Checkout Tools
  • last updated 1 hour ago
Constraints: committers
Constraints: files
Constraints: dates

Changeset 89026 is being indexed.

Port ssl_engine_ds.c to APR.

Nothing to port for ssl_engine_dh.c except that

SSL_LIBRARY_VERSION has to be already available.

Remember which code parts are already ported...

Explain the difference between the Apache environment and

the OS environment.

Kick out all old mutex code and base SSLMutex on APR locks.

support a "default" vhost, which is simply the main server (normally port 8529)

Change mostly all old module structure hooks and EAPI hooks to

ap_hook_xxx equivalents. More work has to be done here to clean all this

up and reduce to a minimum...

Axe writev(2) support from the SSL I/O layer because in Apache 2.0 we no

longer handle the bottom line of I/O ourself. Additionally this again

simplifies mod_ssl's I/O part for later transition to mod_tls's approach

with buckets.

Axe most WIN32 stuff from Apache 1.3. In Apache 2.0 we either use APR

later for this or we don't do it at all. But we certainly no longer want

to see any platform specific things inside a module.

Axe out SSL_CONSERVATIVE stuff which for Apache 1.3 did I/O data

pre-sucking on POST requests and I/O re-injection in case of SSL

renegotiations. This all either cannot be solved any longer or at least

has to be implemented totally different through I/O layering/filtering.

Remove one more EAPI-based thing we no longer really need.

remove remaining references to compat and sdbm

compat and local sdbm stuff is already gone

Axe out SSL_USE_SDBM stuff, i.e., get rid of the local SDBM copy and use

APR's DBM API instead. The remaining question just is whether APR's DBM

allows "larger" things like SSL sessions to be stored...

Axe out the complete SSL_COMPAT stuff. Because Apache 2.0 is already

incompatible at many places to Apache 1.3 we also don't want this stuff

anymore. Apache 2.0's mod_ssl will be mostly compatibile with Apache

1.3's mod_ssl, of course. But we really no longer want to be compatible

to Sioux and other obsolete SSL things...

Start writing down incompatibilities to mod_ssl 2.x from Apache 1.3.

Our general goal is to axe down mod_ssl to a minimum, because what we

don't have anymore we don't have to port and as simpler mod_ssl becomes.

Nevertheless we will try to minimize incompatibilities if possible.

Axe out EAPI-based SSL_VENDOR stuff.

If we want this later again, we have to do it differently anyway. So,

for now we try to strip down mod_ssl as heavy as possible and hence we

kick out this stuff at all.

Finalize the build environment by integrating the last thing (the

lex/yacc stuff) into and getting rid of the old Apache 1.3

Makefile.tmpl file.

Fix a bug in the input handling. ap_http_filter() was modifying *readbytes

which corresponded to r->remaining (in ap_get_client_block). However,

ap_get_client_block was *also* adjusting r->remaining. Net result was that

PUT (and probably POST) was broken. (at least on large inputs)

To fix it, I simply removed the indirection on "readbytes" for input

filters. There is no reason for them to return data (the brigade length is

the return length). This also simplifies a number of calls where people

needed to do &zero just to pass zero.

I also added a number of comments about operations and where things could be

improved, or are (semi) broken.

clarify the use of some of the members of the dav_provider structure.

Next step in mod_ssl integration:

Add missing files to build environment.

  1. … 17 more files in changeset.
Activate the command_rec structure.

Update file description list.

Get rid of libssl.modules and libssl.version. libssl.version we

no longer need, because mod_ssl no longer has its own version.

libssl.modules is now more or less (except for the old custom Apache 1.3

configuration rules) replaced by the Autoconf based config.m4.

Integrate mod_ssl into the Autoconf facility.

(currently only stub files are compiled)

    • ?
Move the AC_MSG_CHECKING into the module-specific macro to make sure the

output is generated in sync with the AC_MSG_RESULT.

Cosmetics: align the entry of MPMs in "configure --help" output

Allow mod_tls and mod_ssl coexists without interfering each other by

renaming the --with-ssl option of mod_tls to --with-tls. This way we can

use --enable-ssl/--with-ssl for mod_ssl and --enable-tls/--with-tls for


allow api test files to have the same names as hooks

adjust file list for removed files, too.