Changes with mod_ssl 2.8.23 (30-Oct-2004 to 06-Jul-2005)
*) Ported to OpenSSL 0.9.8
*) Fixed connection timeout handling by calling the EAPI connection
close hook after (and not before) the B_OUT flag was set on the
underlying I/O buffer in order to prevent attempted buffer flushes
from blocking the connection.
*) Updated the ca-bundle.crt file from Mozilla's "certdata.txt"
(CVS revision 1.37).
*) Fix timeout handling in POST request processing by resetting
timeouts.
*) Fixed double-definition of OPENSSL_free under OpenSSL 0.9.6 by
fixing the version test in ssl_util_ssl.h
*) Adjusted all copyright messages to contain the new year 2005 ;)
Changes from version 2.8.4 include:
*) Upgraded to Apache 1.3.22
*) Fixed check whether server certificate wildcard CommonName (CN)
matches the configured server name.
*) Fixed buffer overflow.
-) Rename mod_ssl.conf to apache_start.conf.
*) Upgraded to Apache 1.3.17 as base version.
*) Allow %{ENV:variable} in SSLRequire expressions, too.
*) Make sure the user is not able to fake the client certificate
based authentication by just entering an X.509 Subject DN
("/XX=YYY/XX=YYY/..") as the username and "password" as the
password if "SSLVerifyClient optional" is used in combination
with "SSLOptions +FakeBasicAuth".
Also make me the maintainer. Relevant changes from version 2.6.3:
-) Install ${sbindir}/mkcert.sh to ease generation of SSL certificates.
*) Fixed server restarts: Under non-DSO run-time situation, the
OpenSSL library was shutdown (and never re-initialized) and this
way caused segfaults on server restarts. This affected only
installations where mod_ssl+OpenSSL were built as a static module
instead of a DSO. This nasty bug was unfortunately introduced in
2.6.5 as a side-effect of an (otherwise correct) memory leak bugfix.
*) Various typo fixes in user manual.
*) Removed more memory leaks by freeing even more stuff
from the OpenSSL toolkit on module shutdown.
*) Added missing TLSv1, EXP40 and EXP56 keywords to
ssl_reference's documentation of SSLCipherSuite.
*) Added hints about MSIE workarounds (-SSLv3, !EXP56, etc.)
to the FAQ entry about MSIE errors.
*) Added !EXP56 to pre-configured SSLCipherSuite in order to avoid
MSIE5.x problems in advance.
*) Allow spaces in ServerRoot and SSLPassPhraseDialog arguments
which is especially important for the Win32 environment.
*) Fixed syntax errors in ssl_howto.wml: "Deny all" -> "Deny from all"
*) Removed a left-over ssl_scache_expire() call in ssl_scache_init()
which made the life of vendors complicated.
*) Allow more fine-tuned overriding of ap_server_root_relative calls
by providing the context of the call.
*) Added Equifax Secure CA certificates to ca-bundle.crt.
*) Let the pass phrase dialog force the prompt to occur only once
(no verification step), because mod_ssl uses the dialog only for
pass phrases which are required for reading private keys. This as a
side-effect should fix a problem under Win32 where a second prompt
occured for unknown reasons.
*) Added more compatibility to Stronghold v2's SSL_SessionCache.
*) Added two more EAPI hools under SSL_VENDOR: one for overriding
ap_server_root_relative calls and one for hooking into the server
configuration step.
*) Fixed SSL display for mod_status in `short report' situation.
*) Fixed memory leak caused by not-freed SSL_CTX in the HTTPS proxy
support (ssl_engine_ext.c/mod_proxy) under _NOT_ SSL_EXPERIMENTAL.
Apache server and OpenSSl-0.9.4.
Makefile: Take advantage of the working configure script.
patches/patch-aa: replace this with a gross hack that finds the libssl
shared library with our current version of the OpenSSL pkg.
