On Tue, Nov 20, 2001 at 06:18:34PM -0500, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: > >> It's not going to happen. Everything that is a runtime-configurable > >> parameter should be controlled by httpd.conf. This slow migration to > >> command-line parameters is, IMHO, wrong. > > Okay.. When I build SSL as a DSO, I do get the line "LoadModule > ssl_module..." in my httpd.conf, and all other SSL configuration parameters > ifdef'ed out.. Thus, when I try to bring up Apache (non-SSL mode), I just > can't do it !!.. I'm FORCED to bring up the seve in SSL mode (-DSSL) - which > is not acceptable (to me)..
I don't understand. Are you saying there are runtime failures if you try to start the server in non-ssl mode while mod_ssl is loaded? <runs off and builds mod_ssl as a DSO>. Indeed you are correct, but the fact that mod_ssl can't be loaded w/o -DSSL seems like a bug to me. -DSSL == enable SSL configuration directives LoadModule ssl_module == load mod_ssl DSO > If you feel that we should not allow the user to control the startup > behaviour (SSL / non-SSL) by giving command line options, then (IMHO), the > current configuration wrong - the "<IfDefine SSL>..." has to be eliminated > from the httpd.conf and ssl.conf files.. Rather, they should be replaced by > something like "<IfModule mod_ssl>.. " instead.. Since it seems that -DSSL and LoadModule ssl_module are mutually dependent, I see no reason now to have -DSSL in the first place. If mod_ssl must have properly formed runtime directives (ie. in httpd.conf) then why don't we just check <IfModule mod_ssl.c> instead of looking for -DSSL? Please fill me in, because it seems like I've missed something here. > >What happens when I build httpd with SSL support statically? -DSSL would > >have no effect in that case, and would probably confuse a bunch of people. > > AFAIK, most of the builds compile SSL as a DSO (because of the > flexibility).. In the case where SSL is built statically, the server SHOULD > come up in SSL mode.. The -DSSL would/should have no effect on the startup > behaviour - which (to me) is perfectly acceptable.. I disagree on both points. Apache's modules may be built statically, or as DSOs. We support both. From the standpoint of runtime configuration, a statically built mod_ssl and a loaded DSO mod_ssl are virtually equivalent. <IfModule mod_ssl.c> works in both cases. However, SSL support should not be considered the same as SSL-mode. -aaron
