Another maintainance release of mod_ssl 2.8 for Apache 1.3 delivers to you mod_ssl 2.8.13 for Apache 1.3.27. Changes are listed below. Grab it from the following locations:
o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com Changes with mod_ssl 2.8.13 (23-Oct-2002 to 18-Mar-2003) *) Always enforce RSA blinding on RSA private keys in order to be resistent to timing attacks. *) Added timeout also to the "pre-sucking" of the trailing data in POST request handling. *) Correctly shutdown shared memory pools on fork+exec situations. *) Bugfix SSL client certificate verification: OpenSSL was not informed with SSL_set_verify_result(ssl, X509_V_OK) in case mod_ssl forced the verification to be ok. *) Consistently use OPENSSL_free() instead of plain free() to deallocate memory chunks allocated inside OpenSSL. *) Fixed various memory leaks related to X509 certificates. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]