From owner-sw-mod-ssl-announce@engelschall.com Thu Mar 25 08:40:16 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for sw-mod-ssl-announce-L id IAA17658; Thu, 25 Mar 1999 08:40:16 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id IAA17654; Thu, 25 Mar 1999 08:40:12 +0100 (MET) Received: (qmail 9158 invoked by uid 66); 25 Mar 1999 07:41:49 -0000 Received: from en by slarti with UUCP; Thu Mar 25 07:41:49 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3) for sw-mod-ssl-announce@engelschall.com id IAA99201; Thu, 25 Mar 1999 08:39:46 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id IAA17466; Thu, 25 Mar 1999 08:34:46 +0100 (MET) Received: (qmail 8917 invoked by uid 66); 25 Mar 1999 07:36:22 -0000 Received: from en by slarti with UUCP; Thu Mar 25 07:36:22 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3) id IAA98788; Thu, 25 Mar 1999 08:34:17 +0100 (CET) Date: Thu, 25 Mar 1999 08:34:17 +0100 From: "Ralf S. Engelschall" To: sw-mod-ssl@engelschall.com Cc: sw-mod-ssl-announce@engelschall.com Subject: ANNOUNCE: sw-mod-ssl-announce list Message-ID: <19990325083417.A98459@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-sw-mod-ssl-announce@engelschall.com Precedence: bulk Reply-To: sw-mod-ssl@engelschall.com X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: sw-mod-ssl-announce On demand by the users I've now established a companion mailing list named sw-mod-ssl-announce@engelschall.com. The name looks ugly, I know. But nevertheless it should be a useful list for those of you who don't want to follow the sw-mod-ssl support list. In the future I'll crosspost all "ANNOUNCE: xxx" posting to sw-mod-ssl-announce, so when you're only interested in those annoucements (usually one release annoucements every one or two weeks) you can now subscribe to this list only. But keep in mind that this list is moderated and discussions are still taking place on sw-mod-ssl, of course. Only the announcement postings will occur on sw-mod-ssl-announce. The list is also controlled by majordomo@engelschall.com, so send your "subscribe sw-mod-ssl-announce" to this address. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Announcement Mailing List sw-mod-ssl-announce@engelschall.com Automated List Manager majordomo@engelschall.com From owner-sw-mod-ssl-announce@engelschall.com Mon Apr 12 16:44:44 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for sw-mod-ssl-announce-L id QAA24857; Mon, 12 Apr 1999 16:43:52 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id QAA24842; Mon, 12 Apr 1999 16:43:38 +0200 (MET DST) Received: (qmail 5681 invoked by uid 66); 12 Apr 1999 14:44:11 -0000 Received: from en by slarti with UUCP; Mon Apr 12 14:44:11 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) for sw-mod-ssl-announce@engelschall.com id QAA87286; Mon, 12 Apr 1999 16:41:27 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id QAA24634; Mon, 12 Apr 1999 16:36:45 +0200 (MET DST) Received: (qmail 4077 invoked by uid 66); 12 Apr 1999 14:38:25 -0000 Received: from en by slarti with UUCP; Mon Apr 12 14:38:25 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id QAA86245; Mon, 12 Apr 1999 16:29:30 +0200 (CEST) Date: Mon, 12 Apr 1999 16:29:29 +0200 From: "Ralf S. Engelschall" To: sw-mod-ssl@engelschall.com, sw-mod-ssl-announce@engelschall.com Subject: ANNOUNCE: mod_ssl 2.2.8 Message-ID: <19990412162929.A86228@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-sw-mod-ssl-announce@engelschall.com Precedence: bulk Reply-To: sw-mod-ssl@engelschall.com X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: sw-mod-ssl-announce This version is proposed to be the last 2.2 patchlevel and contains just a lot of final cleanups and fixes to polish the stable 2.2 version. The forthcoming version will be 2.3.0 which provides a lot of new and complex features (DSA/DH support, CRL support, shared memory session cache, etc.), so production servers should be now finally upgraded to this stable 2.2 version. Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.2.8 (29-Mar-1999 to 12-Apr-1999) *) Use SSL_smart_shutdown() also for SSL proxy stuff. *) Fixed some compat variable mappings and updated ssl_compat.wml document to reflect the current compat state. *) Added ssl_log_applies() function in advance for forthcoming feature commits. *) Added NEWS file to distribution which summarizes the major changes and this way gives a faster overview for the impatient users. *) Added a new pkg.contrib/cca.sh script which I used for client auth testing with the latest OpenSSL versions. Additionally adjust old mca.sh script for OpenSSL. *) Added the missing ssl_template.inc file to the distribution *) Various source code cleanups to make forthcoming patches more clean. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Announcement Mailing List sw-mod-ssl-announce@engelschall.com Automated List Manager majordomo@engelschall.com From owner-sw-mod-ssl-announce@engelschall.com Sat May 1 10:22:13 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for sw-mod-ssl-announce-L id KAA12755; Sat, 1 May 1999 10:21:28 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id KAA12748; Sat, 1 May 1999 10:21:24 +0200 (MET DST) Received: (qmail 10784 invoked by uid 66); 1 May 1999 08:22:57 -0000 Received: from en by slarti with UUCP; Sat May 1 08:22:57 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) for sw-mod-ssl-announce@engelschall.com id KAA65069; Sat, 1 May 1999 10:18:30 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id AAA23396; Sat, 1 May 1999 00:22:35 +0200 (MET DST) Received: (qmail 11235 invoked by uid 66); 30 Apr 1999 22:24:09 -0000 Received: from en by slarti with UUCP; Fri Apr 30 22:24:09 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) for sw-mod-ssl@engelschall.com id AAA45034; Sat, 1 May 1999 00:19:19 +0200 (CEST) Date: Sat, 1 May 1999 00:19:18 +0200 From: "Ralf S. Engelschall" To: sw-mod-ssl@engelschall.com Subject: ATTENTION: http/ftp/mail addresses will be changed!! Message-ID: <19990501001918.A44783@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-sw-mod-ssl-announce@engelschall.com Precedence: bulk Reply-To: sw-mod-ssl@engelschall.com X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: sw-mod-ssl-announce ATTENTION! The next days the mod_ssl project will move to it's new permanent home under it's own modssl.org domain. The website and FTP site are already switched now and when the nameservers reloaded the MX records I'll also switch the mailing lists tomorrow. In detail the following changes are done: << http://www.engelschall.com/sw/mod_ssl/ >> http://www.modssl.org/ << ftp://ftp.engelschall.com/sw/mod_ssl/ >> ftp://ftp.modssl.org/source/ << ftp://contrib:contrib@ftp.engelschall.com/sw/mod_ssl/ >> ftp://modssl-c:modssl-c@ftp.modssl.org/contrib/ << mailto:sw-mod-ssl-announce@engelschall.com >> mailto:modssl-announce@modssl.org << mailto:sw-mod-ssl@engelschall.com >> mailto:modssl-users@modssl.org << mailto:bugdb-mod-ssl@engelschall.com >> mailto:modssl-bugdb@modssl.org In other words: Mirror admins should update the location information and people should use the new addresses from next week on. No other changes should be necessary. For backward compatibility some RewriteRules exists for the website and aliases will be provided for the old mail addresses, of course. Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Announcement Mailing List sw-mod-ssl-announce@engelschall.com Automated List Manager majordomo@engelschall.com From owner-modssl-announce@modssl.org Tue May 25 12:12:13 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id MAA07474; Tue, 25 May 1999 12:10:47 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id MAA07468; Tue, 25 May 1999 12:10:45 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id MAA04795; Tue, 25 May 1999 12:00:31 +0200 (MET DST) Received: (qmail 13437 invoked by uid 66); 25 May 1999 10:00:37 -0000 Received: from en by slarti with UUCP; Tue May 25 10:00:37 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id MAA89627; Tue, 25 May 1999 12:00:04 +0200 (CEST) Date: Tue, 25 May 1999 12:00:03 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: mod_ssl 2.3.0 released Message-ID: <19990525120003.A89361@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.5i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce _ _ _ __ ___ ___ __| | ___ ___| | | '_ ` _ \ / _ \ / _` | / __/ __| | | | | | | | (_) | (_| | \__ \__ \ | ``mod_ssl combines the flexibility of |_| |_| |_|\___/ \__,_|___|___/___/_| Apache with the security of OpenSSL.'' |_____| mod_ssl ``Ralf Engelschall has released an Apache Interface to OpenSSL excellent module that integrates http://www.modssl.org/ Apache and SSLeay/OpenSSL.'' Version 2.3.0 -- Tim J. Hudson This Apache module provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was originally derived from software developed by Ben Laurie for use in the Apache-SSL HTTP server project. As a summary, here are its main features: o Open-Source software (BSD-style license) o Useable for both commercial and non-commercial use o Available for both Unix and Win32 (Windows 95/98/NT) platforms o 128-bit strong cryptography world-wide o Support for SSLv2, SSLv3 and TLSv1 protocols o Support for both RSA and Diffie-Hellman ciphers o Clean reviewable ANSI C source code o Clean Apache module architecture o Integrates seamlessly into Apache through an Extended API (EAPI) o Full Dynamic Shared Object (DSO) support o Support for the OpenSSL+RSAref US-situation o Advanced pass-phrase handling for private keys o X.509 certificate based authentication for both client and server o X.509 certificate revocation list (CRL) support o Support for per-URL renegotiation of SSL handshake parameters o Support for explicit seeding of the PRNG from external sources o Additional boolean-expression based access control facility o Backward compatibility to other Apache SSL solutions o Inter-process SSL session cache o Powerful dedicated SSL engine logging facility o Simple and robust application to Apache source trees o Fully integrated into the Apache 1.3 configuration mechanism o Additional integration into the Apache Autoconf-style Interface (APACI) o Assistance in X.509v3 certificate generation (both RSA and DSA) For more details about mod_ssl please visit its net locations under: http://www.modssl.org/ ftp://ftp.modssl.org/ Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Fri May 28 22:53:50 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id WAA10707; Fri, 28 May 1999 22:52:30 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id WAA10701; Fri, 28 May 1999 22:52:27 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id OAA17056; Fri, 28 May 1999 14:40:02 +0200 (MET DST) Received: (qmail 26270 invoked by uid 66); 28 May 1999 12:39:57 -0000 Received: from en by slarti with UUCP; Fri May 28 12:39:57 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id OAA38747; Fri, 28 May 1999 14:39:47 +0200 (CEST) Date: Fri, 28 May 1999 14:39:47 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.3.1-1.3.6 Message-ID: <19990528143947.A38731@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.5i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce The first bunch of bugfixes for the mod_ssl 2.3 release cycle exists. These are for the recently discovered problems related to Win32 and EAPI, plus a BIO-related memory leak bugfix. The CHANGES entries are appended. URLs: http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.3.1 (25-Apr-1999 to 28-May-1999) *) Fixed two memory leaks in ssl_util_ssl.c related to BIOs. *) Fixed EAPI sources in src/ap/: They failed to compile when -DEAPI wasn't used which isn't nice. *) Fixed Win32 stuff: src/ap/ap.mak missed entries for ap_mm.[ch], src/modules/ssl/Makefile.win32 missed entry for ssl_engine_dh.c, configure.bat wasn't aware of the new include/openssl/ layout. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Tue Jun 8 11:26:40 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id KAA11135; Tue, 8 Jun 1999 10:41:42 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id KAA11129; Tue, 8 Jun 1999 10:41:39 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id KAA11078; Tue, 8 Jun 1999 10:40:47 +0200 (MET DST) Received: (qmail 20749 invoked by uid 66); 8 Jun 1999 08:40:02 -0000 Received: from en by slarti with UUCP; Tue Jun 8 08:40:02 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id KAA03967; Tue, 8 Jun 1999 10:39:33 +0200 (CEST) Date: Tue, 8 Jun 1999 10:39:33 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.3.2 Message-ID: <19990608103933.A3687@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Anybody thought mod_ssl already has all important features? Then you should now grab the latest version 2.3.2 and try out the shared memory based session cache. This is an inter-process SSL session cache residing in a high-performane hash table which itself is placed in a shared memory segment. Technically viewed a really interesting and nifty thing, IMHO. At least Unix hackers will like it ;) But normal users should like it, too. Because it should provide us with the most robust and fast session cache we can think of. Actually I'm very pleased about the fact that I finally can provide you this feature, because it was a _very_ long way to it (such such a long way as for DSA/DH support, but nearly as long). Half a year ago I've already evaluated how we can achieve such a cache, but when you're a Unix hacker you know that shared memory is highly unportable. Because there are lots of possible and totally different implementations. For this in January I started to write the MM Shared Memory Library (http://www.engelschall.com/sw/mm/) which hides all those gory details behind a nice malloc(3) style API. And MM now _is_ portable. OTOH I needed a high-performance hash library and found Gray Watson's `Table' library which is of this type. The only problem was that it works on the heap. But because MM provides a malloc(3) style API, I was able to easily convert `Table' to work inside a shared memory segment, of course. So, voila: Merging MM and Table together we're now able to provide a shared memory session cache for Apache in a portable way... When you want to use this feature you need to build Apache+EAPI with MM library. This is documented in the mod_ssl INSTALL document. So, when you're an old mod_ssl user, please again have a quick look at this document. Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.3.2 (28-May-1999 to 08-Jun-1999) *) Removed obsolete mca.sh script and updated cca.sh script to current OpenSSL state. *) Now "SSLSessionCache none" really disables _all_ caching, i.e. including the internal OpenSSL cache. *) Added Shared Memory based SSL Session Cache: A new "SSLSessionCache shm:/path/to/file(bytes)" variant of the SSL session cache was added. This uses a high-performance hash table inside a shared memory segment to provide the fastest inter-process session cache which is possible. For this Apache+EAPI has to be built with EAPI_MM (linked against the MM library, the shared memory abstraction). *) Fixed the EAPI_MM related patches to Apache's src/Configure: The variables were overridden instead of extended. *) Added hint to FAQ to make sure people enter the FQDN for CommonName when generating a server certificate. Added hint to EGD to reference chapter. *) Some more Win32 fixes. *) Fixed a session cache problem on shutdowns. *) Fixed mod_ssl's ``configure --with-mm=DIR'' ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Wed Jun 9 15:43:18 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id PAA06868; Wed, 9 Jun 1999 15:39:40 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id PAA06860; Wed, 9 Jun 1999 15:39:36 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id PAA06766; Wed, 9 Jun 1999 15:38:05 +0200 (MET DST) Received: (qmail 18980 invoked by uid 66); 9 Jun 1999 13:37:15 -0000 Received: from en by slarti with UUCP; Wed Jun 9 13:37:15 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id PAA76268; Wed, 9 Jun 1999 15:35:21 +0200 (CEST) Date: Wed, 9 Jun 1999 15:35:20 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.3.3 Message-ID: <19990609153520.A76241@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Due to the discovered portability problems under Unix/glibc-2.1 and Win32 I now kick out a bugfix only version before the next features will be added. As usual, you can grab the tarball from: http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.3.3 (08-Jun-1999 to 09-Jun-1999) *) Various type fixes for Session Cache code. *) A few fixes to make the Win32 world happy again. *) Fixed glibc 2.1 ndbm.h inclusion problems. *) Make sure that in "SSLSessionCache shm:/path/to/file(NNN)" the size NNN cannot be specified greater than the maximum possible shared memory segment (which is platform dependent, of course). ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Fri Jun 18 14:12:09 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id OAA12222; Fri, 18 Jun 1999 14:09:33 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id OAA12217; Fri, 18 Jun 1999 14:09:31 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id NAA11449; Fri, 18 Jun 1999 13:54:24 +0200 (MET DST) Received: (qmail 25620 invoked by uid 66); 18 Jun 1999 11:57:01 -0000 Received: from en by slarti with UUCP; Fri Jun 18 11:57:01 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id NAA01427; Fri, 18 Jun 1999 13:51:53 +0200 (CEST) Date: Fri, 18 Jun 1999 13:51:53 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.3.4 Message-ID: <19990618135153.A1395@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce The next mod_ssl 2.3 version provides you mainly two things: A new (optionally) optimized SSL renegotiation handling and the ability to retrieve SSL session cache status information via mod_status. Detailed information is appended. As always, the tarball can be found on: http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.3.4 (09-Jun-1999 to 18-Jun-1999) *) The Fake Basic Auth stuff now is logging it's operation. *) Fixed pkg.contrib/cca.sh script: CA:TRUE was incorrect for a client certificate, of course. *) Added session cache status display to the pages generated by mod_status. When "ExtendedStatus on" is used mod_ssl appends session cache information (supported for both DBM and SHM). *) Fixed ``SSLVerifyClient optional_no_ca'' for per-directory context. *) Added ``SSLOptions +OptRenegotiate'': This enables optimized SSL connection renegotiation handling when SSL directives are used in per-directory context. Per default a strict handling is enabled where every per-directory reconfiguration of SSL parameters cause a full SSL renegotiation handshake. When this option is used mod_ssl tries to avoid unnecessary handshakes by doing more granular (but still safe) parameter checks. This should reduce the renegotiation overhead a little bit. *) Also print SSL errors on SSL_ERROR_SYSCALL situation. *) Make sure EAPI_MM=SYSTEM doesn't add -I/usr/include to CFLAGS (which occurrs for instance under Debian where MM is installed in system locations). *) The SSL session context is now also set on session renegotiations. