Just for your information and to share my great happyness ;-) :
Dynamic Shared Object (DSO) support for mod_ssl is now possible!
Yeah, I know, it was declared as impossible even by me in the past but now
it's actually implemented - really. I costed me around 40 working hours of
deep-level Apache hacking, but now I was finally successful and the beast runs
fine on my development box.
I've to clean up and comment the code a little bit more and test it on more
platforms (but I don't expect any more problems here), but then it will be
available with mod_ssl 2.1b7 the next days.
What this means? You still don't know what DSO is? Then start reading at
http://www.apache.org/docs/dso.html , please. And when you still don't see
the point think about the situation of Jan Wedekind from UUNET (he's also on
this list and mainly the guy who begged for DSO on ApacheCon which forced me
to do it now):
You're an ISP and have a lot of different customers on your shared webserver.
70% of them need only a standard Apache and 30% of them need an SSL-aware
Apache. Without DSO you had only two options in the past: 1. Create one
Apache+mod_ssl installation and run all Apache httpd instances with mod_ssl,
but only 30% have SSLEnable. 2. Create two installations: One plain Apache and
one Apache+mod_ssl. And then run 70% of the httpd instances with the plain
httpd and the remaining 30% of the httpd instances with the httpd containing
mod_ssl. For 1.) the drawback is the ugly runtime RAM penalty of
mod_ssl+SSLeay in 70% of all httpd. For 2.) the drawback is that you have to
maintain two Apache installations, although they are mostly the same. This is
a pain, too.
Now with DSO you're happy: You can combine 1.) and 2.). Why? Because
you just make one Apache installation with mod_ssl as a DSO. And
then you you an additional
<IfDefine SSL>
LoadModule ssl_module libexec/libssl.so
</IfDefine>
in your httpd.conf file. Now you can start the 70% non-SSL-aware httpds via
"httpd" and the remaining 30% (SSL-aware) httpds with "httpd -DSSL". Bingo!
Only one Apache installation required and no RAM penalty for the 70% of your
non-SSL servers.
More information comes when the DSO stuff is available with 2.1b7 for your own
testing pleasure. But mainly the only difference you will see is a single
"--enable-shared=ssl" inside the INSTALL file. Anything else is automatically
configured. ;-)
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
