mod_ssl 2.3.6: this is a colorful mixture between a maintainance version and a
minor feature version. Beside the regular updates and bugfixes it includes
especially a new SSLCertificateChainFile directive which allows you to
explicitly generate the server certificate chain. That's especially important
when using client authentication and there especially when used in conjunction
with facilities like Server Gated Cryptography (SGC) (aka Global ID stuff).
As always, fetch it from:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
BTW, there are still a few feature requests in my queue which are still not
included in this 2.3 version (I propose them to be included for 2.4):
o C2Net's SSL proxy enhancements
(because documentation is still missing and it's not tested enough)
o Matthias Loepfe's optimizations in dynamic renegotiation
(because I've still not found time to review it)
o David Harris's fix for graceful restart problem
(because I've still not found time to review it)
o The old "SSLListen" idea
(because it still doesn't work I want it to work)
Greetings,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Changes with mod_ssl 2.3.6 (22-Jun-1999 to 14-Jul-1999)
*) Enhanced ap_mm_create() failure messages in alloc.c
*) Fixed a core dump for the rare situation where mod_ssl was build
statically into Apache but not enabled (AddModule).
*) Perform more tries to chown() used DBM files.
*) Fixed memory leaks on restarts related to shared memory session cache:
the MM object wasn't removed at all.
*) Allow SSL_DBM_FILE_SUFFIX_DIR and SSL_DBM_FILE_SUFFIX_PAG
to be overridden via CFLAGS.
*) Fixed grammar and typos in ssl_reference.wml
*) Done a blind update of the INSTALL.Win32 document.
*) Added five new FAQ entries.
*) Fixed EAPI MM related permission problems.
*) On startup the configured cipher suite is now also
displayed under log level "trace".
*) Let the Win32 configure.bat complain when --with-apache or
--with-ssl is missing.
*) Added new `SSLCertificateChainFile /path/to/file' directive. This can
point to a file containing the concatenation of PEM encoded CA
certificates which explicitly form the server certificate chain. This is
intended for instance for the Global-ID situation where one _has_ to
send the intermediate CA of Verisign with the GID while one wants to
avoid that under client authentication all clients issued by this CA are
accepted (which would happen when one references the CA cert via
SSLCACertificatePath or SSLCACertificateFile instead of
SSLCertificateChainFile).
*) Changed the "Interrupted by system" `error' to `info' level in
case errno is not > 0.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