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Tue Jun 22 18:16:50 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id SAA07176; Tue, 22 Jun 1999 18:11:30 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id SAA07171; Tue, 22 Jun 1999 18:11:27 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id SAA07075; Tue, 22 Jun 1999 18:09:09 +0200 (MET DST) Received: (qmail 3689 invoked by uid 66); 22 Jun 1999 16:11:28 -0000 Received: from en by slarti with UUCP; Tue Jun 22 16:11:28 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id SAA14127; Tue, 22 Jun 1999 18:07:58 +0200 (CEST) Date: Tue, 22 Jun 1999 18:07:58 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.3.5 Message-ID: <19990622180758.A13875@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Oouuuaaaa... he had a really nasty bug in the shared memory session cache variant: Once the session cache was filled the hash table library adjusted it and there it used plain heap-based calloc() instead of the MM variant of calloc(). This later caused the session cache related core dumps, of course. Thanks to all who discovered these core dumps. I needed the whole day to found this subtle bug, but after I've fixed the calloc() problem my development machine no longer dumped core. Hope it's now also fixed for you. BTW, while debugging today I've also found a mutex related bug in MM. It's now also fixed with MM 1.0.7. So all of you are encouraged to upgrade to mod_ssl 2.3.5 plus MM 1.0.7. Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.3.5 (18-Jun-1999 to 22-Jun-1999) *) Rewritten the DBM and SHM expiration functions in ssl_engine_scache.c to avoid problematic situation where one deletes an entry before the iteration counter was incremented. This was perhaps also another reasons for the session cache related core dumps. *) Fixed a nasty bug in ssl_util_table.c: A static (heap-based) calloc() call was forgotten to be converted to a dynamic (shared memory based) table->calloc() call. This leaded to various core dumps once the session cache's hash table was filled as had to be resized (which occured only after some time of operation, of course). *) Now mod_ssl displays an info logfile entry when the server certificate is a SCG one and warning logfile entries when the server certificate has BasicConstraints CA:TRUE or pathlen>0. *) Fixed FakeBasicAuth handling: ssl::client::dn wasn't set correctly and wasn't set at all in renegotiation context. *) Fixed HowTo example with +FakeBasicAuth: AuthName was missing and typos ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Thu Jul 15 11:56:06 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id LAA01460; Thu, 15 Jul 1999 11:51:41 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id LAA01441; Thu, 15 Jul 1999 11:51:33 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id JAA20763; Thu, 15 Jul 1999 09:51:20 +0200 (MET DST) Received: (qmail 9853 invoked by uid 66); 15 Jul 1999 07:50:40 -0000 Received: from en by slarti with UUCP; Thu Jul 15 07:50:40 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id JAA13097; Thu, 15 Jul 1999 09:47:32 +0200 (CEST) Date: Thu, 15 Jul 1999 09:47:32 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.3.6 Message-ID: <19990715094732.A5404@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce mod_ssl 2.3.6: this is a colorful mixture between a maintainance version and a minor feature version. Beside the regular updates and bugfixes it includes especially a new SSLCertificateChainFile directive which allows you to explicitly generate the server certificate chain. That's especially important when using client authentication and there especially when used in conjunction with facilities like Server Gated Cryptography (SGC) (aka Global ID stuff). As always, fetch it from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ BTW, there are still a few feature requests in my queue which are still not included in this 2.3 version (I propose them to be included for 2.4): o C2Net's SSL proxy enhancements (because documentation is still missing and it's not tested enough) o Matthias Loepfe's optimizations in dynamic renegotiation (because I've still not found time to review it) o David Harris's fix for graceful restart problem (because I've still not found time to review it) o The old "SSLListen" idea (because it still doesn't work I want it to work) Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.3.6 (22-Jun-1999 to 14-Jul-1999) *) Enhanced ap_mm_create() failure messages in alloc.c *) Fixed a core dump for the rare situation where mod_ssl was build statically into Apache but not enabled (AddModule). *) Perform more tries to chown() used DBM files. *) Fixed memory leaks on restarts related to shared memory session cache: the MM object wasn't removed at all. *) Allow SSL_DBM_FILE_SUFFIX_DIR and SSL_DBM_FILE_SUFFIX_PAG to be overridden via CFLAGS. *) Fixed grammar and typos in ssl_reference.wml *) Done a blind update of the INSTALL.Win32 document. *) Added five new FAQ entries. *) Fixed EAPI MM related permission problems. *) On startup the configured cipher suite is now also displayed under log level "trace". *) Let the Win32 configure.bat complain when --with-apache or --with-ssl is missing. *) Added new `SSLCertificateChainFile /path/to/file' directive. This can point to a file containing the concatenation of PEM encoded CA certificates which explicitly form the server certificate chain. This is intended for instance for the Global-ID situation where one _has_ to send the intermediate CA of Verisign with the GID while one wants to avoid that under client authentication all clients issued by this CA are accepted (which would happen when one references the CA cert via SSLCACertificatePath or SSLCACertificateFile instead of SSLCertificateChainFile). *) Changed the "Interrupted by system" `error' to `info' level in case errno is not > 0. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Sun Jul 25 14:12:21 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id OAA17074; Sun, 25 Jul 1999 14:07:46 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id OAA17050; Sun, 25 Jul 1999 14:07:38 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id OAA16858; Sun, 25 Jul 1999 14:02:32 +0200 (MET DST) Received: (qmail 4924 invoked by uid 66); 25 Jul 1999 12:02:59 -0000 Received: from en by slarti with UUCP; Sun Jul 25 12:02:59 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id NAA74668; Sun, 25 Jul 1999 13:59:57 +0200 (CEST) Date: Sun, 25 Jul 1999 13:59:56 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.3.7 Message-ID: <19990725135956.A74654@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce This is one more bugfix version to stabilize 2.3. Beside a few minor fixes, it provides the major rewrite of the DBM session cache expiry operation which should solve the problems (segfaults and/or high CPU load) which occurred with some vendor DBM libraries. All users who had DBM-related problems are strongly encouraged to upgrade to this version. Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.3.7 (14-Jul-1999 to 25-Jul-1999) *) Optimization for logfile handling: We now short-circuit the filedescriptors for inherited logfiles in order to save filedescriptors. This is important for mass virtual hosting situations where we really have to reduce the resource consumption. *) Enhanced the DBM-based SSL Session Cache: o the cache DBM files are removed on shutdowns and restarts now to prevent the occurance of DBM inconsistencies over long runs. o the DBM store operation now stores only data which has sizeof(key)+sizeof(data) < 1024 to make sure some broken vendor DBM libraries do not segfault on large entries. Only with the built-in SDBM library up to 8KB are stored. o the expiry procedure was rewritten to prevent problems with less smart DBM libraries: Instead of iterating and deleting in parallel (which causes some DBM libraries to become totally crazy) a two pass approach is used. In the first pass the DBM library is scanned and expired elements are remembered only. In the second pass the rememebered elements are actually deleted. *) Fixed SSL mutex handling: the mutex file was not removed on shutdown. *) Fixed global shared memory pool handling in alloc.c: The shared memory related temporary files of MM were not removed because ap_mm_destroy() was missing on exit. *) A few adjustments anf fixes to the FAQ and added hint to OpenSA to INSTALL.Win32. *) Fixed ``SSLRandomSeed exec:..'' for OS/2 and Win32. *) Fixed shared memory pool handling in alloc.c: Two realloc() calls were not shared memory aware. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Sun Jul 25 15:07:36 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id PAA20060; Sun, 25 Jul 1999 15:04:28 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id PAA20055; Sun, 25 Jul 1999 15:04:26 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id PAA19920; Sun, 25 Jul 1999 15:01:16 +0200 (MET DST) Received: (qmail 7475 invoked by uid 66); 25 Jul 1999 13:01:43 -0000 Received: from en by slarti with UUCP; Sun Jul 25 13:01:43 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id OAA32614; Sun, 25 Jul 1999 14:59:41 +0200 (CEST) Date: Sun, 25 Jul 1999 14:59:41 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.3.8 Message-ID: <19990725145941.A32596@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Shit happens: after I kicked out mod_ssl 2.3.7 and installed in one of my production servers I discovered a nasty bug which never occurred on the development servers :-( I've immediately fixed this bug and have to kick out 2.3.8 now. And I really thought it becomes a relaxing Sunday afternoon... Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.3.8 (25-Jul-1999 to 25-Jul-1999) *) Fixed a nasty problem with early pool cleanups during startup when shared memory session caches are configured. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Mon Jul 26 09:02:28 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id IAA18308; Mon, 26 Jul 1999 08:58:57 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id IAA18297; Mon, 26 Jul 1999 08:58:52 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id IAA18176; Mon, 26 Jul 1999 08:56:08 +0200 (MET DST) Received: (qmail 2207 invoked by uid 66); 26 Jul 1999 06:56:19 -0000 Received: from en by slarti with UUCP; Mon Jul 26 06:56:19 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id IAA12085; Mon, 26 Jul 1999 08:54:07 +0200 (CEST) Date: Mon, 26 Jul 1999 08:54:07 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.3.9 ;) Message-ID: <19990726085406.A12070@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Yeah, yeah, shit happens not only once. Two more compile problems were found today, so I've to immediately kick out another fixed version. I've now compiled it without anything (neither mod_ssl nor EAPI), just EAPI, EAPI+EAPI_MM, etc and it passed all the compiles fine. Now I'm really interesting what comes next ;) Sorry for the inconviniences. Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.3.9 (25-Jul-1999 to 26-Jul-1999) *) Compile ap_make_shared_sub_pool() only under -DEAPI and added it to httpd.exp. *) Fixed alloc.c again: the ap_mm_destroy has to be used only for defined(EAPI) && defined(EAPI_MM) and not just for defined(EAPI). ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Wed Jul 28 15:56:10 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id PAA01386; Wed, 28 Jul 1999 15:50:08 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id PAA01374; Wed, 28 Jul 1999 15:50:04 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id PAA01338; Wed, 28 Jul 1999 15:49:45 +0200 (MET DST) Received: (qmail 4391 invoked by uid 66); 28 Jul 1999 13:50:01 -0000 Received: from en by slarti with UUCP; Wed Jul 28 13:50:01 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id PAA76742; Wed, 28 Jul 1999 15:47:24 +0200 (CEST) Date: Wed, 28 Jul 1999 15:47:23 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.3.10 Message-ID: <19990728154723.A76703@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Although I have a personal aversion on two-character wide patchlevels, here is version 2.3.10 - because we've to tweak 2.3 until it is really stable before we can proceed with 2.4. This version provides a fix for the SSLMutex problems ("file not found") and an experimental solution for the POST problems which occured under per-URL SSL parameter re-configuration (read below for more details). Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.3.10 (26-Jul-1999 to 28-Jul-1999) *) Changed the handling of the `per-URL SSL re-configuration in conjunction with POST method based HTTP requests' problem: Per default mod_ssl now returns a METHOD_NOT_ALLOWED HTTP error when one tries to POST to a URL which has SSL parameters re-configured, because mod_ssl per default cannot handle this situation (for technical reasons). This way the I/O errors which occured in the past are now at least replaced by a correct error message. But when you build with --enable-rule=SSL_EXPERIMENTAL you get experimental support for this situation and you then _CAN_ use POST even in conjunction with per-URL SSL re-configurations. But nevertheless one have to keep in mind that the POST body is still transferred under the global SSL parameters and that the renegotiation (typically to a stronger cipher, etc.) happens only before the response is sent (and not before the POST data is read!). The rule of thumb is: per-URL SSL parameters _CANNOT_ be applied to _ANY_ part of the _REQUEST_, they are only guarrantied to be applied to the _RESPONSE_. In practice there are situations (for instance when the client resumes the request already with previously renegotiated parameters, etc.) where the situation _CAN_ be better. But you cannot _EXPECT_ it to be better and mod_ssl _CANNOT GUARRANTY_ it to be better, of course. *) Added support for latest OpenSSL 0.9.4-dev snapshot version. *) Fixed initialization and cleanup relazed problems with SSLMutex: The mutex is now closed before the chown and the mutex is removed only in the parent on module shutdown. *) Removed HTTPD_ROOT from EAPI_MM_CORE_PATH definition in httpd.h because it is redundant and can cause problems. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Tue Aug 3 12:31:51 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id MAA02028; Tue, 3 Aug 1999 12:21:40 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id MAA02019; Tue, 3 Aug 1999 12:21:36 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id MAA01814; Tue, 3 Aug 1999 12:18:24 +0200 (MET DST) Received: (qmail 11806 invoked by uid 66); 3 Aug 1999 10:18:19 -0000 Received: from en by slarti with UUCP; Tue Aug 3 10:18:19 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id MAA53206; Tue, 3 Aug 1999 12:16:28 +0200 (CEST) Date: Tue, 3 Aug 1999 12:16:28 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.3.11 Message-ID: <19990803121628.A53169@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Lots of small bugfixes and enhancements, but nothing to worry about if you're already running mod_ssl 2.3 without problems. Thanks especially to Holger for the various ideas for the configuration checks. It's our hope that this way we can avoid a few FAQs on modssl-users for the future ;) Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.3.11 (28-Jul-1999 to 03-Aug-1999) *) Changed pass phrase dialog: Now you're allowed to enter even 1 char pass phrases, i.e. you're no longer required to enter more than 4 characters. That's important for encrypted private keys not generated via OpenSSL. *) Added configuration check: Now mod_ssl checks on startup whether the CommonName (CN) of a certificate matches the ServerName of the virtual host. If not, a warning is given, because it will lead to at least popping up dialog boxes in NS and IE. *) Added configuration check: Now mod_ssl checks whether more than one SSL-aware virtual host uses the same IP:port and complains with a warning, because for SSL name-based virtual hosts cannot be used. *) Overhauled mod_define: it now uses a global define value table and this way not works correctly also in sections and other contexts. *) Added a few more FAQ entries. *) Cleaned up ssl_init_Module() function: it now no longer destroys the server_rec argument as a side-effect. *) Fixed top-level Makefile.tmpl: ssl.crl wasn't created; README.CRL wasn't installed; incorporated an important escaping bugfix from Apache 1.3.7-dev. *) Added fallback definitions for TRUE/FALSE to ap_mm.h *) Fixed I/O pre-sucking for HTTPS proxy situations where no mod_ssl context is attached to SSL structures. *) Fixed Mutex acquiring under Win32: the result value was computed incorrectly and leaded to warning log entries. *) Catch SIGPIPE in truerand.c (a contrib program in pkg.contrib/) to allow it behave correctly under `SSLRandomSeed exec:bin/truerand N'. