Puhhhhhhhhhh!
Today I've implemented the last "feature" on my 2.1.0 TODO list: The
`SSLOptions' directive. This means we are now finally approaching the 2.1.0
version. Because what is now mainly missing is updating the documentation and
the README files in the distribution. It's good this way because it was
really a hard walk the last weeks, because the major changes for 2.1 needed
more time than I initially expected (they were more complicated to implement
than they looked).
So, when you still ignored the 2.1 Beta branch, it's now definedly time to
wake up, guys. The features are now all implemented and what is now needed is
_your_ in-depth testing to fix the various bugs I've certainly introduced
while writing new code. I expect between five and ten bugs we have to fix
before we can push out a stable 2.1.0. So when you want a good 2.1.0 and
when you want it the next two weeks, help together to find those bugs and
GIVE YOUR FEEDBACK NOW.
So, please grab mod_ssl 2.1b8 now and test it.
There will be a 2.1b9 where I mainly present you the new documentation (you
want to know what's different? Hmmm... for instance you'll see an excellent
SSL introduction I was able to incorporate from an article with permissions by
the author ;-) and a few bug fixes. And then I expect the next version to be
2.1.0. Timerange? One to two weeks, I think. That depends mainly on _your_
feedback...
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.1b8 (30-Oct-1998 to 04-Nov-1998)
*) Replaced the per-server context Fake-Basic-Authentication stuff with a
per-directory mechanism which can be now enabled on-demand and on a
per-directory basis with `SSLOptions +FakeBasicAuth'. This way the
`Cert-Subject-DN to Basic-Auth-Username' mapping is more useful to the
users. The SSLFakeBasicAuth directive was removed. But the mod_ssl
compatibility code automatically maps Apache-SSL's `SSLFakeBasicAuth'
directive to `SSLOptions +FakeBasicAuth' on-the-fly.
*) Added support for exporting the client and server certificates
(not the CA chain; currently only the end certificates) via `SSLOptions
+ExportCertData' in PEM format through the environment variables
SSL_SERVER_CERT and SSL_CLIENT_CERT. This way we bloat up the
environment with certificate stuff only on demand. Additionally the
mod_ssl compatibility code automatically maps Apache-SSL's new
`SSLExportClientCertificates' directive to `SSLOptions +ExportCertData'
on-the-fly.
*) Added backward compatibility mappings for environment variables
of Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x (where
possible). This can be now enabled by the user on-demand via `SSLOptions
+CompatEnvVars' - typically inside the .htaccess context of a CGI
script. This way we bloat up the environment with compat stuff only on
demand.
*) Added a generic `SSLOptions [+-]option [...]' directive which can be
used in the `Options' context, i.e. _everywhere_. It is intended to
control various SSL engine parameters.
*) Enhanced the `make depend' author Makefile target: Now dependencies are
also generated for .lo files (DSO object files). This way Make recogizes
the dependencies also under the DSO situation.
*) Now under `make certificate' an interactive prompt is given which asks
whether the private key should be encrypted (the default) or not. This
way it's a little bit easier to setup test servers, at least for me ;-)
*) Make sure all filenames can be ServerRoot relative _and_ get checked for
existence directly inside the directive handlers (and not under
request-time).
*) Changed per-directory directives SSLRequireSSL and SSLRequire from
`FileInfo' to `AuthConfig' context (see AllowOverride), because they are
really authentication directives.
*) Replaced hard-coded r->server->is_virtual and similar checks with more
API-like ap_check_cmd_context()-based checks. Also added some more
configuration checks to make sure directives cannot be placed into the
wrong context.
*) Added a special kludge for the GCC+DSO situation to libssl.module: Under
some platforms (like Solaris) libssl.so has to be explicitly linked
against the libgcc.a in order to resolve internal symbols.
*) Made a lot of coding style cleanups in the ssl_expr_*.c sources.
*) Fixed a nasty bug in ap_hook_use() and ap_hook_call().
*) Backport from 2.0 branch:
Upgraded to included Thawte Strong Extranet sources (ssl.contrib/sxnet/)
from version 1.2.2 to the current 1.2.3.
*) Backport from Apache-SSL:
Incorporation of recent Base64 (uuencode) encoding bugfixes.
*) Added more hints about EAPI and upgrade problems with DSO/DDLs
to the INSTALL and INSTALL.W32 files.
*) Changed the building of mod_ssl under Win32 from static (.LIB)
to dynamic (.DLL), i.e. mod_ssl is now build as a stand-alone Win32 DSO
(DLL in Windows terms) containing SSLeay instead of statically linked
into the apache.exe binary.
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
