff and use
Torsten Foertsch wrote:
I did and, frankly, it is not the solution I was looking for. One has to
define a max. body size to be kept. The body is kept in RAM which can
be a problem unless KeptBodySize is rather small. So I developed my
patch further.
It defers now the ap_discard_request_body
William A. Rowe, Jr. wrote:
I have essentially finished mod_remoteip at this point and am looking
to find out the interest level of adopting this as a core module into
trunk (modules/metadata/ appears to be the most appropriate target)?
+1.
I had to code up a similar feature recently in somet
Paul Querna wrote:
mod_watchdog is the latest offender in a series of modules that expose
additional functions to the API. (mod_proxy and mod_cache do too!)
What happened to all functions that are not inside server/* must be
either dynamic optional functions or hooks?
Doesn't anyone remember t
Paul Querna wrote:
I'm looking at the API exposed by mod_watchdog.h, and its not quite
feeling right.
If we want this to be an API used easily, I think we should just make
them proper timers (ie, run function X in singleton in 10 seconds),
and when the timer finishes, it can re-register -- this
Paul Querna wrote:
no, this is just a utility module, which tells you where other members are.
second, mod_backhand has never been ported to 2.x, and it does allow
you to autoconfigure on cloud-enviroments, which mostly do not have
private VLANs for multicast.
I'm trying to keep it as a simple
Paul Querna wrote:
The (vaporware) solution: mod_cloudbeat automatically finds all of your nodes,
both front end load balancers and backend application servers. All load
balancing is completely configurationless if using mod_serf -- you just
turn on a new application server instance, and mod_cl
Paul Querna wrote:
- Much simpler configuration than mod_proxy, using location blocks
(or locationMatch), rather than ProxyPass' hacking of URI stuff way
earlier.
Proxy is also able to do that. :)
I agree, it is a better way to express the configuration.
Example configuration:
SerfCluster
Dingwell, Robert A. wrote:
Getting to Step Two means that it found an address and Step Two itself is
going to attempt to make the initial connection to that address. My issue
then comes into play where the address of a server is known but the server
could refuse the connection on a particular p
Torsten Foertsch wrote:
I need the include virtual directive to be able to issue POST requests.
It should pass the request body to the subrequest. So I came up with
the attached patch.
It allows to write
or
I think the patch is right so far but I wouldn't mind if some more
experience
Kevac Marko wrote:
There are some bugs in non-threaded build. I am fixing them right now.
Another quick request: is it possible to update the apr_dbd end user
documentation to show the additional container directive, and to explain
how the module should work?
Regards,
Graham
--
smime.p7
dreamice wrote:
I configured the Apache cache mode by following the httpd document sample.
My configure is:
CacheEnable mem /
CacheRoot /home/alex/apache/logs
MCacheSize 4096
MCacheMaxObjectCount 1000
MCacheMinObjectSize 1
MCacheMaxObjectSize 2048
MCacheRemovalAlgorithm "LRU"
Unfortunatel
Alfonso Ruzafa Molina wrote:
I noticed Apache uses autotools to be built. Since "uninstall" is a standard
target in autotools, why that isn't available? It's seems like it would be
override deliberately. Sometimes when by mistake I use --prefix=/usr and the
files are installed in that path I jus
Matthew Rushton wrote:
Hi,
Anyone know of any uri query string encoding/decoding functions that
exist to module writers. I'm about to write my own which should be
simple enough just didn't want to reinvent the wheel. I couldn't find
any that existed. Thanks!
One of these should do the tric
Pranav Desai wrote:
I am trying to setup Apache 2.2.9 as a transparent proxy. So that the
users don't have to configure their browsers. Now the URLs coming in
are relative for transparent proxy, so normally apache tries to look
it up on the filesystem and it obviously fails. So I added a
Rewrite
Brian Akins wrote:
I was looking to do the same thing to mod_memcache (which should be imported
into trunk, IMO...)
Would it make sense for mod_memcache to become a provider beneath
mod_socache, or am I missing something?
Regards,
Graham
--
smime.p7s
Description: S/MIME Cryptographic Sign
Kevac Marko wrote:
Thus old functions and old configuration is preserved.
What so you think?
That sounds to me like it would be safe to backport such a thing to
v2.2. +1.