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Fri Aug 20 08:19:40 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id IAA20822; Fri, 20 Aug 1999 08:13:36 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id IAA20817; Fri, 20 Aug 1999 08:13:33 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id IAA20709; Fri, 20 Aug 1999 08:07:38 +0200 (MET DST) Received: (qmail 4069 invoked by uid 66); 20 Aug 1999 06:10:54 -0000 Received: from en by slarti with UUCP; Fri Aug 20 06:10:54 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id IAA27232; Fri, 20 Aug 1999 08:04:10 +0200 (CEST) Date: Fri, 20 Aug 1999 08:04:10 +0200 From: "Ralf S. Engelschall" To: modssl-users@modssl.org, modssl-announce@modssl.org Subject: ANNOUNCE: mod_ssl 2.4.0 (Apache 1.3.9) Message-ID: <19990820080410.A27214@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.7i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce After struggling with with Apache 1.3.7 and Apache 1.3.8 (both were not released), Apache 1.3.9 is now finally available. The corresponding mod_ssl version was bumped to 2.4.0, although this time mod_ssl itself was not changed dramatically (so you can really expect it to be really stable). So, a small changelog entry for mod_ssl, but a lot of differences for the whole system Apache+mod_ssl+OpenSSL, of course. The current recommended triple is: Apache 1.3.9 + mod_ssl 2.4.0 + OpenSSL 0.9.4 Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.4.0 (03-Aug-1999 to 18-Aug-1999) *) Upgraded from Apache 1.3.6 to Apache 1.3.9 (Apache versions 1.3.7 and 1.3.8 were not released). *) Fixed a nasty bug in mod_define.c: the global define variable pool was never destroyed and this way could lead to segfaults on server restarts. *) Pass number of bytes from ``SSLRandomSeed exec:/path/to/prog(bytes)'' as first argument to /path/to/prog in order to allow the program to know how much bytes of entropy it should provide on stdout. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Mon Aug 30 21:21:00 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id VAA19428; Mon, 30 Aug 1999 21:15:55 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id VAA19422; Mon, 30 Aug 1999 21:15:47 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id VAA19344; Mon, 30 Aug 1999 21:15:05 +0200 (MET DST) Received: (qmail 9464 invoked by uid 66); 30 Aug 1999 19:17:42 -0000 Received: from en by slarti with UUCP; Mon Aug 30 19:17:42 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id VAA22786; Mon, 30 Aug 1999 21:13:59 +0200 (CEST) Date: Mon, 30 Aug 1999 21:13:58 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.4.1-1.3.9 Message-ID: <19990830211358.A22520@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre1i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce This version provides various cleanups and one important bugfix related to the SSL connection shutdown procedure. This bugfix especially will fix the remaining I/O errors some of you have still seen. So you're strongly encouraged to upgrade to this version. Send your thanks to Paul Wilt for his great detective work which helped in locating this subtle bug. Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.4.1 (18-Aug-1999 to 30-Aug-1999) *) Added logging hint "too restrictive SSLCipherSuite or using DSA server certificate?" for "no shared cipher" errors. *) Added an explicit ap_blush() call to the connection close hook to make sure that pending outgoing data is flushed _before_ the SSL layer is closed. This is important to make sure that the pending data is still transferred through the SSL layer. Else an I/O error can occur inside the browser because the pending data is transferred as plain data (at a time where the browser will no longer expect the data, i.e. after the SSL close notify message was already received by it). *) Added new FAQ entries. *) Show `-D EAPI_MM' on `httpd -V', too. *) Pass also $(MFLAGS) to src/support/mkcert.sh for consistency. *) Fixed mod_define.html: `docroot' was doubled. *) Made sure mkcert.sh handles the algorithm variable more robust in order to make sure that people do not accidently choose the DSA variant. *) mod_ssl now complains already at startup if one tries to use ``SSLMutex file:...'' on Win32 (where the semaphore mutex _has_ to be used). *) Removed obsolete pkg.ssldoc/ssl_cover_title.gif ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Mon Sep 6 16:43:51 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id QAA25030; Mon, 6 Sep 1999 16:39:34 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id QAA25024; Mon, 6 Sep 1999 16:39:31 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id QAA24956; Mon, 6 Sep 1999 16:38:07 +0200 (MET DST) Received: (qmail 14038 invoked by uid 66); 6 Sep 1999 14:40:21 -0000 Received: from en by slarti with UUCP; Mon Sep 6 14:40:21 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id QAA71953; Mon, 6 Sep 1999 16:29:26 +0200 (CEST) Date: Mon, 6 Sep 1999 16:29:25 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.4.2 Message-ID: <19990906162925.A71935@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce The usual amount of bugfixes per week. Nothing to worry about if you've already 2.4.1 running. But if you've an older version running, it's now a good time to upgrade because the 2.4 series is very stable. Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.4.2 (30-Aug-1999 to 06-Sep-1999) *) Added hint about -fPIC vs. -fpic to INSTALL document. *) Changed /sw/bin/perl to the more common /usr/bin/perl in pkg.contrib/loadcacert.cgi. *) Fixed two (harmless) compile-time warnings related to `unsigned char *' vs. `char *'. *) Added hint about required browser restarts on re-installations. *) Added quotes to DocumentRoot in conf/httpd.conf-dist to avoid problems with binbuild.sh. *) Fixed --with-apxs: configure.stub.sh has to be `sourced' as `./configure.stub.sh' instead of just `configure.stub.sh' or some Bourne Shells cannot find it. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Mon Sep 6 16:43:51 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id QAA25038; Mon, 6 Sep 1999 16:39:41 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id QAA25033; Mon, 6 Sep 1999 16:39:38 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id QAA24959; Mon, 6 Sep 1999 16:38:08 +0200 (MET DST) Received: (qmail 14045 invoked by uid 66); 6 Sep 1999 14:40:21 -0000 Received: from en by slarti with UUCP; Mon Sep 6 14:40:21 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id QAA72226; Mon, 6 Sep 1999 16:35:22 +0200 (CEST) Date: Mon, 6 Sep 1999 16:35:22 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: Online Version of OSSC Presentations Message-ID: <19990906163522.A71957@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce It's my pleasure that by courtesy of Holger Reif I can provide you online versions of the presentations o ``The beautiful features of SSL'' o ``How to get SSL into Apache'' which Holger gave last months at O'Reilly Open Source Software Convention 1999 in Monterey. The presentations (talk and tutorial) are available in both HTML/JPEG and Postscript format from http://www.modssl.org/docs/ossc1999/ Send credits to Holger and flames to me. Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Mon Sep 27 13:03:09 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id MAA23820; Mon, 27 Sep 1999 12:58:25 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id MAA23813; Mon, 27 Sep 1999 12:58:22 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id MAA23725; Mon, 27 Sep 1999 12:56:49 +0200 (MET DST) Received: (qmail 19220 invoked by uid 66); 27 Sep 1999 10:57:48 -0000 Received: from en by slarti with UUCP; Mon Sep 27 10:57:48 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id MAA28283; Mon, 27 Sep 1999 12:56:12 +0200 (CEST) Date: Mon, 27 Sep 1999 12:56:11 +0200 From: "Ralf S. Engelschall" To: modssl-users@modssl.org, modssl-announce@modssl.org Subject: ANNOUNCE: mod_ssl 2.4.3 Message-ID: <19990927125611.A28020@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce mod_ssl 2.4.3 - the usual amount of bugfixes and cleanups for the 2.4 series. For more details see the appended CHANGES extract below. As always you can find the tarball on: http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.4.3 (06-Sep-1999 to 27-Sep-1999) *) Upgraded pkg.contrib/gid-mkcert.sh to use OpenSSL instead of SSLeay+cafix+pkcs12. *) Enabled SSL_USE_SEM (Semaphore based SSLMutex) now explicitly for FreeBSD, NetBSD, OpenBSD, Linux and Solaris. *) Fixed ``SSL_CLIENT_CERT_CHAIN'' variable generation under ``SSLOptions +ExportOptions''. *) Added new ``SSL_CLIENT_VERIFY'' variable which can be used with SSLRequire to manually check the verify results under ``SSLVerifyClient optional'' in order to redirect to an enrollment page. *) Fixed documentation related to SSL_XXX variables. *) Fixed timeout handling of internal OpenSSL cache. *) Make sure server.key/ca.key files are stored with explicit permissions 600 also in conf/ssl.key/ inside the source tree. *) Added hint about "Connection refused" problem to FAQ. *) Fixed semaphore based SSLMutex variant: the IPC_CREAT fallback was wrong and the return code semantics were treated incorrectly. Additionally the ownership of the semaphore is now set, too. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Tue Sep 28 14:52:26 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id OAA02442; Tue, 28 Sep 1999 14:47:50 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id OAA02417; Tue, 28 Sep 1999 14:47:43 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id OAA02337; Tue, 28 Sep 1999 14:46:44 +0200 (MET DST) Received: (qmail 18246 invoked by uid 66); 28 Sep 1999 12:50:29 -0000 Received: from en by slarti with UUCP; Tue Sep 28 12:50:29 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id OAA34664; Tue, 28 Sep 1999 14:45:19 +0200 (CEST) Date: Tue, 28 Sep 1999 14:45:18 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.4.4 Message-ID: <19990928144518.A34631@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce As you know, shit happens, so the enabled IPC semaphore support from 2.4.3 for xBSD, Solaris and Linux was broken under compile time for Linux where `union semun' is (correctly) not pre-defined. So we need mod_ssl 2.4.4 which immediately fixes this nasty compilation problem for the Linux community. CHANGES entry follows. Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.4.4 (27-Sep-1999 to 28-Sep-1999) *) Fixed the `union semun' situation for SSLMutex which was broken in 2.4.3 because Apache's internal NEED_UNION_SEMUN define is horrible inconsistent (it was defined only for Solaris although it should be for a lot more platforms). The correct solution actually is this: Some platforms have a `union semun' pre-defined but Single Unix Specification (SUSv2) says in semctl(2): `If required, it is of type union semun, which the application program must explicitly declare'. So we have to define it always ourself to avoid problems (but under a different name to avoid a namespace clash, of course). *) Fixed `make certificate VIEW=1': nested quotes are disliked by strict(er) Bourne shell flavors. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Fri Oct 1 14:45:40 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id OAA11111; Fri, 1 Oct 1999 14:39:24 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id OAA11104; Fri, 1 Oct 1999 14:39:21 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id OAA10858; Fri, 1 Oct 1999 14:34:55 +0200 (MET DST) Received: (qmail 16652 invoked by uid 66); 1 Oct 1999 12:38:28 -0000 Received: from en by slarti with UUCP; Fri Oct 1 12:38:28 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id OAA98667; Fri, 1 Oct 1999 14:33:59 +0200 (CEST) Date: Fri, 1 Oct 1999 14:33:59 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.4.5 Message-ID: <19991001143358.A98622@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Ok, after two versions which failed to compile under some nasty Linux flavors, this one should work fine also for the Linux community. Beside the usual bugfixes for a stable version like this, I've also incorporated some small improvements. For details see the CHANGES entries below. As always, you can fetch mod_ssl 2.4.5 from the following locations: http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Now I've to went back to learning for my last (the forth of four) diploma exams which is "celebrated" in mid October... ;) Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.4.5 (28-Sep-1999 to 01-Oct-1999) *) Now ``make certificate'' displays a warning message if one generates a DSA certificate with it to make sure the user is aware of the fact that a DSA-only webserver is currently useless because the popular browsers do not speak DH-based ciphers. A hint is given that a DSA cert/key pair is only useful in _combination_ with a parallel configured RSA cert/key pair. *) Enhanced the pass phrase dialog: Now ``Server : ()'' is displayed instead of just ``Server :'' and the ``SSLPassPhraseDialog exec:/path/to/program'' is called with arguments ``: '' instead of just ``:'' to allow the distinction between RSA and DSA keys both to the user and to the program. This is important, because a single virtual host can use both a RSA and a DSA cert/key at the same time. *) Added pre-configured (but commented out) SSLCertificate[Key]File directives to conf/httpd.conf-dist which explains the use of the additional DSA cert/key. *) Now the default for SSL_SDBM is 'yes' on Linux boxes because it occurrs too often that Linux boxes with broken DBM libraries are used and people are wondering why their session cache operations segfault the server. If you really want to use the vendor DBM library on Linux you now have to use --disable-rule=SSL_SDBM. But I recommend you to use SDBM except you know what you're doing. *) Fixed typo in FAQ: SSLSessioCache -> SSLSessionCache. *) Enhanced the logging facility: First the "Connection to child x" messages now also contain the client IP address, second every logfile entry now has a prefix which contains also the process id in addition to the time. This way it's easier to identify logfile entries written by different processes. *) Fixed ssl_engine_vars.c: SSL3_TXT_RSA_IDEA_128_SHA was contained twice in a table. Instead the second occurrence should be SSL2_TXT_IDEA_128_CBC_WITH_MD5. *) Fixed the `union semun' situation for SSLMutex again, this time for brain-dead anchient Linux versions which have incorrect semctl(2) prototypes. We now enable IPC semaphores only on glibc 2.1 boxes. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Fri Oct 22 11:00:18 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id KAA04671; Fri, 22 Oct 1999 10:52:17 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id KAA04652; Fri, 22 Oct 1999 10:52:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id KAA04419; Fri, 22 Oct 1999 10:48:05 +0200 (MET DST) Received: (qmail 29354 invoked by uid 66); 22 Oct 1999 08:50:50 -0000 Received: from en by slarti with UUCP; Fri Oct 22 08:50:50 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id KAA50981; Fri, 22 Oct 1999 10:46:38 +0200 (CEST) Date: Fri, 22 Oct 1999 10:46:38 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.4.6 Message-ID: <19991022104637.A44650@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre4i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Before I have to again start with the daily (and already nerving) handicraft and transactions in and for our new flat I took two hours this morning and released mod_ssl 2.4.6 for you. This version provides you with lots of small bugfixes and cleanups and is worth an upgrade attempt. I consider it to be a very stable version which successfully passed all my tests. The corresponding CHANGES entries for this new version are appended. As always, you can grab it from: http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.4.6 (01-Oct-1999 to 22-Oct-1999) *) Re-created RSA and DSA certificates and private keys for both SnakeOil CA and SnakeOil Server, because the RSA certificate already expired recently. The cert/keys are now valid for the next 2 years. *) Freshed up the test welcome page htdocs/index.html with a feather background image (just for fun ;) and with a few other cosmetic cleanups. *) Fixed a few compile warnings under Win32 environment. *) Fixed interactive terminal based pass phrase dialog on Win32 platform by explicitly opening `con' (the console) instead of trying to use stdout (which seems to be no longer connected to the console under Win32). *) Fixed expiration checks for the session cache. The calculation and time comparsions were incorrect. *) Now `httpd -V' also shows the value of EAPI_MM_CORE_PATH (the path to the MM temporary files) if EAPI_MM is activated. *) Made sure that `httpd -t' correctly dies, i.e. including a cleanup of the global MM shared memory pool. Same for `httpd -V'. This is important to not let temporary files stay around which confuse `apachectl'. *) Changed a few checks in ssl_engine_scache.c to be even more conservative in order to prevent problems in advance. *) Reduced the size check for DBM session caching from 1024 to 950 bytes, because most DBM libraries have a limit of 1022. This should make sure we do not break some requirements some DBM libraries implicitly assume (even they do not explicitly document it). *) Fixed SSL_EXPERIMENTAL code related to the POST problem. We now do a more careful memory management and a segfault-situation was removed, too. *) Now the PID is appended to the global MM based shared memory pool alloc.c allocates. This avoids problems with multiple server instances run from the same installation. *) Fixed a few typos in the INSTALL document. *) Fixed a nasty bug in the fixup phase which caused ``SSLOptions +ExportCertChain'' to dump core if no client certificates were present. