This is another bugfix release before I'll add more experimental code the next
week. It especially at least for me solves the remaining segfaults under
Solaris, although we've a report that under special chroot-environment
problems still exists. At least I was now able to run Apache+mod_ssl+OpenSSL
as full DSOs under my Solaris 2.6 box when I compile OpenSSL with -fPIC.
The other problem related to multiple dialog boxes under per-directory client
authentication I've tried to fix by investigating a few hours, but came to the
conclusion that a real solution is a lot more complicated because of possible
security holes one can introduce here when not being _very_ carefully. I've
suspended this issue for >= 2.2.4 now. The next experimental stuff which will
be added are EAPI hooks for mod_ssl itself. This allows vendors which base
their product on mod_ssl to extend mod_ssl without having to patch it too
dramatically ;-)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.2.3 (05-Feb-1999 to 21-Feb-1999)
*) Cleaned up the namespace of mod_ssl structures:
All helper structures are now named ssl_xxxx_t.
*) Fixed hyperlinks to mod_log_config.html in mod_ssl's User Manual
*) Let mod_log_config's %{XXXX}x functions (provided by mod_ssl) correctly
expand to "-" instead of "" in case XXXX is not available as it's the
case for other mod_log_config functions.
*) Unbreak `SSLOptions +CompatEnvVar' by fixing two nasty bugs
and adding a missing variable.
*) Fixed a confusing "not"-typo in the FAQ.
*) Another round to get rid of the core dumps under the DSO situation when
DSOs are loaded to different memory addresses. We now no longer try to
preserve `RSA *' and `X509 *' structures of the SSL library between
Apache's init rounds. Because as we discovered, SSLeay/OpenSSL uses
various static variables inside these structures which is a big NO-NO
for the nasty Apache double-init round situation. Instead we now convert
the internal structures to DER/ASN.1 byte-streams allocated inside
mod_ssl's global memory pool. This now at least fixed the core dumps
under the Solaris/DSO situation for me.
*) Incorporated a few cleanups for the SDBM code Gred Stein sent me
while he was adding SDBM to his mod_dav package.
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