Regards,
Graham
--
smime.p7s
Description: S/MIME Cryptographic Signature
Jon Grov wrote:
Our current workaround is to run two reverse proxy-instances, one which
provides authentication (on port 80) and another providing cache (on port
7920, which is only accessible from within PROXY). A request then
first hits the authentication proxy on port 80, and if valid, is
for
Ruediger Pluem wrote:
Have a look at
http://svn.apache.org/viewvc?view=rev&revision=649162
http://svn.apache.org/viewvc?view=rev&revision=649791
This needed an MMN bump though, so it won't work for v2.2. :(
Regards,
Graham
--
smime.p7s
Description: S/MIME Cryptographic Signature
Hi all,
According to the method signature for the quick_handler hook, an int
field called "lookup" is passed.
According to the API docs, the "lookup" field is described as: "Controls
whether the caller actually wants content or not. lookup is set when the
quick_handler is called out of ap_su
Brian McCallister wrote:
So, in mod_lua I need to get the apr pool associated with the current
thread (that being the main thread if in prefork).
What about the process_rec structure?
In other words, r->server->process->pool?
(Not sure if this is what you are looking for, but a quick glance
Ruediger Pluem wrote:
This seems to be a very valid concern to me. Plus in the parent it runs with
root
privileges and we should minimize the code that runs with these privileges, even
more so as an author of code that uses the watchdog may not really be aware that
its code is running under roo
Mladen Turk wrote:
I would like to commit this module to trunk.
It's a watchdog module that creates a worker threads
either in parent, child via an API, and it's not for
standalone use, but for other module usage like
mod_heartbeat, probably mod_jk and others that need
maintenance threads.
The
Kevac Marko wrote:
Once again I want to propose patch for mod_dbd module. This patch make
possible to use more than one database pool.
One of the things I needed to do earlier today was determine whether
mod_dbd could support more than one database pool, this patch answers
that question.
A
Hracek, Petr wrote:
Because of I am a begginer with bucket and brigades
Is there any short example how to send simple string to the client?
I've found some examples but it were a pretty complicated for me.
E.g. http://www.apachetutor.org/dev/brigades
Go through the underlying bucket brigade
Hracek, Petr wrote:
Thanks for the question about replacement of ap_*_timeout.
When the ap_soft_timeout and ap_rwrite are called in Apache 1.3
I've never inserted HTML tags like etc.
They were inserted automatically?
Is it necessary to include HTML tags to buffer which is sent to the Client s
Hracek, Petr wrote:
I am migrating apache module from version 1.3.41 to version 2.2.3
All seems to be OK but only one thing remains as not working and I have no idea
how to solve
it in Apache 2.2.
In the version 1.3.41 I used to following code for sending data to client:
ap_soft_timeout ("TE
Joe Orton wrote:
Making sure that mod_ssl's existing access control options work
correctly in an SNI configuration is the critical item (and has proven
to be non-trivial), otherwise it opens up security holes.
Kaspar Brand did a bunch of great work on this last year; I have not had
time to f
Tanel Unt wrote:
So far i've learned that i should call
/void ssl_scache_remove(server_rec *s, UCHAR *id, int idlen)
/in mod_ssl code somehow but i don't know how or when. Extension modules
like mod_python etc. won't allow me so a direct hack of apache code is
required. The applications can di
Gervase Markham wrote:
Short version: I am hoping to find out what the problems are with the
trunk version of TLS/SNI, how they can be fixed, and what the chances
are of a backport to 2.2.
According to STATUS:
+1: fuankg
+0: like ssl upgrade of 2.2, perhaps this is a good reason t
Paul Querna wrote:
Vote closed with one -1, and no other votes.
I guess 2.3.1 was DOA.
I think the issues that killed it have been fixed in trunk. Thoughts on
starting 2.3.2 early next week?
+1 :)
Regards,
Graham
--
smime.p7s
Description: S/MIME Cryptographic Signature
rj...@apache.org wrote:
URL: http://svn.apache.org/viewvc?rev=730717&view=rev
Log:
Add a header check for apr_ssl.h to mod_session_crypto.
The modules needs the header which is at the moment
only part of the ssl-evp branch of APR.
I have just finished updating session_crypto to depend on the
Rainer Jung wrote:
It works for me on Solaris. Those symbols (without the leading
underscore) are referenced indeed by ab.c, but they should be in your
libcrypto (BIO*) resp. libssl (SSL*).
Are you sure, that the libraries libcrypto and libssl can be found? Are
they in
/Users/minfrin/src/ap
Hi all,
I am currently struggling to build httpd-trunk, the build of ab fails
with undefined symbols as below. Is this broken for anyone else, or have
I done something dumb?