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Tue Nov 2 11:39:38 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id LAA28743; Tue, 2 Nov 1999 11:26:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id LAA28737; Tue, 2 Nov 1999 11:26:06 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id LAA28650; Tue, 2 Nov 1999 11:24:37 +0100 (MET) Received: (qmail 11464 invoked by uid 66); 2 Nov 1999 10:26:45 -0000 Received: from en by slarti with UUCP; Tue Nov 2 10:26:45 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id LAA95895; Tue, 2 Nov 1999 11:24:26 +0100 (CET) Date: Tue, 2 Nov 1999 11:24:26 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.4.7 Message-ID: <19991102112426.A95794@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Another round to make the stable 2.4 series even more robust and clean: mod_ssl 2.4.7. The CHANGES entries are appended, as usual. If you're already successfully running 2.4.6 you don't have to upgrade this time. If you're running an older version (<= 2.4.6) I recommend you to now upgrade to mod_ssl 2.4.7. No new features will be added to 2.4 and 2.4.7 is already considered rock solid. There will be certainly 2.4.8 and 2.4.9 in the next weeks, but they will not provide new major things. Because in the next weeks development on mod_ssl 2.5 will slowly start and so it's a good time for you to upgrade your installations to the latest and most stable version now. Fetch it now from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.4.7 (22-Oct-1999 to 02-Nov-1999) *) Added a check to mod_so to complain with a warning if one loads a plain Apache 1.3 DSO under EAPI (which might work, but can also segfault). *) Added more defensive programming checks in the cert/key handling. *) Added an entry to the FAQ about the commercial alternatives. *) Disabled SysV IPC semaphore based mutex variant for FreeBSD < 3.0 and any OpenBSD and NetBSD platforms because of conflicts with their non-POSIX conforming semctl(2) prototypes. *) Added an FAQ entry on how to enable Anonymous Diffie-Hellman (ADH) ciphers. *) Now `make certificate' allows one to also change the certificate validity time (default is still 365 days). *) Recreated the ssl.crt/ca-bundle.crt file with all CA certs found in Netscape Communicator 4.7's cert7.db file. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Fri Nov 5 12:26:26 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id MAA13758; Fri, 5 Nov 1999 12:15:48 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id MAA13739; Fri, 5 Nov 1999 12:15:40 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id MAA13633; Fri, 5 Nov 1999 12:14:41 +0100 (MET) Received: (qmail 19253 invoked by uid 66); 5 Nov 1999 11:16:32 -0000 Received: from en by slarti with UUCP; Fri Nov 5 11:16:32 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id MAA83084; Fri, 5 Nov 1999 12:11:03 +0100 (CET) Date: Fri, 5 Nov 1999 12:11:03 +0100 From: "Ralf S. Engelschall" To: modssl-users@modssl.org, modssl-announce@modssl.org Subject: ANNOUNCE: mod_ssl 2.4.8 (Important Bugfix) Message-ID: <19991105121103.A82693@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Because of the availability of a very important bugfix, I immediately release mod_ssl 2.4.8 with it. This version especially should solve any observed segfaults which not even gone away by using `SSLSessionCache none' (because they were not related to DBM libraries and other session cache problematic things). See below for details. So, if you received segfaults in the past, you're now strongly encouraged to upgrade to this version (because the chance is very high that your situation applies to the three conditions listed below). Greetings, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.4.8 (02-Nov-1999 to 05-Nov-1999) *) ** IMPORTANT BUGFIX ** If (and only if)... 1. a server restart at least once happened 2. a HTTPS request occurs from a 40-bit/export browser 3. the underlaying Unix flavor doesn't map DSOs always to the same memory address on each restart ...then a segfault was very likely to occur for usually all previous mod_ssl version. The reason was that mod_ssl's temporary RSA keys and DH parameters were stored in the persistent memory pool directly as OpenSSL's RSA and DH structures. But although these structures successfully survived restarts, the contained pointers, which were placed there by OpenSSL and which were referencing _static_ parts of OpenSSL, pointed to Nirvana after restarts. So on the next need for RSA temporary keys or DH parameters (usually caused by 40bit clients) the OpenSSL library internally segfaulted while processing these structures. This was a very long-standing bug and is now fixed by storing the RSA keys and DH parameters as raw (and this way safe) DER-encoded ASN.1 dats streams (and not structures) in the persistent memory pool. *) Added an FAQ entry about Verisign GIDs and the intermediate CA certificate which is required to fill the gap in the server certificate chain or browsers will complain. *) The configure.bat for Win32 now tries to complain if patches were rejected while they are applied to the Apache source tree. *) Updated ANNOUNCE and README documents. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Wed Nov 24 17:38:47 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id RAA06833; Wed, 24 Nov 1999 17:24:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id RAA06827; Wed, 24 Nov 1999 17:24:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id RAA06800; Wed, 24 Nov 1999 17:23:51 +0100 (MET) Received: (qmail 684 invoked by uid 66); 24 Nov 1999 16:22:24 -0000 Received: from en by slarti with UUCP; Wed Nov 24 16:22:24 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id RAA99487; Wed, 24 Nov 1999 17:20:06 +0100 (CET) Date: Wed, 24 Nov 1999 17:20:06 +0100 From: "Ralf S. Engelschall" To: modssl-users@modssl.org, modssl-announce@modssl.org Subject: ANNOUNCE: mod_ssl 2.4.9 Message-ID: <19991124172006.A96725@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Another maintainance round for the stable mod_ssl 2.4 series: version 2.4.9. This version provides you lots of bugfixes and small enhancements and is worth an upgrade. There is just one incompatibility I had to create (sorry) and which you should be aware of when upgrading: Add `SSLOptions +StdEnvVars' to your httpd.conf file (for more details read below) to make sure your CGI/SSI scripts still get the SSL_XXX variables. Fetch it from: http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.4.9 (05-Nov-1999 to 24-Nov-1999) *) Fixed SSLRequire expression evaluation for number strings. Expressions like `SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128' didn't work if SSL_CIPHER_USEKEYSIZE was "40" because the evaluation used strcmp(3) and this fails to compare numbers of different length. An own comparison function is now used to avoid this problem. *) Now on Win32 a warning is logged once on startup that mod_ssl is NOT officially supported under Win32 and people have to use it there on their own risk (and so shouldn't complain if it doesn't work). Because only the Unix platform is officially supported and mod_ssl is checked for security issues only related this platform. *) For performance reasons it is unreasonable to create the SSL_* CGI/SSI variables _all the time_, because their creation is a rather expensive operation which slows down the server noticeable. Instead it is more reasonable to let them create for CGI and SSI requests _only_. For consistency reason with other `SSLOptions' variables (which all have positive names) and to avoid necessary cleanups changes in the future, I decided to make the incompatibility change _NOW_ (sorry). In short: With mod_ssl 2.4.9 per default no SSI/CGI variables SSL_* are created any longer (only the special "HTTPS" variable is always created). Instead one has to use `SSLOptions +StdEnvVars' to switch the creation on. *) Added an `SSLOptions' variable `StdEnvVars' which now controls the creation of the numerious SSL_* CGI/SSI variables. *) Renamed old variable SSL_{CLIENT,SERVER}_{S,I}_DN_SP to more correct SSL_{CLIENT,SERVER}_{S,I}_DN_ST variable to conform to RFC2156 and current OpenSSL state (which also prints this OID as "ST" and no longer "SP"). *) Added support for SSL_{CLIENT,SERVER}_{S,I}_DN_{T,I,G,S,D,UID} variables (corresponding to X.509 title, initials, givenName, surname, description and uniqueIdentifier OIDs) to allow the checking of more X.509 certificate ingredients. *) Allow mod_rewrite to also lookup the "HTTPS" variable, for instance via ``RewriteCond %{HTTPS} !=on''. *) Removed old URL references to rsaref20.tar.Z from INSTALL document. *) Now an explicit error message is logged also if an SSL session cannot be stored to the DBM file via dbm_store (and not just if dbm_open failed). *) Now the pass phrase dialog no longer uses the hard-coded filedescriptor 10 as the storage for stderr while the pass phrase dialog is displayed. Instead (at least under Unix) it tries to open /dev/null and uses this filedescriptor instead. And when this fails (or always under Win32) it uses the hard-coded filedescriptor 50 (a lot higher than 10 to avoid problems with logfile rotation programs and other things Apache could have started). *) Fixed SSL_make_ciphersuite() function: it calculated the required string length incorrectly and could segfault. BUT THIS FUNCTION IS STILL NOT USED IN MOD_SSL AT ALL, so don't panic. This function is for debugging purposes only. *) Fixed a filedescriptor leak which happened if encrypted private keys were used. Here the pass phrase dialog forgot to close a temporary filedescriptor. *) Added three new OpenSSL log entry annotations: First, "*no start line*" now triggers "Bad file contents or format - or even just a forgotten SSLCertificate KeyFile?" and "*bad password read*" triggers "You entered an incorrect pass phrase!?". Additionally "*bad mac decode*" now triggers "Browser still remembered details of a re-created server certificate?" because people often get "bad data" dialog boxes while (re-)testing with Snake Oil certs. *) Added hint about possibly blocking /dev/random devices also to httpd.conf-default to make sure people don't overlook this subtle platform-dependent problem. Additionally a new FAQ entry was made about this, too. *) Added an entry to the FAQ about GIDs and their intermediate certificate which has to be configured with SSLCertificateChainFile. *) Fixed some external URLs in the FAQ. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Wed Dec 1 19:50:19 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id TAA16770; Wed, 1 Dec 1999 19:39:06 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id TAA16759; Wed, 1 Dec 1999 19:39:03 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id SAA09668; Wed, 1 Dec 1999 18:26:58 +0100 (MET) Received: (qmail 18386 invoked by uid 66); 1 Dec 1999 17:27:20 -0000 Received: from en by slarti with UUCP; Wed Dec 1 17:27:20 1999 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id SAA83598; Wed, 1 Dec 1999 18:20:56 +0100 (CET) Date: Wed, 1 Dec 1999 18:20:56 +0100 From: "Ralf S. Engelschall" To: modssl-users@modssl.org, modssl-announce@modssl.org Subject: INFO: SSL presentation, mod_ssl statistics Message-ID: <19991201182056.A83041@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Just for your information: 1. Under http://www.modssl.org/docs/ecrc1999/ an online version is available of an SSL presentation I gave last month for Cable & Wireless ECRC in Munich, Germany (nevertheless the presentation is in English, of course). It contains the usual amount of general SSL stuff, but also a very concise description of the RSA algorithm and its mathematical background. 2. Under http://www.modssl.org/news/statistic.html the latest numbers for November 1999 from Netcraft and E-Soft Inc. are available. They again show a nice growing popularity of mod_ssl. mod_ssl this time (the first time), with a growth of 13%, even has outdistanced mod_perl in E-Soft Inc.'s Apache module Report. This means that mod_ssl now seems to be the Apache killer module #3 after Frontpage (#2) and PHP (#1). Cheers, Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Sat Jan 8 20:31:52 2000 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id UAA22844; Sat, 8 Jan 2000 20:13:59 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id UAA22838; Sat, 8 Jan 2000 20:13:56 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id UAA22807; Sat, 8 Jan 2000 20:13:18 +0100 (MET) Received: (qmail 16238 invoked by uid 66); 8 Jan 2000 19:11:56 -0000 Received: from en by slarti with UUCP; Sat Jan 8 19:11:56 2000 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id UAA57111; Sat, 8 Jan 2000 20:10:19 +0100 (CET) Date: Sat, 8 Jan 2000 20:10:19 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.4.10-1.3.9 Message-ID: <20000108201019.A57055@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Before we release Apache 1.3.10 the next two weeks, I now provide you with another 1.3.9 based stable mod_ssl: version 2.4.10. It provides no fancy new things, just the release of all pending changes. They are mainly cleanups and small fixes. As always, you can find it on: http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.4.10 (24-Nov-1999 to 08-Jan-2000) *) Mentioned MD5-encrypted password in ssl_reference.wml in addition to DES-encrypted password. *) Added a new FAQ entry about the path internally pre-defined by EAPI_MM_CORE_PATH. *) Adjust the name-based-vhost complain: Talk say "you should not use" instead of "you cannot use", because first there are situations where it can be reasonable to use name-based vhosts with SSL and second there is no technical restriction on the mod_ssl side, of course. *) Changed the license on mod_define.c from the BSD/Apache-style license to a even less restrictive MIT-style license to allow everyone to do with this module what they want. *) Fixed a compile-time warning under very strict compilers by using a more correct `ssl_verify_t' (enum based) instead of `int' in ssl_engine_config.c. *) Various minor documentation updates. *) Made the EAPI-vs-plain-API complain in mod_so more clear. *) Adjusted all copyright messages to contain the new year 2000 ;) *) Fixed INSTALL.W32 document for latest OpenSSL versions. *) Fixed SSL session id context configuration: the value is now an MD5 of `server:port' and this way always a string of just 32 bytes, so OpenSSL's SSL_set_session_id_context() doesn't fail. *) Removed old CVS informations from etc/patch.tar tarball. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Sat Jan 22 22:12:15 2000 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id VAA27659; Sat, 22 Jan 2000 21:53:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id VAA27643; Sat, 22 Jan 2000 21:53:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id VAA27541; Sat, 22 Jan 2000 21:51:36 +0100 (MET) Received: (qmail 8334 invoked by uid 66); 22 Jan 2000 20:48:28 -0000 Received: from en by slarti with UUCP; Sat Jan 22 20:48:28 2000 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id VAA85043; Sat, 22 Jan 2000 21:49:04 +0100 (CET) Date: Sat, 22 Jan 2000 21:49:03 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.5.0-1.3.11 Message-ID: <20000122214903.A85017@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce And here it is: mod_ssl 2.5.0 for Apache 1.3.11. Additionally to the upgrade step for 1.3.11, the old experimental "POST support for HTTPS" is now a standard feature and enables per default. More new features will occur in this 2.5.x series in the next weeks. Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.5.0 (08-Jan-2000 to 22-Jan-2000) *) Switched the old "POST for HTTPS" support code from defined(SSL_EXPERIMENTAL) to !defined(SSL_CONSERVATIVE), because this code is both already stable (even it's not a conservative approach) and important. This way POST support is now available per default, but still can be disabled/removed by very conservative people with an easy --enable-rule=SSL_CONSERVATIVE. *) Added SSL_CONSERVATIVE rule to src/Configuration.tmpl which complements SSL_EXPERIMENTAL. Both rules are per default set to "no", i.e. disabled. But while SSL_EXPERIMENTAL still enables experimental code, enables SSL_CONSERVATIVE conservative code. That is, actually per default some non-conservative things might be enabled which can be _disabled_ by forcing mod_ssl to use only conservative approaches. *) Added entry about "no shared ciphers" to FAQ. *) Upgraded to the new Apache version: 1.3.11 (BTW, Apache 1.3.10 was never released). This moves the mod_ssl community to the latest Apache state and this way implicitly provides them over 70 bugfixes and cleanups which 1.3.11 provides over 1.3.9. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Thu Feb 24 13:28:42 2000 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id NAA15057; Thu, 24 Feb 2000 13:16:36 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id NAA15038; Thu, 24 Feb 2000 13:16:29 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id NAA14902; Thu, 24 Feb 2000 13:15:28 +0100 (MET) Received: (qmail 18920 invoked by uid 66); 24 Feb 2000 12:19:28 -0000 Received: from en by slarti with UUCP; Thu Feb 24 12:19:28 2000 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id NAA16822; Thu, 24 Feb 2000 13:12:54 +0100 (CET) Date: Thu, 24 Feb 2000 13:12:54 +0100 From: "Ralf S. Engelschall" To: modssl-users@modssl.org, modssl-announce@modssl.org Subject: ANNOUNCE: mod_ssl 2.5.1-1.3.11 Message-ID: <20000224131254.A16804@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Before I switch the CVS source repository, import Apache 1.3.12 and start the mod_ssl 2.6 series, I've flushed all pending bugfixes to provide you a maximum stable last mod_ssl 2.5 version. Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.5.1 (22-Jan-2000 to 24-Feb-2000) *) Made sure OpenSSL's Pseudo Random Number Generator (PRNG) is seeded already before the temporary RSA keys are generated. *) Fixed possible security hole in mkcert.sh script (make certificate) by making sure we already generate the foo.key files with proper umask instead of chmod them later (and this way perhaps too late). *) Fixed memory leak caused by not-freed SSL_CTX in the HTTPS proxy support (ssl_engine_ext.c/mod_proxy). *) Fixed quotation author in ssl_glossary.html: it's Richard Nixon, as Lukas Bradley pointed out. *) Use "/usr/local/ssl" as the default for $SSL_BASE only if this path really exists. Else use "SYSTEM" and this way be more flexible. This is especially interesting for RedHat/RPM users where OpenSSL stays often directly under /usr. *) Make sure libssl.module also detects OpenSSL correctly if OpenSSL was built as shared libraries (.so) *) Let configure script more accurately check for -h, -v and -q options on command line. *) Make `SSLSessionCache none' really work as expected. *) Added support for the latest OpenSSL snapshot (>= version 0.9.4). *) Removed the removal of "#ifdef lint.. #endif" lines from src/modules/ssl/Makefile.tmpl to make the life of the OpenBSD guys easier in the future. *) Removed Unix Bourne-Shell construct "2>&1" from Win32's configure.bat script because Win32 hates this. *) Fixed ApacheCore.def for Win32: Some numbers occured multiple times. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Fri Feb 25 10:45:44 2000 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id KAA24123; Fri, 25 Feb 2000 10:40:39 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id KAA24110; Fri, 25 Feb 2000 10:40:35 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id KAA23566; Fri, 25 Feb 2000 10:31:27 +0100 (MET) Received: (qmail 6525 invoked by uid 66); 25 Feb 2000 09:35:24 -0000 Received: from en by slarti with UUCP; Fri Feb 25 09:35:24 2000 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id KAA29586; Fri, 25 Feb 2000 10:31:15 +0100 (CET) Date: Fri, 25 Feb 2000 10:31:14 +0100 From: "Ralf S. Engelschall" To: modssl-users@modssl.org, modssl-announce@modssl.org Subject: ANNOUNCE: mod_ssl 2.6.0-1.3.12 Message-ID: <20000225103114.A28641@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Apache 1.3.12 is already around the corner and should be released these days (be patient, please!), so I'll release mod_ssl 2.6.0 for it. Because I'm not available the coming days (we have our church marriage-ceremony on this weekend ;) and I don't wanted to let you wait to use SSL with this Apache version (especially because of security reasons you should consider to upgrade to 1.3.12). Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.6.0 (24-Feb-2000 to 25-Feb-2000) *) Merged in enhanced HTTPS Proxy Support which is derived from Stronghold 2.x and was originally contributed by C2Net over one year ago. This is still _EXPERIMENTAL_ stuff, so it is entirely wrapped with SSL_EXPERIMENTAL sections and has to be abled under built-time with --enable-rule=SSL_EXPERIMENTAL. Then the following new configuration directives are provided to fine-tune the HTTPS proxy support: o SSLProxyProtocol [+-][SSLv2|SSLv3|TLSv1] ... (enable or disable SSL protocol flavors) o SSLProxyCipherSuite XXX:...:XXX (colon-delimited list of permitted SSL ciphers) o SSLProxyVerify on|off (whether to verify the remote certificate) o SSLProxyVerifyDepth N (maximum certificate verification depth) o SSLProxyCACertificateFile /path/to/file (file containing server certificates) o SSLProxyCACertificatePath /path/to/dir (directory containing server certificates) o SSLProxyMachineCertificateFile /path/to/file (file containing client certificates) o SSLProxyMachineCertificatePath /path/to/dir (directory containing client certificates) This stuff is declared experimental, because it was still _NOT_ tested in depth and is still _UNDOCUMENTED_. So keep in mind what SSL_EXPERIMENTAL means and use this with care! *) Extended the EAPI patches to mod_proxy to allow the new HTTPS proxy support to be merged in. *) Fixed ssl_io_suck() prototype scope in mod_ssl.h by changing the old #ifdef SSL_EXPERIMENTAL to the now correct #ifndef SSL_CONSERVATIVE. *) Added "cons" and "nocons" development target to src/modules/ssl/Makefile.tmpl. *) Upgraded to Apache version 1.3.12. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Tue Feb 29 21:15:28 2000 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id VAA22753; Tue, 29 Feb 2000 21:02:47 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id VAA22710; Tue, 29 Feb 2000 21:02:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id OAA17565; Tue, 29 Feb 2000 14:45:01 +0100 (MET) Received: (qmail 2630 invoked by uid 66); 29 Feb 2000 13:48:44 -0000 Received: from en by slarti with UUCP; Tue Feb 29 13:48:44 2000 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id OAA53783; Tue, 29 Feb 2000 14:41:54 +0100 (CET) Date: Tue, 29 Feb 2000 14:41:54 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.6.1-1.3.12 Message-ID: <20000229144154.A53735@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce mod_ssl 2.6.1 is now available. It provides mainly PRNG changes, but also a few other fixes and cleanups. http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.6.1 (25-Feb-2000 to 29-Feb-2000) *) Added support for OpenSSL 0.9.5's RAND_egd() which is now used to read entropy from the EGD Unix domain socket if `SSLRandSeed egd:/path/to/socket' is configured. *) Extended builtin PRNG seeding with a run-time stack based source. This way the builtin source now creates more entropy and usually enough to make OpenSSL >= 0.9.5 happy again. If OpenSSL is still not happy (i.e. still not sufficient entropy exists), a warning message is logged by mod_ssl now. *) Fixed Tanenbaum's name on the quote in ssl_intro.wml *) Updated Thawte's sxnet stuff for latest OpenSSL. *) Allow mod_ssl to compile also under Win32 & VC++ 6.0 *) Fix OS/2 support and this way make mod_ssl again work also under this platform. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Thu Mar 2 11:28:49 2000 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id LAA12064; Thu, 2 Mar 2000 11:18:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id LAA12053; Thu, 2 Mar 2000 11:18:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id LAA11747; Thu, 2 Mar 2000 11:13:49 +0100 (MET) Received: (qmail 5098 invoked by uid 66); 2 Mar 2000 10:16:05 -0000 Received: from en by slarti with UUCP; Thu Mar 2 10:16:05 2000 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id LAA32699; Thu, 2 Mar 2000 11:12:20 +0100 (CET) Date: Thu, 2 Mar 2000 11:12:20 +0100 From: "Ralf S. Engelschall" To: modssl-users@modssl.org, modssl-announce@modssl.org Subject: ANNOUNCE: mod_ssl 2.6.2-1.3.12 Message-ID: <20000302111220.A32431@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce And another round to make mod_ssl 2.6 as stable as it can be: version 2.6.2. It provides important bugfixes and a new ca-bundle.crt file for client authentication. http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.6.2 (29-Feb-2000 to 02-Mar-2000) *) Updated the conf/ssl.crt/ca-bundle.crt file (containing the CA Root Certificates of over 60 popular CAs) to the contents extracted from Netscape Communicator 4.72's cert7.db file. *) Fixed compilation of the new HTTPS proxy code (SSL_EXPERIMENTAL): The SSL_VENDOR was required without need if SSL_EXPERIMENTAL was enabled. This is now fixed and only SSL_EXPERIMENTAL is requied again for the new HTTPS proxy stuff. *) Added an FAQ entry about the "less entropy for the PRNG" problem which now becomes "popular" ;) with OpenSSL 0.9.5. *) Fixed conf/ssl.crl/Makefile: the files which have to be checked for existance are named foo.rNNN and not just foo.NNN *) Fixed a typo related to a RAND_status call in ssl_engine_rand.c which was introduced in 2.6.1 and which caused mod_ssl fail to compile if OpenSSL >= 0.9.5 was used [Sorry, my gcc hasn't catched this typo :-(...] *) Added also some random files which exists under Mach/Rhapshody platforms to the list of files in src/support/mkcert.sh to make sure enough entropy is available on these platforms under "make certificate" with OpenSSL 0.9.5 *) Enhanced SSLRequire (SH2) -> SSLRequireSSL (mod_ssl) directive compatibility mapping. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Sun Apr 16 13:12:10 2000 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id MAA14388; Sun, 16 Apr 2000 12:57:27 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id MAA14382; Sun, 16 Apr 2000 12:57:24 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id MAA14297; Sun, 16 Apr 2000 12:55:01 +0200 (MET DST) Received: (qmail 14087 invoked by uid 66); 16 Apr 2000 10:58:27 -0000 Received: from en by slarti with UUCP; Sun Apr 16 10:58:27 2000 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id MAA38295; Sun, 16 Apr 2000 12:47:37 +0200 (CEST) Date: Sun, 16 Apr 2000 12:47:37 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.6.3 Message-ID: <20000416124737.A38273@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.1.11i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce mod_ssl 2.6.3 now available. Nothing fancy, just the usual amount of maintainance cleanups and fixes (for details see the appended CHANGES entries). Grab it from: http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.6.3 (02-Mar-2000 to 16-Apr-2000) *) Moved the session cache expire time calculation and handling in ssl_engine_scache.c down to the particular cache-type dependent expire functions to allow a custom vendor supplied cache to perform its own expire handling. *) The sub-shells from libssl.module are now called with an explicitly determined Bourne Shell (instead of the implicit she-bang line). This both avoids problems on brain-dead platforms where /bin/sh is broken (Ultrix, etc.) and workarounds a CVS problem in OpenBSD where on read-only checkouts the x-bits sometimes get lost. *) Do a slightly better initialization of the random file in src/support/mkcert.sh if $HOME/.rnd doesn't exist. *) Be aware of OpenSSL 0.9.5's X509_V_ERR_CERT_UNTRUSTED error. *) Cleaned up and optimized ssl_engine_vars.c by kicking out the old static cipher table and calculating the cipher bits dynamically. This avoids lots of string comparisons, reduces further maintainance costs and makes the code smaller. *) Cleaned up pkg.contrib/truerand.c: volatile variables, correct function return types, etc. *) Fix HTTPS proxy support: if SSLProxyVerify is Off, we don't need to log any errors if the certification fails. Additionally we now don't free the proxy context after a connection, because we will need it for the next proxy connection we make. *) Activate `SSLMutex sem' also on HPUX. *) Allow libssl.module to handle CFLAGS="cc -flags". *) Fixed typo in ssl_intro.wml: "message" was written twice *) Added two eval casts for ap_md5() calls. *) Fixed typo in ssl_faq.wml: SSLRandSeed -> SSLRandomSeed. *) Add final messages also under "configure --with-eapi-only" which give a hint to proceed with --enable-module=so --enable-rule=EAPI in the Apache source tree. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Mon May 1 19:16:03 2000 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id TAA12796; Mon, 1 May 2000 19:01:39 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id TAA12781; Mon, 1 May 2000 19:01:30 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id SAA12445; Mon, 1 May 2000 18:57:47 +0200 (MET DST) Received: (qmail 28531 invoked by uid 66); 1 May 2000 17:01:20 -0000 Received: from en by slarti with UUCP; Mon May 1 17:01:20 2000 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id SAA64125; Mon, 1 May 2000 18:56:43 +0200 (CEST) Date: Mon, 1 May 2000 18:56:43 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.6.4 Message-ID: <20000501185643.A64050@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.1.12i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Now available: mod_ssl 2.6.4 for Apache 1.3.12. Just the usual amount of bugfixes, tweaks and cleanups to get our mod_ssl 2.6 series even more clean and stable. Change details are appended below. Fetch it from: http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.6.4 (16-Apr-2000 to 01-May-2000) *) Fixed Win32 build by adding gdi32.lib to the libraries and an additional include for . *) Added Equifax Secure CA certificates to ca-bundle.crt. *) Let the pass phrase dialog force the prompt to occur only once (no verification step), because mod_ssl uses the dialog only for pass phrases which are required for reading private keys. This as a side-effect should fix a problem under Win32 where a second prompt occured for unknown reasons. *) Added more compatibility to Stronghold v2's SSL_SessionCache. *) Added two more EAPI hools under SSL_VENDOR: one for overriding ap_server_root_relative calls and one for hooking into the server configuration step. *) Fixed SSL display for mod_status in `short report' situation. *) Made the SSL_EXPERIMENTAL stuff more flexible by checking for particular subset SSL_EXPERIMENTAL_xxxx defines and let SSL_EXPERIMENTAL define all those per default. This reduces the amount of patching vendors have to do in order to just enable a subset of the experimental code. *) Added hint to INSTALL document about port specifiers in test URLs (`:8080' and `:8443') if the installation is done under a non-root user. *) Fixed Win32's configure.bat: the check for OpenSSL header and libraries is now extended. *) Fixed --with-apxs under Solaris where libssl.module has to know $CC in order to enable the libgcc.a workaround. *) Fixed memory leak caused by not-freed SSL_CTX in the HTTPS proxy support (ssl_engine_ext.c/mod_proxy) under _NOT_ SSL_EXPERIMENTAL. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Tue Jul 4 13:32:57 2000 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id NAA09111; Tue, 4 Jul 2000 13:32:45 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id NAA09101; Tue, 4 Jul 2000 13:32:42 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id NAA06452; Tue, 4 Jul 2000 13:16:07 +0200 (MET DST) Received: (qmail 21636 invoked by uid 66); 4 Jul 2000 11:17:05 -0000 Received: from en by slarti with UUCP; Tue Jul 4 11:17:04 2000 -0000 Received: by en1.engelschall.com (Sendmail 8.9.3+3.2W) id NAA22895; Tue, 4 Jul 2000 13:14:43 +0200 (CEST) Date: Tue, 4 Jul 2000 13:14:42 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.6.5-1.3.12 Message-ID: <20000704131442.A21328@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.2i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Plenty of new stuff waits in the development queue for integration into mod_ssl 2.7 (two variants of LDAP support for CRLs, Stronghold v3's shared memory cache variant, etc.), so I've decided to first flush the already pending changes from the last weeks with another mod_ssl 2.6.x version. The change details are appended below. Grab mod_ssl 2.6.5 from: http://www.modssl.org/source/ ftp://www.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.6.5 (01-May-2000 to 04-Jul-2000) *) Removed more memory leaks by freeing even more stuff from the OpenSSL toolkit on module shutdown. *) Added missing TLSv1, EXP40 and EXP56 keywords to ssl_reference's documentation of SSLCipherSuite. *) Updated INSTALL document for MM 1.1.x. *) Added hints about MSIE workarounds (-SSLv3, !EXP56, etc.) to the FAQ entry about MSIE errors. *) Added !EXP56 to pre-configured SSLCipherSuite in order to avoid MSIE5.x problems in advance. *) Fixed typos in INSTALL: sbin -> bin for apachectl. *) mod_ssl's configure script now touches also ssl_expr_scan.l and ssl_expr_parse.y when applying the sources corrupted timestamps do not trigger the lex/yacc Makefile rules (which are intended for developer use only). *) Allow spaces in ServerRoot and SSLPassPhraseDialog arguments which is especially important for the Win32 environment. *) Fixed syntax errors in ssl_howto.wml: "Deny all" -> "Deny from all" *) Be aware of extended SERVER_BASEVERSION strings in configure. *) Removed a left-over ssl_scache_expire() call in ssl_scache_init() which made the life of vendors complicated. *) Allow more fine-tuned overriding of ap_server_root_relative calls by providing the context of the call. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Sat Aug 12 22:54:43 2000 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id WAA04350; Sat, 12 Aug 2000 22:54:33 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id WAA04328; Sat, 12 Aug 2000 22:54:25 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id WAA03312; Sat, 12 Aug 2000 22:38:25 +0200 (MET DST) Received: (qmail 13127 invoked by uid 66); 12 Aug 2000 20:46:46 -0000 Received: from en by slarti with UUCP; Sat Aug 12 20:46:46 2000 -0000 Received: by en1.engelschall.com (Sendmail 8.11.0+) id e7CKc4b38034; Sat, 12 Aug 2000 22:38:04 +0200 (CEST) Date: Sat, 12 Aug 2000 22:38:04 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.6.6 Message-ID: <20000812223803.A37713@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-announce@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Another little maintainance round to make 2.6 as stable as it could be: mod_ssl version 2.6.6 is now available. Fetch it from... http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ This version mainly fixes two nasty bugs which were able to crash the server. The first only if mod_ssl was built statically into Apache, the second only if the new proxy stuff under --enable-rule=SSL_EXPERIMENTAL was used. So, if you're using mod_ssl <= 2.6.4 or mod_ssl 2.6.5 as a DSO and in both cases don't use the new proxy stuff, don't panic - the two bugs will not affect you. If you're using mod_ssl 2.6.5 statically, please immediately upgrade. Else you're not forced but encouraged to upgrade. Thanks for the people on modssl-users for their help. Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.6.6 (04-Jul-2000 to 12-Aug-2000) *) Fixed experimental HTTPS proxy code: A segfault was produced by an incorrect logging command. *) Fixed server restarts: Under non-DSO run-time situation, the OpenSSL library was shutdown (and never re-initialized) and this way caused segfaults on server restarts. This affected only installations where mod_ssl+OpenSSL were built as a static module instead of a DSO. This nasty bug was unfortunately introduced in 2.6.5 as a side-effect of an (otherwise correct) memory leak bugfix. *) Upgraded both the user manual sources and the website www.modssl.org from WML 1.6 to WML 2.0 format. *) Various typo fixes in user manual. *) Typo fix in INSTALL document related to RSAref. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Fri Oct 13 12:48:21 2000 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id MAA18859; Fri, 13 Oct 2000 12:48:19 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id MAA18855; Fri, 13 Oct 2000 12:48:16 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id MAA18192; Fri, 13 Oct 2000 12:37:31 +0200 (MET DST) Received: (qmail 23365 invoked by uid 66); 13 Oct 2000 10:44:44 -0000 Received: from en by slarti with UUCP; Fri Oct 13 10:44:44 2000 -0000 Received: by en1.engelschall.com (Sendmail 8.11.0+) id e9DAax898992; Fri, 13 Oct 2000 12:36:59 +0200 (CEST) Date: Fri, 13 Oct 2000 12:36:59 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.7.0-1.3.14 Message-ID: <20001013123659.A98968@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce mod_ssl version 2.7 ``mod_ssl combines the flexibility of =================== Apache with the security of OpenSSL.'' The Apache Interface to OpenSSL ``The best SSL solution for http://www.modssl.org/ Apache money can't buy.'' This Apache module provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was originally derived from software developed by Ben Laurie for use in the Apache-SSL HTTP server project. As a summary, here are its main features: o Open-Source software (BSD-style license) o Useable for both commercial and non-commercial use o Available for both Unix and Win32 (Windows 95/98/NT) platforms o 128-bit strong cryptography world-wide o Support for SSLv2, SSLv3 and TLSv1 protocols o Support for both RSA and Diffie-Hellman ciphers o Clean reviewable ANSI C source code o Clean Apache module architecture o Integrates seamlessly into Apache through an Extended API (EAPI) o Full Dynamic Shared Object (DSO) support o Advanced pass-phrase handling for private keys o X.509 certificate based authentication for both client and server o X.509 certificate revocation list (CRL) support o Support for per-URL renegotiation of SSL handshake parameters o Support for explicit seeding of the PRNG from external sources o Support for HTTPS proxy via EAPI hooks in mod_proxy o Additional boolean-expression based access control facility o Backward compatibility to other Apache SSL solutions o Inter-process SSL session cache (DBM or Shared Memory based) o Powerful dedicated SSL engine logging facility o Simple and robust application to Apache source trees o Fully integrated into the Apache 1.3 configuration mechanism o Additional integration into the Apache Autoconf-style Interface (APACI) o Assistance in X.509v3 certificate generation (both RSA and DSA) o Experimental support for external Crypto Devices (OpenSSL ENGINE) mod_ssl version 2.7 is considered to be the best version of mod_ssl available and users of older versions are encouraged to upgrade as soon as possible. Major Changes with mod_ssl 2.7 are: o Added experimental support for OpenSSL's crypto device support o Completely removed RSAref support o Added new Cyclic Buffer based Shared Memory Session Cache variant o Restructured the Session Cache implementation(s) o Upgrade to Apache 1.3.14 mod_ssl is available for download via HTTP and FTP from the following master locations (the various FTP mirrors you can find under http://www.modssl.org/source/mirror.html): o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Sat Oct 14 11:42:03 2000 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id LAA21006; Sat, 14 Oct 2000 11:42:01 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id LAA21002; Sat, 14 Oct 2000 11:41:58 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id LAA19261; Sat, 14 Oct 2000 11:10:16 +0200 (MET DST) Received: (qmail 12179 invoked by uid 66); 14 Oct 2000 09:17:25 -0000 Received: from en by slarti with UUCP; Sat Oct 14 09:17:25 2000 -0000 Received: by en1.engelschall.com (Sendmail 8.11.0+) id e9E99gC57130; Sat, 14 Oct 2000 11:09:42 +0200 (CEST) Date: Sat, 14 Oct 2000 11:09:42 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.7.1-1.3.14 Message-ID: <20001014110941.A57009@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Unfortunately, the parsing of the SSLSessionCache directive was broken in 2.7.0. This prompted me to immediately roll a 2.7.1 version which fixes this problem. Thanks to those who immediately discovered this nasty bug and provided patches. Fetch mod_ssl 2.7.1 from: http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.7.1 (13-Oct-2000 to 14-Oct-2000) *) Fixed the parsing of SSLSessionCache directives. The prefixes were incorrectly skipped and leaded to "unable to open semaphore file" errors. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Sat Oct 21 12:43:20 2000 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id MAA14978; Sat, 21 Oct 2000 12:43:19 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id MAA14972; Sat, 21 Oct 2000 12:43:15 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id MAA12976; Sat, 21 Oct 2000 12:09:10 +0200 (MET DST) Received: (qmail 16031 invoked by uid 66); 21 Oct 2000 10:15:57 -0000 Received: from en by slarti with UUCP; Sat Oct 21 10:15:57 2000 -0000 Received: by en1.engelschall.com (Sendmail 8.11.0+) id e9LA8f275557; Sat, 21 Oct 2000 12:08:41 +0200 (CEST) Date: Sat, 21 Oct 2000 12:08:41 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: ApacheCon 2000 Message-ID: <20001021120841.A74543@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce In two days our ApacheCon 2000 EU will take place at the Olympia Conference Centre in London, England. See http://www.apachecon.com/ for more details, please. I look forward to meet you there -- especially if you visit my SSL presentation (session M21). This presentation will be hold on Monday, October 23th between 18:30 and 20:00. Those who attend ApacheCon and want to have a quick session preview (or those who do not attend ApacheCon at all but want to view it nevertheless ;), now can find the complete slide-set under http://www.modssl.org/docs/apachecon2000/ (requires a PNG-capable browser to view). See you at ApacheCon! Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Tue Jan 30 14:23:42 2001 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id OAA03695; Tue, 30 Jan 2001 14:23:40 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id OAA03690; Tue, 30 Jan 2001 14:23:37 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id MAA20652; Tue, 30 Jan 2001 12:24:01 +0100 (MET) Received: (qmail 14247 invoked by uid 66); 30 Jan 2001 11:23:56 -0000 Received: from en by slarti with UUCP; Tue Jan 30 11:23:56 2001 -0000 Received: by en1.engelschall.com (Sendmail 8.11.0+) id f0UB3p786445; Tue, 30 Jan 2001 12:03:51 +0100 (CET) Date: Tue, 30 Jan 2001 12:03:51 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.8.0 for Apache 1.3.17 Message-ID: <20010130120351.A86415@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Yesterday, finally, the new Apache version 1.3.17 was released (for those wondering: 1.3.15 and 1.3.16 were not released). As usual, I already prepared mod_ssl in advance to make sure you immediately have a corresponding mod_ssl version available for use with the latest Apache version. The ChangeLog entries are appended below. Grab mod_ssl-2.8.0-1.3.17.tar.gz from: http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.0 (14-Oct-2000 to 30-Jan-2001) *) Upgraded to Apache 1.3.17 as base version. *) Changed ApacheModuleSSL.dll to mod_ssl.so in Makefile.Win32 to make mod_ssl not too broken after Apache 1.3.16's Win32 changes. *) Enhanced ApacheCore.def patch for Win32 folks. *) Upgraded to Apache 1.3.16 as base version. *) Fixed ssl_intro.wml: DES uses 56 bit, not 54 bit. *) Allow %{ENV:variable} in SSLRequire expressions, too. *) Fixed version parsing for APXS stuff in configure. *) Fixed Geoff Thorpe's Email addresses in various places. *) Fixed typo in INSTALL document. *) Make sure the user is not able to fake the client certificate based authentication by just entering an X.509 Subject DN ("/XX=YYY/XX=YYY/..") as the username and "password" as the password if "SSLVerifyClient optional" is used in combination with "SSLOptions +FakeBasicAuth". *) Fixed URLs in FAQ. *) Various fixes for the Win32 world: reflect renaming of "makefile.nt" to "makefile.win"; scache reorganisation adjustments; etc. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Sat Mar 3 12:19:42 2001 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id MAA07729; Sat, 3 Mar 2001 12:19:40 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id MAA07715; Sat, 3 Mar 2001 12:19:37 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id MAA07191; Sat, 3 Mar 2001 12:12:57 +0100 (MET) Received: (qmail 7529 invoked by uid 66); 3 Mar 2001 11:12:56 -0000 Received: from en by slarti with UUCP; Sat Mar 3 11:12:56 2001 -0000 Received: by en1.engelschall.com (Sendmail 8.11.0+) id f23BCow09422; Sat, 3 Mar 2001 12:12:50 +0100 (CET) Date: Sat, 3 Mar 2001 12:12:50 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.8.1 for Apache 1.3.19 Message-ID: <20010303121250.A9330@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Sorry for the short delay, but here it finally is: mod_ssl 2.8.1 for Apache 1.3.19. The corresponding CHANGES entries are appended below. Grab it from: http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.1 (30-Jan-2001 to 03-Mar-2001) *) Conditionally adjusted source to build quietly also under latest OpenSSL 0.9.7-dev versions. *) Added a bunch of (untested!) adjustments and fixes for the Win32 platform as posted to modssl-users some time ago by various people. *) Fixed SSLCipherSuite example in httpd.conf-dist: The string EXP56 is actually EXPORT56, although OpenSSL internally the variable is named SSL_TXT_EXP56. *) Upgraded to Apache 1.3.19 as base version. *) Extended FAQ entry for MSIE problems. *) Added FAQ entry for questions "Why do I get lots of random SSL errors under heavy load?" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Fri Mar 30 12:43:03 2001 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id MAA05614; Fri, 30 Mar 2001 12:43:02 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id MAA05608; Fri, 30 Mar 2001 12:42:57 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id MAA05294; Fri, 30 Mar 2001 12:39:44 +0200 (MET DST) Received: (qmail 2649 invoked by uid 66); 30 Mar 2001 10:39:42 -0000 Received: from en by slarti with UUCP; Fri Mar 30 10:39:42 2001 -0000 Received: by en1.engelschall.com (Sendmail 8.11.0+) id f2UActK39188; Fri, 30 Mar 2001 12:38:55 +0200 (CEST) Date: Fri, 30 Mar 2001 12:38:54 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.8.2 Message-ID: <20010330123854.A39150@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce The usual fun amount of bugfixes leads to the next maintainance release of mod_ssl: 2.8.2. The corresponding ChangeLog entries for version 2.8.2 are appended below. Feel free to upgrade your server installations after grabbing it from the following locations: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.2 (03-Mar-2001 to 30-Mar-2001) *) Moved the Shared Memory Cyclic Buffer (SHMCB) session cache variant from "experimental" state to "production" by removing the `#ifdef SSL_EXPERIMENTAL_SHMCB ...#endif' wrappers. This means that now `SSLSessionCache shmcb:...' is unconditionally available. *) Modified (only) Win32's specific function SSL_recvwithtimeout() to use the same retry logic as SSL_writewithtimeout(). This fixes some problems with MSIE 5.x clients. *) Made the mutex handling more robust by retrying the semaphore-based operations in interrupt situations (errno == EINTR). *) Also log the OpenSSL error message if the RSA temporary key(s) cannot be generated. *) Mention in INSTALL document that building OpenSSL with `no-threads' increased performance without negative side-effects because Apache 1.3 is never multi-threaded. *) Fixed mod_ssl Auth handler: it now returns DECLINED instead of OK if authentication is passed successfully to allow other modules (usually mod_auth) to still deny the request. *) Allow IPC semaphore support also under Tru64 5.x. *) Fixed certificate DN handling under EBCDIC platforms. *) Try to avoid casting warnings by using "unsigned long" type instead of "unsigned int" in the EAPI macros AP_CTX_XXXX. *) Make sure that the default path /usr/include is never added to CFLAGS with an explicit -I options to avoid conflicts with vendor include paths. *) Make extra sure the ssl_expr_parse.[ch] and ssl_expr_scan.c files are not regenerated for regular users by timestamping them in a little bit more conservative way. *) More fixes to configure.bat and Makefile.win32 to make mod_ssl work again under Win32. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Fri May 4 23:21:02 2001 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id XAA22609; Fri, 4 May 2001 23:21:00 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id XAA22600; Fri, 4 May 2001 23:20:57 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id XAA22011; Fri, 4 May 2001 23:13:24 +0200 (MET DST) Received: (qmail 20576 invoked by uid 66); 4 May 2001 21:13:59 -0000 Received: from en by slarti with UUCP; Fri May 4 21:13:59 2001 -0000 Received: by en1.engelschall.com (Sendmail 8.11.0+) id f44LCfh35103; Fri, 4 May 2001 23:12:41 +0200 (CEST) Date: Fri, 4 May 2001 23:12:41 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: ANNOUNCE: mod_ssl 2.8.3 Message-ID: <20010504231241.A34851@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Now available: mod_ssl 2.8.3 for Apache 1.3.19. Just the usual amount of cleanups and bugfixes (see CHANGES entries below). Grab it from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.3 (30-Mar-2001 to 04-May-2001) *) Allow loadcacert.cgi script to work inside mod_perl. *) Fixed typo in the directive descriptions in mod_ssl.c *) Fixed EAPI context usage in http_request.c: a context pointer potentially can be NULL requests and can cause a segfault if dereferenced. *) Fixed ENGINE support: the engine support is are now already loaded at configure time. Else mod_ssl fails to find them. *) Fixed typo in httpd.conf-dist. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Sun May 20 12:17:35 2001 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id MAA12234; Sun, 20 May 2001 12:17:33 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce@modssl.org id MAA12230; Sun, 20 May 2001 12:17:29 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from slarti.muc.de id LAA09149; Sun, 20 May 2001 11:56:23 +0200 (MET DST) Received: (qmail 15164 invoked by uid 66); 20 May 2001 09:56:01 -0000 Received: from en by slarti with UUCP; Sun May 20 09:56:01 2001 -0000 Received: by en1.engelschall.com (Sendmail 8.11.0+) id f4K9cWv70148; Sun, 20 May 2001 11:38:32 +0200 (CEST) Date: Sun, 20 May 2001 11:38:32 +0200 From: "Ralf S. Engelschall" To: modssl-users@modssl.org, modssl-announce@modssl.org Subject: ANNOUNCE: mod_ssl 2.8.4-1.3.20 Message-ID: <20010520113832.A70126@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce As you should now, our Apache 1.3.20 is available since yesterday. So here is the corresponding mod_ssl 2.8.4. The CHANGES entries are appended below. Fetch mod_ssl 2.8.4 from: http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.4 (04-May-2001 to 20-May-2001) *) Removed old db1/ndbm.h kludge from mod_ssl.h, because it should be not needed at all, because mod_ssl downgrades to SDBM anyway on all Linux platforms. Additionally made the Linux check more accurate by using src/Configure's $PLAT variable instead of $OS. *) Upgraded to Apache 1.3.20 *) +------------------------------------------------------------------+ | Officially moved mod_ssl to Apache 2.0: | | The mod_ssl 2.8.x source tree is now frozen for development | | and will only be updated for bugfixes and Apache 1.3.x version | | upgrades. The last release (2.8.3) was imported to the ASF CVS | | repository under httpd-2.0/modules/ssl/. All development efforts | | are now directed to the Apache 2.0 area. Nevertheless, mod_ssl | | 2.8.x releases will occur as long as Apache 1.3.x releases occur.| +------------------------------------------------------------------+ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Fri Feb 1 15:38:37 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id PAA01144; Fri, 1 Feb 2002 15:37:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id PAA01123; Fri, 1 Feb 2002 15:36:57 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 362F94CE694; Fri, 1 Feb 2002 15:36:57 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-announce@modssl.org id g11EY7W99017; Fri, 1 Feb 2002 15:34:07 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from visp.engelschall.com id PAA00791; Fri, 1 Feb 2002 15:28:36 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 8B8A34CE73D; Fri, 1 Feb 2002 15:28:35 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) id g11ESCQ98471; Fri, 1 Feb 2002 15:28:12 +0100 (CET) Date: Fri, 1 Feb 2002 15:28:12 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.6 (for Apache 1.3.23) Message-ID: <20020201142812.GA98449@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.24i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce mod_ssl 2.8.6 for Apache 1.3.23 is now available. The corresponding CHANGES entries are appended. You can fetch it from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.6 (16-Oct-2001 to 01-Feb-2002) *) Upgraded to Apache 1.3.23 *) Fixed a subtle indexing bug in SHMCB. Each sub-cache used an indexing structure that (correctly) used index values (and ranges) as "unsigned int", but the meta-structure in the header had these ranged as "unsigned char". *) Perform the SHMCB remove operation under mutual exclusion to prevent a inter-process synchronization problem. *) Made sure that mod_ssl does not segfault in case of SCOREBOARD_SIZE < 1024. *) Merged in the SDBM patch from Uwe Ohse which fixes a problem with sdbms .dir file, which arrises when a second .dir block is needed for the first time. read() returns 0 in that case, and the library forgot to initialize that new block. A related problem is that the calculation of db->maxbno is wrong. It just appends 4096*BYTESIZ bits, which is not enough except for small databases (.dir basically doubles everytime it's too small). ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Sat Feb 23 21:31:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id VAA07863; Sat, 23 Feb 2002 21:30:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA07730; Sat, 23 Feb 2002 21:29:27 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 50A874CE729; Sat, 23 Feb 2002 21:29:26 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-announce@modssl.org id g1NJaK289314; Sat, 23 Feb 2002 20:36:20 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from visp.engelschall.com id UAA00167; Sat, 23 Feb 2002 20:23:30 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 400044CE697; Sat, 23 Feb 2002 20:23:30 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) id g1NJMFd88717; Sat, 23 Feb 2002 20:22:15 +0100 (CET) Date: Sat, 23 Feb 2002 20:22:15 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.7-1.3.23 Message-ID: <20020223192215.GA88696@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.24i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Another little round in maintaining mod_ssl 2.x for Apache 1.3.x brings to you today mod_ssl 2.8.7 for Apache 1.3.23. The corresponding CHANGES entries follow for your convinience. Fetch it from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.7 (01-Feb-2002 to 23-Feb-2002) *) Support for the latest OpenSSL 0.9.7 snapshots. *) Fixed potential buffer overflow in DBM and SHMHT session cache if very very large certificate chains are used. *) Compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete "head -1" and "tail -1" constructs with sed variants in scripts. *) Fixed file descriptor leakage under Win32. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Sun Feb 24 10:30:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id KAA07128; Sun, 24 Feb 2002 10:29:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id KAA07026; Sun, 24 Feb 2002 10:28:13 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 731E64CE731; Sun, 24 Feb 2002 10:28:12 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-announce@modssl.org id g1O9Qpw06784; Sun, 24 Feb 2002 10:26:51 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from zarathustra.voxel.net id VAA08226; Sat, 23 Feb 2002 21:33:22 +0100 (MET) Received: from grayskies by zarathustra.voxel.net with spam-scanned (Exim 3.35 #1) id 16eir6-000GPA-00; Sat, 23 Feb 2002 15:33:18 -0500 Received: from mmx.engelschall.com ([195.27.130.252]) by zarathustra.voxel.net with esmtp (Exim 3.35 #1) id 16eir4-000GP4-00 for david@grayskies.net; Sat, 23 Feb 2002 15:33:16 -0500 Received: by mmx.engelschall.com (Postfix/smtpfeed 1.16) id DDD851938A; Sat, 23 Feb 2002 21:31:17 +0100 (CET) Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153]) by mmx.engelschall.com (Postfix) with ESMTP id 9286C1930B for ; Sat, 23 Feb 2002 21:31:17 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id VAA07863; Sat, 23 Feb 2002 21:30:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA07730; Sat, 23 Feb 2002 21:29:27 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 50A874CE729; Sat, 23 Feb 2002 21:29:26 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-announce@modssl.org id g1NJaK289314; Sat, 23 Feb 2002 20:36:20 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from visp.engelschall.com id UAA00167; Sat, 23 Feb 2002 20:23:30 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 400044CE697; Sat, 23 Feb 2002 20:23:30 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) id g1NJMFd88717; Sat, 23 Feb 2002 20:22:15 +0100 (CET) Date: Sat, 23 Feb 2002 20:22:15 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.7-1.3.23 Message-ID: <20020223192215.GA88696@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.24i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Another little round in maintaining mod_ssl 2.x for Apache 1.3.x brings to you today mod_ssl 2.8.7 for Apache 1.3.23. The corresponding CHANGES entries follow for your convinience. Fetch it from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.7 (01-Feb-2002 to 23-Feb-2002) *) Support for the latest OpenSSL 0.9.7 snapshots. *) Fixed potential buffer overflow in DBM and SHMHT session cache if very very large certificate chains are used. *) Compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete "head -1" and "tail -1" constructs with sed variants in scripts. *) Fixed file descriptor leakage under Win32. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Wed Mar 27 19:34:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id TAA02704; Wed, 27 Mar 2002 19:33:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA02658; Wed, 27 Mar 2002 19:32:31 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 944BD4CE620; Wed, 27 Mar 2002 19:32:31 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-announce@modssl.org id g2RIWNY85192; Wed, 27 Mar 2002 19:32:23 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from visp.engelschall.com id TAA01439; Wed, 27 Mar 2002 19:17:25 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id B3E514CE69A; Wed, 27 Mar 2002 19:16:27 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) id g2RIC0w84524; Wed, 27 Mar 2002 19:12:00 +0100 (CET) Date: Wed, 27 Mar 2002 19:12:00 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.8-1.3.24 Message-ID: <20020327181200.GA84415@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.28i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Apache 1.3.24 was released and so I take this opportunity to both provide an aligned mod_ssl version for it and flush the pending bugfixes. The corresponding CHANGES entries are appended below. Fetch mod_ssl 2.8.8 from the following locations: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.8 (23-Feb-2002 to 27-Mar-2002) *) Upgraded to Apache 1.3.24 *) Support leading whitespaces in commands of SSLLog "|..." directives. *) Fixed timeout handling on connection establishment by correctly resetting the timeout on errors. *) Fixed two memory leaks related to CA certificate configuration. *) Fixed memory leak related to temporary DH key handling. *) Fixed memory leak on shutdown if CRLs are used. *) Fixed remaining SIGBUS problems on SPARC inside SHMCB session cache implementation. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Thu Jun 20 19:34:24 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id TAA16522; Thu, 20 Jun 2002 19:33:18 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA16474; Thu, 20 Jun 2002 19:32:47 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 958604CE798; Thu, 20 Jun 2002 19:32:44 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id 2D0D4286BB; Thu, 20 Jun 2002 19:32:27 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from visp.engelschall.com id NAA04512; Wed, 19 Jun 2002 13:49:23 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id E30624CE77E; Wed, 19 Jun 2002 13:49:17 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id 3B8C7286B6; Wed, 19 Jun 2002 13:47:02 +0200 (CEST) Date: Wed, 19 Jun 2002 13:47:02 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.9 for Apache 1.3.26 Message-ID: <20020619114702.GA25148@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce On demand by the release of Apache 1.3.26 I've made available mod_ssl 2.8.9. The details are appended below. Fetch it from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.9 (27-Mar-2002 to 19-Jun-2002) *) Upgraded to Apache 1.3.26. *) Support for OpenSSL 0.9.7. *) Open random files in binary mode under Win32 to not stop on EOS characters. *) Additional internal consistency check on vhost sanity checking in case no DNS entries are found for virtual hosts. *) Fixed detection of a faked "Faked Basic Auth" situation for internal redirection situations. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Mon Jun 24 13:44:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id NAA19632; Mon, 24 Jun 2002 13:40:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id NAA19531; Mon, 24 Jun 2002 13:38:53 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id B04804CE78E; Mon, 24 Jun 2002 13:38:52 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id 23F72286B8; Mon, 24 Jun 2002 13:38:42 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from visp.engelschall.com id NAA18515; Mon, 24 Jun 2002 13:24:47 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 9ED724CE783; Mon, 24 Jun 2002 13:24:45 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id 509A0286B8; Mon, 24 Jun 2002 13:24:41 +0200 (CEST) Date: Mon, 24 Jun 2002 13:24:41 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.10 Message-ID: <20020624112441.GA58380@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Another bugfixing round in the maintainance of mod_ssl 2.8 for Apache 1.3. Fetch it and upgrade from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.10 (19-Jun-2002 to 24-Jun-2002) *) Fixed off-by-one buffer overflow bug in the compatibility functionality (mapping of old directives to new ones). *) Fixed memory leak in processing of CA certificates. *) In case there is actually a certificate chain in the session cache, we now use the value of SSL_get_peer_certificate(ssl) to verify as it will have been removed from the chain before it was put in the cache. *) Seed the PRNG with a maximum of 1K from the internal scoreboard. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Fri Oct 4 16:11:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id QAA03721; Fri, 4 Oct 2002 16:10:25 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id QAA03599; Fri, 4 Oct 2002 16:09:56 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id A10B04CE77E; Fri, 4 Oct 2002 16:09:58 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id 9457D28911; Fri, 4 Oct 2002 16:09:47 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from visp.engelschall.com id QAA03345; Fri, 4 Oct 2002 16:06:31 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 24F0A4CE780; Fri, 4 Oct 2002 16:06:34 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id F16CC286B8; Fri, 4 Oct 2002 16:05:41 +0200 (CEST) Date: Fri, 4 Oct 2002 16:05:41 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.11-1.3.27 Message-ID: <20021004140541.GA34089@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce As you've hopefully recognized, the ASF released Apache 1.3.27, which includes important security fixes. The corresponding mod_ssl 2.8.11 for this version is now available, too. Fetch it from: http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.11 (24-Jun-2002 to 04-Oct-2002) *) Upgraded to Apache 1.3.27. *) Fixed internal error handling for CRL verification. *) Initialize OpenSSL ENGINE before initializing OpenSSL to workaround problems with the PRNG. *) Also find "openssl" executable in "sbin" directories. *) Honor specified number of maximum bytes on SSLRandomSeed if reading from EGD. *) Fixed generation of SSL_CLIENT_CERT_CHAIN_[0-9] variables. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Wed Oct 23 14:41:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id OAA14736; Wed, 23 Oct 2002 14:40:07 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id OAA14720; Wed, 23 Oct 2002 14:39:55 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id BCB274CE742; Wed, 23 Oct 2002 14:39:55 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id 88CC4286DB; Wed, 23 Oct 2002 14:39:34 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from visp.engelschall.com id LAA07974; Wed, 23 Oct 2002 11:15:35 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id EA14C4CE76E; Wed, 23 Oct 2002 11:15:34 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id E1300286DB; Wed, 23 Oct 2002 11:15:19 +0200 (CEST) Date: Wed, 23 Oct 2002 11:15:19 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.12 Message-ID: <20021023091519.GA22374@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce Because of a found Cross-Side-Scripting (XSS) bug in mod_ssl, the fixed maintainance version mod_ssl 2.8.12 is available for use with Apache 1.3.27. http://www.modssl.org/source/ ftp://ftp.modssl.org/source/ Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.12 (04-Oct-2002 to 23-Oct-2002) *) Fixed potential Cross-Site-Scripting bug. *) Allow also 8192 bytes of shared memory data size. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Tue Mar 18 15:54:17 2003 Return-Path: X-Original-To: modssl-announce-L Delivered-To: modssl-announce-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 4003) id 385322AA056; Tue, 18 Mar 2003 15:54:17 +0100 (CET) X-Original-To: modssl-announce@modssl.org Delivered-To: modssl-announce@modssl.org Received: by master.modssl.org (Postfix, from userid 4000) id CF15F2AA055; Tue, 18 Mar 2003 15:54:16 +0100 (CET) X-Original-To: modssl-announce@modssl.org Received: from visp.engelschall.com (unknown [195.27.176.156]) by master.modssl.org (Postfix) with ESMTP id 0FD1D2AA015; Tue, 18 Mar 2003 15:43:33 +0100 (CET) Received: by visp.engelschall.com (Postfix, from userid 1005) id DCDBE4CE575; Tue, 18 Mar 2003 15:43:32 +0100 (CET) Received: by en1.engelschall.com (Postfix, from userid 10000) id 60289286C2; Tue, 18 Mar 2003 15:43:16 +0100 (CET) Date: Tue, 18 Mar 2003 15:43:16 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.13 Message-ID: <20030318144316.GA69190@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-announce Another maintainance release of mod_ssl 2.8 for Apache 1.3 delivers to you mod_ssl 2.8.13 for Apache 1.3.27. Changes are listed below. Grab it from the following locations: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.13 (23-Oct-2002 to 18-Mar-2003) *) Always enforce RSA blinding on RSA private keys in order to be resistent to timing attacks. *) Added timeout also to the "pre-sucking" of the trailing data in POST request handling. *) Correctly shutdown shared memory pools on fork+exec situations. *) Bugfix SSL client certificate verification: OpenSSL was not informed with SSL_set_verify_result(ssl, X509_V_OK) in case mod_ssl forced the verification to be ok. *) Consistently use OPENSSL_free() instead of plain free() to deallocate memory chunks allocated inside OpenSSL. *) Fixed various memory leaks related to X509 certificates. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Fri Mar 21 15:27:36 2003 Return-Path: X-Original-To: modssl-announce-L Delivered-To: modssl-announce-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 4003) id 0F6E12AA051; Fri, 21 Mar 2003 15:27:36 +0100 (CET) X-Original-To: modssl-announce@modssl.org Delivered-To: modssl-announce@modssl.org Received: by master.modssl.org (Postfix, from userid 4000) id B0CE92AA04D; Fri, 21 Mar 2003 15:27:35 +0100 (CET) X-Original-To: modssl-announce@modssl.org Received: from visp.engelschall.com (unknown [195.27.176.156]) by master.modssl.org (Postfix) with ESMTP id 1D1792AA02B; Fri, 21 Mar 2003 15:26:46 +0100 (CET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 0D3604CE530; Fri, 21 Mar 2003 15:26:46 +0100 (CET) Received: by en1.engelschall.com (Postfix, from userid 10000) id DCDBD286CA; Fri, 21 Mar 2003 15:26:25 +0100 (CET) Date: Fri, 21 Mar 2003 15:26:25 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.14-1.3.27 Message-ID: <20030321142625.GA77243@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-announce Sorry, mod_ssl 2.8.13 introduced two nasty bugs which let the server crash. This is now fixed with mod_ssl 2.8.14 together with one more long-standing crash bug related to the SHMHT session cache. Please upgrade to this latest mod_ssl 2.8 version for Apache 1.3. Thanks. o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.14 (18-Mar-2002 to 21-Mar-2003) *) Fixed logic in the destruction of a temporary certificate structure and this way avoid a crash due to freeing NULL object. *) Removed one newly introduced X509_free() call in the context of SSL_get_certificate(), because this function does not increment a reference count (although SSL_get_peer_certificate() does). *) Fixed hash-table based shared memory session cache (shmht) implementation by making sure that the underlying hash table library does not crash if memory cannot be allocated. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From wzpbclxuhamf@yahoo.com Fri Feb 27 23:44:31 2004 Return-Path: X-Original-To: modssl-announce-l@master.modssl.org Delivered-To: modssl-announce-l@master.modssl.org Received: from adsl-68-248-195-9.dsl.klmzmi.ameritech.net (adsl-68-248-195-9.dsl.klmzmi.ameritech.net [68.248.195.9]) by master.modssl.org (Postfix) with SMTP id 87F07A8941; Fri, 27 Feb 2004 23:44:17 +0100 (CET) Received: from 0.35.154.0 by 68.248.195.9; Sat, 28 Feb 2004 04:37:17 +0600 Message-ID: From: "norrie pantilla" Reply-To: "norrie pantilla" To: modssl-announce-l@master.modssl.org, modssl-users-l@master.modssl.org Subject: LingerLongLingerHardchivetero Date: Sat, 28 Feb 2004 01:38:17 +0300 X-Mailer: AOL 7.0 for Windows US sub 118 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--64820132806802652948" X-Priority: 3 X-MSMail-Priority: Normal ----64820132806802652948 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable

three

bills

a

PILz un sale tuday oonly. reg. 20 bukz a do|se

souper xvighagrax

go|two|days|nonstop|LAD|IES|LO|VE|IT

vizit h= ere

