I just checked the CVS port branch at the FreeBSD site and the last
version there is 2.0.15. I was wondering if someone knew if this
was going to be upgraded to the 2.1 branch in the near future.
/Paul
On Mon, 30 Nov 1998, Ralf S. Engelschall wrote:
>
> Sorry for the delay, but a lot of stuff from my "development queue" had to be
> incorporated and tested. But now here it is: mod_ssl 2.1.1, the first bugfix
> release for the 2.1 branch. The major user visible changes: First network I/O
> performance is no longer decreased (we no longer force NO_WRITEV) and the CA
> list is send on client authentication. Additionally a lot of minor bugfixes
> were done, of course.
>
> Greetings,
> Ralf S. Engelschall
> [EMAIL PROTECTED]
> www.engelschall.com
>
> Changes with mod_ssl 2.1.1 (17-Nov-1998 to 30-Nov-1998)
>
> *) Fixed typos in pass phrase dialog.
>
> *) Added support to APACI for overriding the conf/ssl.crt/server.crt
> default certificate path.
>
> *) Added another logging level `trace' (between `info' and `debug')
> and converted all existing `debug' messages to this level. Additionally
> the internal SSLeay processing is now logged to this level, too. The
> `debug' level now consists of deepest-level I/O dumps where you can even
> see every read/write byte on the BIO (the buffer above the SSL record
> layer).
>
> *) Changed buffer I/O: Previously NO_WRITEV was forced
> because there is no real SSL_writev() available. But the drawback of
> this was that writev() (which nevertheless is available on mostly all
> platforms) wasn't used for non-SSL requests. The result was bad network
> I/O performance when Apache was built with EAPI/mod_ssl. This is now
> changed: When writev() is available it is used for non-SSL requests
> (this way we gain maximum performance) while for SSL requests the output
> is still done via SSL_write().
>
> *) Fixed DBM library determination and build. This especially fixed the
> problems with DSO support under Linux platforms where libdbm was
> previously not linked against libssl.
>
> *) Added a README.Patents document to the distribution
> which tries to explain some RSA patent issues.
>
> *) Fixed Thawte sxnet stuff to work with recent EAPI changes.
>
> *) Fixed documentation: X.509 field was incorrect: SP -> ST.
>
> *) Fixed SSL support for mod_proxy: It was broken because
> the "ssl_enable" ctx-flag was set too late.
>
> *) Ported a recent change in Apache-SSL 1.29 to mod_ssl:
> ``Send CA list to client when SSLCACertificatePath is used (this was
> only done for SSLCACertificateFile up to now)''. I've implemented it
> with a new ssl_init_FindCAList() function in ssl_engine_init.c where the
> main difference is that it _merges_ the list entries from both
> directives together while in Apache-SSL the SSLCACertificatePath would
> override the SSLCACertificateFile for this list generation. I use them
> in parallel for the list generation (by merging their entries) because
> they are used in parallel by SSLeay under the verification process, too.
> Additionally I've now removed SSLCACertifiateReqFile because it was
> oversize.
>
> *) Added a similar SSL_accept() check as was recently added to Apache-SSL
> 1.29, but in a different way: Under the SSL_ERROR_ZERO_RETURN error
> don't log it as an error. A "info"-level log entry is enough.
>
> *) Extended the Compatibility chapter of the User Manual to now also
> contain information about environment variable derivation.
>
> *) Overhauled the SSL part in the http.conf-dist file.
>
> *) Fixed pkg.sslcfg/ssl.key/server.key: It contained a dummy key
> instead of the intended dummy text "THIS FILE SHOULD ...".
>
> *) Fixed httpd.conf-dist: The SSLRequire is only allowed in
> <Location> or <Directory> sections there.
>
> *) Fixed documentation: sign.sh instead of ca.sign, SSLRequire uses
> braces and not parenthesis for word groups, etc.
>
> *) Use the commonly used .crt extension also in the sign.sh script
>
> *) Fixed backward compatibility code: half-way matching could occur (Sioux'
> "RequireSSL" matched the correct "SSLRequireSSL" and leaded to
> "SSLSSLRequireSSL") and the SSLRequireCipher/SSLBanCipher directives
> were not matched correctly.
>
> *) Don't do I/O read-aheads in SSLeay under Win32 because it's not safe
> for this platform (we use select() there).
>
> *) Fixed two memory leaks in ssl_engine_var.c by copying over
> malloc-allocated buffers from X509_NAME_oneline() to Apache
> pool-allocated buffers.
>
> *) Fixed RSAref handling: the -L path to the librsaref.a library
> file was configured incorrectly (a bogus "/lib" was there)
>
> *) Fixed some ANSI C portability issues which popped up with IRIX vendor
> compiler while good-old GCC was happy. This way other compilers should
> be quiet now, too.
>
> *) Added notice and workarounds for RSAref portability problem to the
> INSTALL document. This is especially important to people using platforms
> with non-Intel CPUs (like the Alpha-boxes of DEC).
> ______________________________________________________________________
> Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