/tmp/httpd-trunk//build-1/libtool --silent --mode=link gcc -g -Wall
-Wmissing-prototypes -Wstrict-prototypes -Wmissing
Pranav Desai wrote:
Yeah, the application changes are restricted to a few lines. I believe
you mean the connect_backend() and not the proxy_connect module for
the CONNECT method ?
I did yes, sorry.
If this can be made available to all the proxy modules in one go, it
would be ideal.
Regards
Pranav Desai wrote:
I am trying to add tproxy4
(http://www.balabit.com/support/community/products/tproxy/) support to
the mod_proxy to achieve transparency. It basically involves a kernel
patch which allows binding of a socket to foreign address among other
things. At the app layer we only need
Graham Dumpleton wrote:
Given that there could be a class of such scripting language modules
over time, why not:
mod_script_lua
to make it more clear for what purpose it may be. Then fits in with
auth and proxy related modules having common prefix.
+1.
Regards,
Graham
--
smime.p7s
Descr
Paul Querna wrote:
Here is an example python script that can act as a server for this:
http://people.apache.org/~pquerna/fdrecv.py
Run it:
$ python fdrecv.py -p /tmp/helloworld
And in your config file:
ProxyPass /test fd:///tmp/helloworld
Comments :-) ?
This is very cool :)
Docs?
Regards,
Henning Schmiedehausen wrote:
If that is the reason that e.g. the Velocity site broke, I am +1 for
rolling this back to a known stable 2.2.x version.
Our production sites IMHO shouldn't be guinea pigs for -alpha versions.
If we don't trust our own software to run in production, who else will?
William A. Rowe, Jr. wrote:
IMHO, that's the difference between having a dialog and having something
in hand to comment on. With the .0-alpha tarball, people could make a
specific comment, such as [T +10 days from now]...
Am I right in understanding that it remains possible to make changes to
Ruediger Pluem wrote:
+/* pass flush and metadata buckets through */
+if (APR_BUCKET_IS_FLUSH(e) || APR_BUCKET_IS_METADATA(e)) {
This is redundant as flush buckets are metadata buckets :-).
+APR_BUCKET_REMOVE(e);
+APR_BR
Ruediger Pluem wrote:
Thanks for clarification. Nevertheless we should make it more clear in the
documentation that this module can make performance worse if used in the
wrong context, e.g. with static files. Otherwise users might think that
buffering files via mod_buffer could be a cool perform
Ruediger Pluem wrote:
Not that much time has passed since we released 2.2.10 (one month), but
I would like to see a release of 2.2.11 in the near future.
+1.
Release early, release often.
Regards,
Graham
--
smime.p7s
Description: S/MIME Cryptographic Signature
Ruediger Pluem wrote:
+/* Do nothing if asked to filter nothing. */
+if (APR_BRIGADE_EMPTY(bb)) {
+return ap_pass_brigade(f->next, bb);
+}
Hm. This changes the order in which we sent the brigades (provided we have
already buffered something).
I am not sure if this causes a
harish kulkarni wrote:
We are planning to use apache in forward proxy mode, but in case the
server response has latency of 2+secs.. we see that to support high
traffic say 5K/sec we require huge number of threads. We see a huge CPU
usage...
Just to take an example to support 3K req/secs we ha
Paul Querna wrote:
Of course, I think everyone should look at the mod_wombat stuff, since
my personal intention is to import it for 2.4 to the core :-)
Sell this idea to me.
When you say "in the core", do you mean "in the /server directory in the
source", or do you mean in "modules/wombat"?
Joe Orton wrote:
What is the problem at all?
mod_proxy_http uses a a conn_rec to communicate with the backend. It somehow
reverses
the meaning of input and output filters and uses them to send the request and
receive
the response. In order to use persistent SSL connections to the backend it i
Paul Querna wrote:
delete them.
if they need them, they can go find them in old svn branches and use apxs.
it should be HARD to use server side image maps now days.
you could say, let it die.
but i prefer, help it die.
+1.
Regards,
Graham
--
smime.p7s
Description: S/MIME Cryptographic S
Paul Querna wrote:
Its trunk, it better be unstable or we are doing something wrong.
Thats why I think we should delete prefork, worker, event, threadpool,
perchild, and leader MPMs.
