Another bugfix version is available for you: mod_ssl 2.1.6.
This version fixes a lot of subtle bugs under the cover.
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.1.6 (02-Jan-1999 to 06-Jan-1999)
*) Be even more conservative and correct when aborting a connection: We now
set the conn_rec->aborted flag in addition to blocking the
connection/socket buffer.
*) Added some sort of downgrading support to the logging function to no
longer create messages like "(SSLeay error follows)" although no such
message follows (because SSLeay has no one). The same is done for the
System/errno related messages.
*) Removed direct fiddling with the BUFF->flags stuff. Instead we now use
the API conforming way via ap_bsetflag().
*) Added timeout support for the SSL handshake phase. The timeout in
seconds is the same as configured with the standard Apache "Timeout"
directive for the HTTP request phase. This way one can defend against
special DoS attacks (where the attacker just establishes a lot of
parallel connections but doesn't send data) to the HTTPS port the same
way one can already do it for the HTTP ports.
*) Fixed a display error in the `debug' dump messages and made
the debug dumping more robust by explicitly checking for the case where
SSLeay gives us either a NULL memory pointer or a memory length of -1.
*) Fixed the "Exit: ..." trace messages: They wrote out an (unnecessary)
additional newline which optically broke the tracing messages.
*) Fixed the "you're speaking HTTP to the HTTPS port" error handling.
mod_ssl caused a core dump of the Apache child because the request
processing functions were not aware that a dynamically downgraded (from
HTTPS to HTTP) request can exists for error sitiations.
*) Added the EAPI functions to src/support/httpd.exp which is needed to
compile mod_ssl as a DSO under the most non-smart linker: AIX' ld.
*) Fixed internal `host:port' based identification of virtual servers which
caused problems under specific Listen/<VirtualHost> configuration
variants where an implicit port was used. Additionally we now no longer
patch the server_rec->port variable of Apache. Instead we leave it as is
and on-the-fly make our decisions.
*) Fixed APXS/EAPI-related error message in the configure script.
*) More OpenSSL support: Recognize the forthcoming `openssl' program in
addition to `ssleay' when searching for the command line tool.
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
