RE: Currently known issues with 2.0.23 (very few! :)

[MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)]

Justin,
  You're right about the locking_callback.. Infact one of the TODO items in
the modules/ssl/README already tells about the CRYPTO_set_locking_callback.
AFAIK, the OpenSSL code is inherently thread-safe (assuming we set the right
flags).. However, the thread-safeness of the mod_ssl code is still to be
evaluated.. 

Thanks
-Madhu


-----Original Message-----
From: Justin Erenkrantz
To: [EMAIL PROTECTED]
Sent: 8/8/01 1:04 AM
Subject: Re: Currently known issues with 2.0.23 (very few! :)

On Wed, Aug 08, 2001 at 02:53:47AM -0400, Cliff Woolley wrote:
> 3) mod_auth_dbm, mod_auth_db, and mod_auth_digest might not compile on
>    some systems due to missing headers or libraries which are not
>    correctly flagged as missing by configure.  Using
--enable-modules=most,
>    --enable-shared=most, etc, can enable some of these modules even
>    on platforms where they will not compile.  If you have trouble
>    compiling any of them, you can disable the offending module by
>    rerunning configure and adding --disable-auth-dbm,
--disable-auth-db,
>    or --disable-auth-digest to the end of your configure line.

I'll focus on this next week (assuming I have time) unless someone
wants to jump in.  I'm enough of an autoconf wimp to get this working
probably.  If someone wants to submit a patch, I'll try to review
and commit (again, assumming no one beats me to it).

> 4) mod_ssl is still in the process of being ported to Apache 2.0 and
>    is considered alpha quality.  Considerable progress has been made
>    on it since 2.0.22, though it still might not work on all systems
and
>    not all functionality has yet been enabled.

One note that Madhu (?) may not have considered is the special things
that need to happen w.r.t. OpenSSL for multi-threaded apps.  Check
out flood in httpd-test.  I've been mucking with the OpenSSL and
thread safety there for the past few days.  I've finally got the right
voodoo happening in that code.  flood is all APR-based so you could 
take the code directly from there (see flood_net_ssl.c).  

If no one has gotten to it by next week (see the commented out part 
of ssl_engine_init for locking_callback), I'll try and commit the 
relevant bits.  I'd bet mod_ssl doesn't play nice with threaded MPM (or 
worker for that matter).  But, mod_ssl is a designated non-showstopper.

> 5) There is a known build problem when using GNU make version 3.77
>    on some systems, which appears to be a bug in that version of
gmake.
>    Upgrading to a newer version of gmake fixes the problem.

AFAIK, this is a problem.  I don't care to spend any time fixing this
when an upgraded version solves the problem.  If someone wants to
submit a patch, but this is really just a broken make.  We should
have a "Platform Notes" section in the README or INSTALL (where?).
It'd be nice to also add the note about the broken Linux 2.4.3 stuff 
I stumbled across a few weeks ago.  -- justin