Since when was instability a design goal of ours? :)
When simple proves itself better than worker and prefor
Justin Erenkrantz wrote:
I think MPMs are a design mis-feature. The fact that the same
directive value can be (and is!) interpreted in non-uniform ways by
different MPMs bugs me to no end. -- justin
That is a flaw in the MPMs themselves (overloading a term is evil I
agree), but not in the M
Marc Noirot wrote:
What about going one step further and using a tool
able to generate Makefiles and IDE files for [name some of your favorite IDEs] ?
+1.
Binding httpd to one IDE significantly reduces the developer audience,
it would help a lot if Windows could have the same autoconf abilit
Paul Querna wrote:
I don't think the intention would be to use a single process on Unix --
we would still spawn multiple children -- they would just be created
using fork+exec of the httpd binary, rather than just fork.
This doesn't make sense - fork is far more efficient than fork+exec, we
Paul Querna wrote:
FWIW, I don't believe in latest and greatest linux distro as a good
measure, but I do believe that there are only a few platforms that we
should make design decisions around:
- Linux 2.6
- FreeBSD 7
- Solaris 10
- Windows Vista
If something is *fast* or *good* and can be do
Paul Querna wrote:
One of the things I would like to do on the Simple MPM is unify how
child processes are created on win32 and unix.
On Win32, there is no fork, so roughly speaking what the current winnt
MPM creates a new process, and feeds the configuration over a pipe to
the new child.
Paul Querna wrote:
What is on purpose:
- SimpleProcCount and SimpleThreadCount. I hate MaxClients,
MinSpareThreads, MaxSpareThreads, ThreadsPerChild, ThreadLimit,
StartServers, StartThreads, and ServerLimit. They are all going to die
in 2.4.
Simplification is good :)
How will the simple M
Ruediger Pluem wrote:
The following patch should fix the above thing. Comments?
Index: server/core_filters.c
+1.
Regards,
Graham
--
smime.p7s
Description: S/MIME Cryptographic Signature
Jim Jagielski wrote:
Except we don't enforce an upper limit at all... That's
the point :)
I don't see any point in enforcing an upper limit - if I want a 1MB
buffer size, and I have enough RAM, there is no real reason I can see
why I shouldn't have it.
If the ajp protocol limits this to 64
adrian golding wrote:
hi, i want to modify apache such that when the httpd.conf file is being
opened, i would measure the configuration file as part of integrity
checking.
You're looking for the httpd -t option. A full list of options can be
obtained by saying httpd -help.
Regards,
Graham
Hi all,
I have just been picking apart the way that environment variables are
handled at config time within httpd, and there seems to be some
overloading on concepts that has caused some confusion.
There are two environments within httpd, the first is the read only
system environment that is
Jim Jagielski wrote:
I thought that was the concern; that the pool wasn't released
immediately. If you disable reuse, then you don't need to
worry about when it is released... or I must be missing something
obvious here :/
Whether the connection is released and returned to the pool (when pools
Akins, Brian wrote:
Would not the generic "store-and-forward" approach I sent last week help all
of these situations? It effective turns any request into a "sendfiled"
response. Let me do some checking and I may be able to just donate the
code, since it's basically a very hacked up mod_deflate
Ruediger Pluem wrote:
As a result, the connection pool has made the server slower, not faster,
and very much needs to be fixed.
I agree in theory. But I don't think so in practice.
Unfortunately I know so in practice. In this example we are seeing
single connections being held open for 30 s
Ruediger Pluem wrote:
The code Graham is talking about was introduced by him in r93811 and was
removed in r104602 about 4 years ago. So I am not astonished any longer
that I cannot remember this optimization. It was before my time :-).
This optimization was never in 2.2.x (2.0.x still ships with
Ruediger Pluem wrote:
Something else to try is to look at the ProxyIOBufferSize parameter.
The proxy reads from the backend in blocks, and as soon as a block is
not full (ie it's the last block), the proxy will complete and terminate
the backend request before sending the last block on to the c
Lars Eilebrecht wrote:
The second odd thing is that the connections/threads in W state
seem to be hanging, i.e., no data is being transferred over the
connection and these threads/connection time out after about 256
seconds. However, the general Timeout setting is 30s so why
isn't the connection
[EMAIL PROTECTED] wrote:
+ rpluem says: The patch to ap_mmn.h does only contain the comment, but does
+ not change the #define. Once this is fixed I am +1.
Fixed.
Regards,
Graham
--
smime.p7s
Description: S/MIME Cryptographic Signature
[EMAIL PROTECTED] wrote:
+ rpluem says: These revisions cause conflicts for every single file they
patch
+ please provide a patch that works with 2.2.x.
