This version mainly provides two important bugfixes and one new feature: The
"POST requests failed with an I/O error" and "processes consumed 100% CPU"
problems should be now fixed. And certificates/keys are now also accepted in
two additional formats (plain DER and DER+Base64) to PEM. You're encouraged to
upgrade because the two fixed bugs are really nasty ones which can cause a lot
of trouble.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.2.5 (04-Mar-1999 to 18-Mar-1999)
*) Fixed the situation were we discovered processes consuming
100% CPU time. This occured under various not exactly known
circumstances, but it seems it was always when the client plays bad with
the socket connection and OpenSSL cannot recognize it. Then the state
machine of SSL_shutdown() seems to loop endless. It's now fixed by not
limiting the iterations.
*) Fixed a typo in the SSL_CERTIFICATE_FILE define, although this
variable is still not used.
*) Fixed the POST-problem where kept-alive HTTPS connections hang or
resulted in an I/O error inside the browser because the ``SSL close
notify'' alert couldn't be sent correctly because of Apache's internal
``lingering close'' handling. EAPI was changed to now correctly call the
close_connection module hook also on timeout and linger closes. This
EAPI change means you cannot upgrade your libssl.so with --with-apxs to
this version. A complete Apache rebuild with the updated EAPI code is
necessary.
*) The SSLCertificateFile and SSLCertificateKeyFile directives now can read
PEM (=DER+Base64+headers), DER+Base64 (without headers) and plain DER
format certificate and private key files. This is mostly provided for
convinience reasons.
*) Add FAQ entry: How to convert PEM into DER.
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
