Here is mod_ssl 2.1.8. It contains a lot of bugfixes, especially related to
EAPI/DSO. Nevertheless I still see core dumps under Solaris 2.6. But as far as
I discovered it, they are not related to bugs in mod_ssl or SSLeay. Instead
they seem to be side-effects of some internal behaviour of the dynamic loader
on these platforms. I will investigate more the next days. So, all DSO
problems are still not fixed, but a lot of others bugs. So you're encouraged
to upgrade to this version.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.1.8 (11-Jan-1999 to 21-Jan-1999)
*) Added an additional variable REQUEST_SCHEME which can be used for in
SSLRequire, RewriteCond, RewriteRule, etc. to forward or redirect
HTTP/HTTPS requests with the incoming URL scheme.
*) Surrounded ap_hook_[un]register() calls with wrapper macros to
implicitly cast the function pointers to void pointers, because strict
ANSI C requires this.
*) Added AP_HOOK_ALL support which can be used to call all registered
callback-functions for a hooks, independent of any decline value.
This will be used in the future by forthcoming features.
*) Fixed a potential security hole: Both the SSLMutex and SSLSessionCache
files are now created without read access for the group and others.
*) Fixed a typo in the SSL logfile hints and in the terminal
message displayed for the `make certificate' step.
*) Under Extended API situations we now replace the module magic cookie
"AP13" with "EAPI" to let us later distinguish between the EAPI-aware
module structures (which contain additional pointers at the end) and
standard module structures (which lack at least NULL's for the pointers
at the end of the structure). This is important because standard
("AP13") modules would dump core when we dispatch over the additional
hooks because NULL's are missing at the end of the module structure.
But we now to the following: We allow _both_ types of modules to be
loaded by mod_so, but dispatch over the EAPI hooks only when the module
magic cookie indicates "EAPI". This way an Apache+EAPI server can load
module DSOs built with a plain Apache. That's important to allow people
for instance use mod_coldfusion (which is available only as a pre-built
DSO!) or allow the Debian package maintainers to finally build their
Apache package with EAPI without the need to upgrade all other module
packages at the same time.
*) The SSLMutex filename now is internally extended to contain the PID of
the Apache parent process to make the file unique across different
server instances. That's the same approach Apache already uses for the
accept mutex lockfile.
*) We now replace the MODULE_MAGIC_COOKIE ("AP13") with "EAPI" under -DEAPI
to make sure that mod_so only loads modules which were really compiled
with -DEAPI. Because else NULL's at the end of the module structure are
missing, which always will leads to core dumps when the Apache core
dispatches over it.
*) Removed hints to the test suite in INSTALL.Win32 because under this
platform there are more test suite problems before the tests can be
really reasonable.
*) Now mod_rewrite's %{XXXX} construct can also "magically" expand all
variables known to mod_ssl, i.e. especially the SSL_XXXX variables.
This way you can use the same variables in a RewriteRule or RewriteCond
you're used to use in a SSLRequire directive.
*) Fixed a few type problems in ca-fix.c which caused strict ANSI C
compilers (not GCC) to complain and fail. This especially fixed the
problems under AIX 4.2
*) Fixed a syntax problem GCC and VC++ never complained about: A trailing
comma on the last element of an enumeration declaration is not allowed,
of course.
*) Changed the EAPI usage inside mod_log_config.c to no longer store a
foreign function pointer (which belongs to mod_ssl) into internal
structures (because when mod_ssl is unloaded during restarts they evolve
into dangling references).
*) Cleaned up the verbose output of configure & configure.bat
and added also support for -v to configure.bat.
*) Make sure mod_ssl's configure script stops with an error
when Apache's configure (APACI) script stopped with an error.
*) Overtake the important idea from Khimenko Victor's EAPI variant to
_un_register EAPI hooks for the various modules when the module is
unloaded (DSO!). Without this dangling references occur inside the EAPI
hook lists which can cause core-dumps.
*) Fixed the %{errstr}c function provided for mod_log_config
and let %{errcode}c always expand to "-".
*) Fixed the self-referencing hyperlink in ssl_overview.html
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