Two of the three files are CHANGES and ap_mmn.h, which will conflict by
definition. The third is a one line change to Makefile.in,
Mladen Turk wrote:
Nope, it'll silently ALIGN(ProxyIoBufferSize, 1024)
from 8K to 64K regardless of ProxyIoBufferSize provided
So would it be accurate to say "if AJP is used, the ProxyIOBufferSize is
set to 64k, and the value for ProxyIOBufferSize is ignored"?
Regards,
Graham
--
smime.p7s
jean-frederic clere wrote:
Where is the 64k limit enforced? in mod_proxy_ajp?
By the AJP protocol.
What I meant was, what the can the user expect to happen if they choose
a limit greater than 64k? There is no enforcement of range in the
set_io_buffer_size() function apart from the lower li
Mladen Turk wrote:
None ;)
64K comes from its usage for max AJP packet size.
8K is minimum/default AJP packet size. However, larger then 64K sizes
are probably usable for setting non-ajp buffer sizes
(think this is propagated down to the socket layer)
So, in any way the docs should be updated
Hi all,
I was asked to clarify the case with the ProxyIOBufferSize, where the
documentation and the code don't agree.
According to mod_proxy.c, the effective size of the buffer is the
greater of AP_IOBUFSIZE or the user specified value:
psf->io_buffer_size = ((s > AP_IOBUFSIZE) ? s : AP_IOB
Ruediger Pluem wrote:
Hm. Doesn't this require a minor bump? We add the contents of mod_rewrite.h
to our public API now.
Initially I though no, as technically nothing has changed, although now
that I think about it again you are right, it should get a minor bump.
And if we add to our publi
Akins, Brian wrote:
I'm all for making httpd faster, scale better, etc. I just don't want to be
extremely disappointed if we rewrite it all and gain nothing but a more
complicated model. If we get great gains, wonderful, but I'd like to see
some actually numbers before we all decided to rework
Paul Querna wrote:
+1, this revision r592951, and the derivate r647263 need to be
rethought. IMO is that this doesn't belong in the reqeust_rec.
I'm only realizing this went in 10 months after the first commit, and 5
months after it was rewritten in r647263, a sign of my inactivity in
httpd
[EMAIL PROTECTED] wrote:
Using this basic framework, you can return SUSPENDED from an HTTP Handler,
and then register a callback that is invoked by the MPM at a later time.
This initial version only supports _timers_ as callbacks, but in the future I
would like to add things like wait for socke
William A. Rowe, Jr. wrote:
Nonsense. In the MS world, double initialization and thread safety are
entirely mandated by design.
So, if I am reading you correctly, if module A called
CryptGetDefaultProvider, then set parameters using CryptSetProvider or
CryptSetProvParam, and then module B c
Paul Querna wrote:
Then the API is broken.
OpenSSL and GnuTLS both allow 'double' initialization, as long as they
are also deinitiilzed the same number of times, just like APR does too.
What I propose to do to fix this for v2.4 and beyond is write a simple
module mod_crypto whose job it is
Hi all,
Having just finished the next iteration of abstracted crypto support for
APR (currently on apr-util-trunk), a problem has cropped up with the
assumptions made by mod_ssl and mod_nss.
To date, both mod_ssl and mod_nss have made the assumption that they
will be the only crypto modules
Niklas Edmundsson wrote:
I can do the importing into trunk, but I'll need some pointers on where
to place it (I'd prefer a final destination, it's too stable for
experimental IMHO), where to poke at the build system and finally how to
get documentation into place.
After selecting a final loc
Mladen Turk wrote:
IMO this should be just like any listener thread, so that logic
can be decoupled from the main worker logic serving requests.
+1.
I looked at the monitor hook, which I understand to run every 10 seconds
or so, though that may not be convenient for everybody. The monitor ho
Müller Johannes wrote:
Maybe let's concentrate on non-third-party modules.
Basically there is mod_auth_basic and mod_auth_digest on the top level followed
by their providers on the second level.
mod_auth_form is part of httpd trunk, and is not a third party module.
Regards,
Graham
--
smim
Müller Johannes wrote:
So far so good, but how to handle fallback to basic authentication if the
client has no certificate (SSLVerifyClient optional)?
If we created a new module mod_auth_cert and there is no username from mod_ssl
we would like to call mod_auth_basic.
If i understood you right,
1201 - 1300 of 2364 matches
Mail list logo
