Except for the final updates of the README files in the distribution and
Chapter 4 of the User Manual the mod_ssl 2.1 branch is now ready for release.
To make sure we don't have introduced new heavy bugs here is one more but
really last Beta version.
Test it now (again) and speak up for the 2.1 branch or be quiet later ;-)
The birth of the final mod_ssl 2.1.0 version is planned for Tuesday, November
17th, 1998. Because on this day we then can celebrate two birthdays: a 2.1*1
birthday and a 2.6*10 birthday... :-)
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.1b9 (04-Nov-1998 to 15-Nov-1998)
*) Replaced the pkg.ssldoc/* stuff with the new mod_ssl 2.1 User Manual.
*) Fixed patching of Makefile.nt under Win32.
*) Changed test `-e' option to more portable `-r' option.
*) Fixed again the init round handling: The SSLeay initialization
has to be done _every_ time under DSO/DLL situation because
there SSLeay is part of the mod_ssl DSO/DLL which is re-loaded.
*) Under DSO situation the LoadModule directive for libssl.so
is now surrounded by <IfDefine SSL>, too. This way when
-DSSL is not used not even the module is loaded.
*) Replaced the last global var (ssl_ModConfig) with an ap_global_ctx
based approach. This way thread-safety for Win32 and Apache 2.0
can be made more easily.
*) Added compile time check for EAPI:
mod_ssl now can only be compiled when EAPI is active.
*) Forward port from 2.0 branch:
Now SSLVerifyDepth defaults to 1 and this means the client certificate
has to be signed directly by the root CA. The verify depth now is the
max number of CAs which are checked: 0 = self-signed only, 1 =
self-signed or signed by root-CA, 2 = signed by root-CA or signed by a
CA which is signed by the root-CA, etc.
*) Forward port from 2.0 branch:
Now SSLSessionCacheTime defaults to 300s.
*) Forward port from 2.0 branch:
Fixed RSAref instructions in INSTALL file and added more support for
implicitly finding the RSA_BASE to the libssl.module script.
*) Added a SSL_COMPAT configuration rule which is enabled per
default. But when you disable it via --disable-rule=SSL_COMPAT the
backward compatibility code is not build into mod_ssl. This provides a
little bit better performance for those people who don't need the compat
stuff.
*) Removed the patch from mod_auth.c by not spreading the -I option for
SSLeay. Because with the EAPI only the mod_ssl needs to include SSLeay
headers. So we no longer have a conflict with the vendors
crypt.h stuff ;-)
*) Moved the patch from ap_config.h into libssl.module.
*) Overhauled the mod_ssl distribution tree: Now four packages exists
(eapi, sslmod, ssldoc, sslcfg, sslsup) and each contains the patches and
corresponding files. Especially the EAPI stuff is now stand-alone and
doesn't contain any crypto-related stuff.
*) Fixed version parsing in configure.bat script (Win32)
*) Fixed default value for SSLCertificateFile directive.
*) Added real contents for the environment variable mapping. Now all
Apache-SSL 1.x and mod_ssl 2.0.x and the most important Stronghold 2.0.x
variables (the ones corresponding to certificate DN fields) are mapped
to mod_ssl 2.1 variables.
*) Added on-the-fly mapping for the Apache-SSL 1.x and mod_ssl
2.0.x SSLRequireCipher and SSLBanCipher directives.
*) Added a useful SSL_CIPHER_EXPORT variable.
*) Fixed compatibility on-the-fly directive mapping: Now comment and blank
lines are correctly recognized by the mapping mechanism so the user no
longer gets confusing warnings about obsolete directives when they still
occured in comments.
*) Fixed complex situation where the SSL logfile cannot be opened but the
error message should be still logged: to the Apache general error log.
*) Forward port from 2.0 branch:
Make sure the mkcert.sh can only be used by `make certificate' _inside_
the Apache source tree.
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
