Thanks Ralf.
I have a question concerning CRL handling. I found that OPENSSL is loading
cert file and CRL using the same file name. These are X509_load_crl_file
and X509_load_cert_file (in by_file). Is this by design? Should this mean
that the certificate (chain) and CRL are in the same file?
Cheers
-----Original Message-----
From: Ralf S. Engelschall <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>;
[EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, July 15, 1999 4:49 AM
Subject: ANNOUNCE: mod_ssl 2.3.6
>
>mod_ssl 2.3.6: this is a colorful mixture between a maintainance version
and a
>minor feature version. Beside the regular updates and bugfixes it includes
>especially a new SSLCertificateChainFile directive which allows you to
>explicitly generate the server certificate chain. That's especially
important
>when using client authentication and there especially when used in
conjunction
>with facilities like Server Gated Cryptography (SGC) (aka Global ID stuff).
>
>As always, fetch it from:
>
> o http://www.modssl.org/source/
> o ftp://ftp.modssl.org/source/
>
>BTW, there are still a few feature requests in my queue which are still not
>included in this 2.3 version (I propose them to be included for 2.4):
>
> o C2Net's SSL proxy enhancements
> (because documentation is still missing and it's not tested enough)
> o Matthias Loepfe's optimizations in dynamic renegotiation
> (because I've still not found time to review it)
> o David Harris's fix for graceful restart problem
> (because I've still not found time to review it)
> o The old "SSLListen" idea
> (because it still doesn't work I want it to work)
>
>Greetings,
> Ralf S. Engelschall
> [EMAIL PROTECTED]
> www.engelschall.com
>
> Changes with mod_ssl 2.3.6 (22-Jun-1999 to 14-Jul-1999)
>
> *) Enhanced ap_mm_create() failure messages in alloc.c
>
> *) Fixed a core dump for the rare situation where mod_ssl was build
> statically into Apache but not enabled (AddModule).
>
> *) Perform more tries to chown() used DBM files.
>
> *) Fixed memory leaks on restarts related to shared memory session
cache:
> the MM object wasn't removed at all.
>
> *) Allow SSL_DBM_FILE_SUFFIX_DIR and SSL_DBM_FILE_SUFFIX_PAG
> to be overridden via CFLAGS.
>
> *) Fixed grammar and typos in ssl_reference.wml
>
> *) Done a blind update of the INSTALL.Win32 document.
>
> *) Added five new FAQ entries.
>
> *) Fixed EAPI MM related permission problems.
>
> *) On startup the configured cipher suite is now also
> displayed under log level "trace".
>
> *) Let the Win32 configure.bat complain when --with-apache or
> --with-ssl is missing.
>
> *) Added new `SSLCertificateChainFile /path/to/file' directive. This can
> point to a file containing the concatenation of PEM encoded CA
> certificates which explicitly form the server certificate chain. This
is
> intended for instance for the Global-ID situation where one _has_ to
> send the intermediate CA of Verisign with the GID while one wants to
> avoid that under client authentication all clients issued by this CA
are
> accepted (which would happen when one references the CA cert via
> SSLCACertificatePath or SSLCACertificateFile instead of
> SSLCertificateChainFile).
>
> *) Changed the "Interrupted by system" `error' to `info' level in
> case errno is not > 0.
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
