ANNOUNCE: mod_ssl 2.3.10

Wed, 28 Jul 1999 06:00:55 -0700 


Although I have a personal aversion on two-character wide patchlevels, here is
version 2.3.10 - because we've to tweak 2.3 until it is really stable before
we can proceed with 2.4.  This version provides a fix for the SSLMutex
problems ("file not found") and an experimental solution for the POST problems
which occured under per-URL SSL parameter re-configuration (read below for
more details).

Greetings,
                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com

  Changes with mod_ssl 2.3.10 (26-Jul-1999 to 28-Jul-1999)

   *) Changed the handling of the `per-URL SSL re-configuration in conjunction
      with POST method based HTTP requests' problem: Per default mod_ssl now
      returns a METHOD_NOT_ALLOWED HTTP error when one tries to POST to a URL
      which has SSL parameters re-configured, because mod_ssl per default
      cannot handle this situation (for technical reasons). This way the I/O
      errors which occured in the past are now at least replaced by a correct
      error message. 

      But when you build with --enable-rule=SSL_EXPERIMENTAL you get
      experimental support for this situation and you then _CAN_ use POST even
      in conjunction with per-URL SSL re-configurations.
      
      But nevertheless one have to keep in mind that the POST body is still
      transferred under the global SSL parameters and that the renegotiation
      (typically to a stronger cipher, etc.) happens only before the response
      is sent (and not before the POST data is read!). The rule of thumb is:
      per-URL SSL parameters _CANNOT_ be applied to _ANY_ part of the
      _REQUEST_, they are only guarrantied to be applied to the _RESPONSE_.

      In practice there are situations (for instance when the client resumes
      the request already with previously renegotiated parameters, etc.) where
      the situation _CAN_ be better. But you cannot _EXPECT_ it to be better
      and mod_ssl _CANNOT GUARRANTY_ it to be better, of course.

   *) Added support for latest OpenSSL 0.9.4-dev snapshot version.

   *) Fixed initialization and cleanup relazed problems with SSLMutex: The
      mutex is now closed before the chown and the mutex is removed only in
      the parent on module shutdown.

   *) Removed HTTPD_ROOT from EAPI_MM_CORE_PATH definition in httpd.h
      because it is redundant and can cause problems.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to