Greetings Ralf and mod_ssl groupies
I'm hoping that Ralf is gently jabbing me regarding some of his
comments. He knows that I have communicated a couple of times with him
regarding DSO issues over the past several months and I guess I just
assumed that he understood from those emails that we were looking hard
at incorporating functionality from mod_ssl. I'm sure he also knows
that making public statements about vaporware can be dangerous so I
elect not to make it widely known until we have something to offer
publically. We have been in beta for about 4 months now, so it really
wasn't that big of a secret. I know that Ralf, like me, has way too
much to do and it is often hard to stay in touch with everything that
is going on in this community.
Regarding Ralf's comments regarding his hope that the mod_ssl
community would benefit from Covalent's move toward the mod_ssl
codebase: I think Ralf and others understand that because of US law,
we unfortunately can't contribute to projects like mod_ssl and
OpenSSL. It is my hope that my continued involvement with the Apache
project from it's inception can be seen by this community as
Covalent's contribution to open-source. I think I have a reputation of
trying to be fair to this community and give back when possible. We
fully intend to continue to do that. We have whole heartedly promoted
Ben Laurie's book in an effort to see him benefit in some way from our
start with the Apache-SSL codebase several years ago. I'd love to find
a way for these two projects to come back together on US turf, thereby
allowing our further involvement.
I had thought that documentation might be an area where we could cross
the legal barrier and contribute something more directly to mod_ssl,
but Ralf has made it clear that he does not care for our documentation
style. :-)
> Covalent has today announced their new Raven SSL 1.4 module
> for Apache (BTW,
> Randy Terbush from Covalent is also on the sw-mod-ssl list,
> when I remember
> correctly). I today had a detailed look at their website under
>
> http://www.covalent.net/raven/ssl/
>
> and was surprised to see that they seem to have finally
> switched from their
> Apache-SSL-based Raven 1.3 product to a Raven 1.4 product
> which is now based
> on mod_ssl (Oops, I've to update the product table in my
> slide-set for
> ApacheCon'99, too ;-).
>
> Although they do not explicitly say this and Randy also not
> dropped my at
> least a single note about this, I'm 100% sure it's either
> based on some
> mod_ssl 2.2.x version or on a mod_ssl 2.1 version where
> some 2.2 features were
> backported. For instance under
>
http://www.covalent.net/raven/ssl/docs/configuration
we can find the Reference Chapter 3 (ssl_ref.html) from our mod_ssl
User
Manual. It was completely relayouted (hmmm... it no longer fits very
well my
typographic eyes, but ok) and slightly reworded (to get rid of my
wodden
English ;_) and adjusted for Raven paths and product names. But it's
_definitely_ the ssl_ref.html document, of course.
What surprised me was that although it includes SSLRandomSeed
(introduced by
me in 2.2.0) it doesn't speak about the per-directory facility of
SSLCipherSuite, SSLVerifyClient, etc (although this was introduced
with the
_same_ 2.2.0 version). Very interesting.... either Covalent doesn't
trust this
2.2 facility and removed hints to it or Raven 1.4 is just mod_ssl 2.1
plus
some backported functions of 2.2. Hmmm... at least _very_ interesting.
Although I wished I had received a little bit of information about
this
interesting switch before it finally happended (hey, sure it's Open
Source,
but wouldn't it be gentleman-like to drop the author at least a short
note
before one kicks out a product to the market based on his work?),
perhaps
Randy can at least _now_ give us now some statements about the current
Raven
state-of-the-art, the technical decisions behind the switch, the
actually used
software versions and perhaps even some details about Covalent's plans
for the
future of Raven? Randy, do you listening?
Anyway I'm very happy to see that one more product on the market is
based on
my work and I wish Covalent really the best with their new Raven
product. At
least they can be sure I'm personally supporting their decision and
handling,
(although I will never receive any money or other similar return
service for
this, of course).
But at least I hope the mod_ssl community also gets something back
from
Covalent: general feedback and perhaps even bugfixes and enhancements.
At
least I can say that another vendor who works on switching to mod_ssl
(and
still hasn't finished) _already_ contributed a lot more to the mod_ssl
project
than Covalent (from them I've still not received feedback or patches).
Randy,
I treat it as a point of honour and a must that Covalent also
_actively_
supports the mod_ssl community by sharing patches and enhancements and
giving
feedback from time to time. Eventually it should be at least in
Covalent's own
commercial interest, of course.. ;-)
So, let us be happy that one more commercial vendor on the market
based their
product on our Open Source software. A better recognition we cannot
expect on
the market, of course. :) And perhaps Covalent/Randy additionally
gives us a
little bit of background information...
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