----64820132806802652948-- From owner-modssl-announce@modssl.org Wed May 12 15:25:15 2004 Return-Path: X-Original-To: modssl-announce-L Delivered-To: modssl-announce-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 4003) id 0E0F5A8A7F; Wed, 12 May 2004 15:25:15 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Delivered-To: modssl-announce@modssl.org Received: by master.modssl.org (Postfix, from userid 4000) id CBEFAA8A79; Wed, 12 May 2004 15:25:14 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148]) by master.modssl.org (Postfix) with ESMTP id 9F916A8943; Wed, 12 May 2004 15:25:07 +0200 (CEST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 8E1CE4CE551; Wed, 12 May 2004 15:25:07 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id 14E8B28637; Wed, 12 May 2004 15:24:57 +0200 (CEST) Date: Wed, 12 May 2004 15:24:57 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.17 for Apache 1.3.31 Message-ID: <20040512132456.GA80566@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-announce Yesterday Apache 1.3.31 was released. I've updated mod_ssl 2.8 to this version and released the result (together with some other pending bugfixes; see below) as mod_ssl 2.8.17-1.3.31. You can find it under the usual locations: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.17 (01-Nov-2003 to 11-May-2004) *) Upgraded to Apache 1.3.31 *) Log the OpenSSL error stack contents if the crypto engine load/init fails. *) Fixed segfault in lookup of variable SESSION_ID in case SSL_get_session() returns NULL. *) Bugfix "dbm" session cache: the DBM file was closed too early (before accessing the data). *) Bugfix "shmcb" session cache for situations where the session data is bigger than the cache size. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Thu May 27 15:22:03 2004 Return-Path: X-Original-To: modssl-announce-L Delivered-To: modssl-announce-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 4003) id 5F6B6A8A7F; Thu, 27 May 2004 15:22:03 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Delivered-To: modssl-announce@modssl.org Received: by master.modssl.org (Postfix, from userid 4000) id 11675A8A79; Thu, 27 May 2004 15:22:03 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148]) by master.modssl.org (Postfix) with ESMTP id 8D99CA895E; Thu, 27 May 2004 15:21:58 +0200 (CEST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 7C2F04CE67A; Thu, 27 May 2004 15:21:58 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id 240082862A; Thu, 27 May 2004 15:21:38 +0200 (CEST) Date: Thu, 27 May 2004 15:21:37 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.18 Message-ID: <20040527132137.GA88148@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-announce A security issue was discovered. It is now fixed with mod_ssl 2.8.18. Please upgrade your installations ASAP. o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.18 (11-May-2004 to 27-May-2004) *) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation if the Subject-DN in the client certificate exceeds 6KB in length. (CVE CAN-2004-0488). *) Handle the case of OpenSSL retry requests after interrupted system calls during the SSL handshake phase. *) Remove some unused functions. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Fri Jul 16 22:43:25 2004 Return-Path: X-Original-To: modssl-announce-L Delivered-To: modssl-announce-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 4003) id 7355EA8AA1; Fri, 16 Jul 2004 22:43:25 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Delivered-To: modssl-announce@modssl.org Received: by master.modssl.org (Postfix, from userid 4000) id 25F26A8A9B; Fri, 16 Jul 2004 22:43:25 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148]) by master.modssl.org (Postfix) with ESMTP id 267B9A8943; Fri, 16 Jul 2004 22:42:13 +0200 (CEST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 1373C4CE5FB; Fri, 16 Jul 2004 22:42:13 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id A115E285DE; Fri, 16 Jul 2004 22:42:07 +0200 (CEST) Date: Fri, 16 Jul 2004 22:42:07 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.19 for Apache 1.3.31 Message-ID: <20040716204207.GA45678@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-announce We've today found an ssl_log() related format string vulnerability in the mod_proxy hook functions of mod_ssl for Apache 1.3.x (mod_ssl for Apache 2.x is not affected). A mod_ssl 2.8.19 for Apache 1.3.31 was created which fixes this potential security hole. Get mod_ssl-2.8.19-1.3.31.tar.gz from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Fri Oct 15 15:46:45 2004 Return-Path: X-Original-To: modssl-announce-L Delivered-To: modssl-announce-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 4003) id 94F3CA8D17; Fri, 15 Oct 2004 15:46:45 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Delivered-To: modssl-announce@modssl.org Received: by master.modssl.org (Postfix, from userid 4000) id 5EA1DA8D14; Fri, 15 Oct 2004 15:46:45 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148]) by master.modssl.org (Postfix) with ESMTP id 42C5DA895E for ; Fri, 15 Oct 2004 15:46:41 +0200 (CEST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 308954CE583; Fri, 15 Oct 2004 15:46:41 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id 3C8D5A182C; Fri, 15 Oct 2004 15:46:25 +0200 (CEST) Date: Fri, 15 Oct 2004 15:46:25 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.20-1.3.31 Message-ID: <20041015134625.GA48121@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-announce Prompted by a security issue (see below), mod_ssl 2.8.20 for Apache 1.3.31 was released today. You can get it at the usual location: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.20 (16-Jul-2004 to 15-Oct-2004) *) With OpenSSL 0.9.7, prevent session resumption during a renegotiation to force the client to negotiate a new (and acceptable to mod_ssl) cipher suite. Additionally, ensure that a correct cipher suite has been negotiated afterwards (CAN-2004-0885). *) Fixed more printf(3) style format string bugs (not security related) which could crash the server if mod_ssl's trace or debug log level is enabled. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Fri Oct 22 15:29:02 2004 Return-Path: X-Original-To: modssl-announce-L Delivered-To: modssl-announce-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 4003) id 824F5A8D11; Fri, 22 Oct 2004 15:29:02 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Delivered-To: modssl-announce@modssl.org Received: by master.modssl.org (Postfix, from userid 4000) id 46DC7A8D10; Fri, 22 Oct 2004 15:29:02 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148]) by master.modssl.org (Postfix) with ESMTP id EF6ADA8940; Fri, 22 Oct 2004 15:28:57 +0200 (CEST) Received: by visp.engelschall.com (Postfix, from userid 1005) id DBC3C4CE5DB; Fri, 22 Oct 2004 15:28:57 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id 0AB8EA17A1; Fri, 22 Oct 2004 15:28:47 +0200 (CEST) Date: Fri, 22 Oct 2004 15:28:47 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.21 for Apache 1.3.32 Message-ID: <20041022132846.GA29875@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-announce Apache 1.3.32 was released. Although mod_ssl 2.8.20-1.3.31 both applies and works fine with Apache 1.3.32 I've upgraded mod_ssl to this new Apache version and released the results as mod_ssl 2.8.21-1.3.32. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Sat Oct 30 15:59:23 2004 Return-Path: X-Original-To: modssl-announce-L Delivered-To: modssl-announce-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 4003) id AFD82A8D14; Sat, 30 Oct 2004 15:59:23 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Delivered-To: modssl-announce@modssl.org Received: by master.modssl.org (Postfix, from userid 4000) id 4BA16A8D12; Sat, 30 Oct 2004 15:59:23 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148]) by master.modssl.org (Postfix) with ESMTP id DFF67A8976; Sat, 30 Oct 2004 15:59:18 +0200 (CEST) Received: by visp.engelschall.com (Postfix, from userid 1005) id BCDFB4CE5C5; Sat, 30 Oct 2004 15:59:18 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id 4F370A17F2; Sat, 30 Oct 2004 15:59:10 +0200 (CEST) Date: Sat, 30 Oct 2004 15:59:10 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.22 for Apache 1.3.33 Message-ID: <20041030135910.GA39385@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-announce Apache 1.3.32's mod_ssl 2.8.21 still works fine for Apache 1.3.33. Nevertheless I've rolled a new patch-adjusted version mod_ssl 2.8.22 which fits 1:1 for Apache 1.3.33. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Wed Jul 6 15:03:24 2005 Return-Path: X-Original-To: modssl-announce-L Delivered-To: modssl-announce-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 04C1F14D99B; Wed, 6 Jul 2005 15:03:24 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Delivered-To: modssl-announce@modssl.org Received: by master.modssl.org (Postfix, from userid 30000) id C5C4614D980; Wed, 6 Jul 2005 15:03:23 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148]) by master.modssl.org (Postfix) with ESMTP id 46EA614D97F; Wed, 6 Jul 2005 15:01:07 +0200 (CEST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 966754CE506; Wed, 6 Jul 2005 15:01:13 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id 2618CA17A8; Wed, 6 Jul 2005 15:01:01 +0200 (CEST) Date: Wed, 6 Jul 2005 15:01:01 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.23 for Apache 1.3.33 and OpenSSL 0.9.8 Message-ID: <20050706130101.GA48684@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Organization: Engelschall, Germany. Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-announce As OpenSSL 0.9.8 was released today, I've released another maintenance version mod_ssl 2.8.23 for use with Apache 1.3.33 and OpenSSL 0.9.8. Included are also a few other changes (see below for details). Get mod_ssl 2.8.23 from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.23 (30-Oct-2004 to 06-Jul-2005) *) Ported to OpenSSL 0.9.8 *) Fixed connection timeout handling by calling the EAPI connection close hook after (and not before) the B_OUT flag was set on the underlying I/O buffer in order to prevent attempted buffer flushes from blocking the connection. *) Updated the ca-bundle.crt file from Mozilla's "certdata.txt" (CVS revision 1.37). *) Fix timeout handling in POST request processing by resetting timeouts. *) Fixed double-definition of OPENSSL_free under OpenSSL 0.9.6 by fixing the version test in ssl_util_ssl.h *) Adjusted all copyright messages to contain the new year 2005 ;) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Tue Oct 18 08:39:55 2005 Return-Path: X-Original-To: modssl-announce-L Delivered-To: modssl-announce-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 9348314D87A; Tue, 18 Oct 2005 08:39:55 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Delivered-To: modssl-announce@modssl.org Received: by master.modssl.org (Postfix, from userid 30000) id 6898D14D852; Tue, 18 Oct 2005 08:39:55 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Received: from visp1.engelschall.com (visp1.engelschall.com [195.30.6.144]) by master.modssl.org (Postfix) with ESMTP id 72E5614D832; Tue, 18 Oct 2005 08:39:51 +0200 (CEST) Received: by visp1.engelschall.com (Postfix, from userid 21100) id E18E31B4488F; Tue, 18 Oct 2005 08:39:50 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id 9ECA3A17DD; Tue, 18 Oct 2005 08:39:39 +0200 (CEST) Date: Tue, 18 Oct 2005 08:39:39 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.25-1.3.34 for Apache 1.3.34 Message-ID: <20051018063939.GA81360@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: Engelschall, Germany. User-Agent: Mutt/1.5.11 OpenPKG/CURRENT Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-announce Apache 1.3.34 was released, so I've upgraded mod_ssl to apply cleanly to this Apache version. No other changes. Fetch mod_ssl 2.8.25-1.3.34 from the usual locations: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Mon May 8 09:34:15 2006 Return-Path: X-Original-To: modssl-announce-L Delivered-To: modssl-announce-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 754DD14D8A7; Mon, 8 May 2006 09:34:15 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Delivered-To: modssl-announce@modssl.org Received: by master.modssl.org (Postfix, from userid 30000) id 374D514D89F; Mon, 8 May 2006 09:34:15 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Received: from visp1.engelschall.com (visp1.engelschall.com [195.30.6.144]) by master.modssl.org (Postfix) with ESMTP id 21B7114D829; Mon, 8 May 2006 09:34:11 +0200 (CEST) Received: by visp1.engelschall.com (Postfix, from userid 21100) id 614341B4486D; Mon, 8 May 2006 09:34:11 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id DC1DAA1826; Mon, 8 May 2006 09:33:55 +0200 (CEST) Date: Mon, 8 May 2006 09:33:55 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.26 for Apache 1.3.35 Message-ID: <20060508073355.GA46847@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: Engelschall, Germany. User-Agent: Mutt/1.5.11 OpenPKG/CURRENT Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-announce mod_ssl 2.8.26 for Apache 1.3.35 is now available: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.26 (18-Oct-2005 to 08-May-2006) *) Upgraded to Apache 1.3.35 *) More correct prototype usage for passphrase callback. *) Some Win32 fixes. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Wed May 17 21:13:36 2006 Return-Path: X-Original-To: modssl-announce-L Delivered-To: modssl-announce-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id AD5EF14D8A9; Wed, 17 May 2006 21:13:36 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Delivered-To: modssl-announce@modssl.org Received: by master.modssl.org (Postfix, from userid 30000) id AC40014D8A8; Wed, 17 May 2006 21:13:35 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Received: from visp1.engelschall.com (visp1.engelschall.com [195.30.6.144]) by master.modssl.org (Postfix) with ESMTP id 7ABFF14D839; Wed, 17 May 2006 21:13:27 +0200 (CEST) Received: by visp1.engelschall.com (Postfix, from userid 21100) id DBACF1B4486B; Wed, 17 May 2006 21:13:26 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id 01CE6A17C3; Wed, 17 May 2006 21:13:07 +0200 (CEST) Date: Wed, 17 May 2006 21:13:07 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.27 for Apache 1.3.36 Message-ID: <20060517191307.GA31134@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: Engelschall, Germany. User-Agent: Mutt/1.5.11 OpenPKG/CURRENT Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-announce Today Apache 1.3.36 was released. An updated mod_ssl 2.8.27 for Apache 1.3.36 is now available, too. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Mon Sep 10 22:44:17 2007 Return-Path: X-Original-To: modssl-announce-L Delivered-To: modssl-announce-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 0F23014D88A; Mon, 10 Sep 2007 22:44:17 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Delivered-To: modssl-announce@modssl.org Received: from visp1.engelschall.com (visp1.engelschall.com [195.30.6.144]) by master.modssl.org (Postfix) with ESMTP id D76BE14D82E for ; Mon, 10 Sep 2007 22:44:16 +0200 (CEST) Received: by visp1.engelschall.com (Postfix, from userid 21100) id 81CE01B4486D; Mon, 10 Sep 2007 22:44:16 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id A607D6DF41; Mon, 10 Sep 2007 22:41:44 +0200 (CEST) X-DKIM: Sendmail DKIM Filter v2.2.1 en1.engelschall.com A607D6DF41 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=engelschall.com; s=en1; t=1189456904; bh=mO+zwjyhgslGMPFJfVhFyHnPifWx/+AZ110fOvyhnh4 =; h=Date:From:To:Subject:Message-ID:Reply-To:MIME-Version: Content-Type:Content-Disposition:Organization:User-Agent; b=QH6NKn N/Vpwqj01zwxrQFZDoLO61cIHrM6kXvFWAz6EItLzx4ar+++XWpypIfr+zJZYxyd+ok +VJXnll4PuYzlD0hbtC+YJq0jtyxLHzoA9SW1GZiCNakVIgxtPs8EwB/QlHELxxZyMJ UzJCXgm81HPQSOEAWIhNg/gwOt4CvFc= Date: Mon, 10 Sep 2007 22:41:44 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.29 for Apache 1.3.39 Message-ID: <20070910204144.GA59999@engelschall.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: Engelschall, Germany. User-Agent: Mutt/1.5.16 OpenPKG/CURRENT (2007-06-09) Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-announce Apache 1.3.39 was released recently. An updated mod_ssl 2.8.29 for Apache 1.3.39 is now available, too. Find it on: http://www.modssl.org/ Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-announce@modssl.org Wed Sep 12 07:51:29 2007 Return-Path: X-Original-To: modssl-announce-L Delivered-To: modssl-announce-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 12AAD14D86A; Wed, 12 Sep 2007 07:51:29 +0200 (CEST) X-Original-To: modssl-announce@modssl.org Delivered-To: modssl-announce@modssl.org Received: from visp1.engelschall.com (visp1.engelschall.com [195.30.6.144]) by master.modssl.org (Postfix) with ESMTP id A4DEE14D857 for ; Wed, 12 Sep 2007 07:51:28 +0200 (CEST) Received: by visp1.engelschall.com (Postfix, from userid 21100) id 004E11B44896; Wed, 12 Sep 2007 07:51:27 +0200 (CEST) Received: by en1.engelschall.com (Postfix, from userid 10000) id 7FAEA6DC46; Wed, 12 Sep 2007 07:49:15 +0200 (CEST) X-DKIM: Sendmail DKIM Filter v2.2.1 en1.engelschall.com 7FAEA6DC46 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=engelschall.com; s=en1; t=1189576155; bh=kbueM2thJtnpW4ly7ywXYJQSeWZZfUlW3PGkyEklaio =; h=Date:From:To:Subject:Message-ID:Reply-To:References: MIME-Version:Content-Type:Content-Disposition:In-Reply-To: Organization:Approved:User-Agent; b=TuWJ2mytAu7dR1te3PwnkuXr68+WoW 3iZ6iwiIKFSciyA8mLICfwJ/B7kP/PUnRi6fCztzN9kMalRyxx8c7ufCxnkgAVr7m/l yh8UqEO6GZyO5JY9ffPqPdpyG4K8+8WCD/QoVso/+oRZOwzQQ794wXFqEZQMYSqBzNj J4TnWF8= Date: Wed, 12 Sep 2007 07:49:15 +0200 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org Subject: Re: [ANNOUNCE] mod_ssl 2.8.29 for Apache 1.3.39 Message-ID: <20070912054915.GA60508@engelschall.com> References: <20070910204144.GA59999@engelschall.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070910204144.GA59999@engelschall.com> Organization: Engelschall, Germany. User-Agent: Mutt/1.5.16 OpenPKG/CURRENT (2007-06-09) Sender: owner-modssl-announce@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-announce On Mon, Sep 10, 2007, Ralf S. Engelschall wrote: > Apache 1.3.39 was released recently. > An updated mod_ssl 2.8.29 for Apache 1.3.39 is now available, too. > Find it on: http://www.modssl.org/ Unfortunately, there was a bug in the auto-generated patch caused by a changed amount of patch hunks in the mod_status.c patch set. This is now fixed with mod_ssl 2.8.30. Please use this updated version. Sorry for the inconvenience. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org