httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@lyra.org>
Subject mod_ssl (was: How to Add a Module to Apache)
Date Sun, 12 Dec 1999 10:00:22 GMT
On Sun, 12 Dec 1999, Eli Marmor wrote:
>...
> I understand that integrating crypto stuff, or even only EAPI
> patches, into the standard Apache, is too controversal, and there
> are other "competing" projects, such as KEAPI and the patches which
> are planned for Apache 2.0, as well as competing SSL implementations
> (Ben's) and the crypto limitations of U.S. (to be relaxed this week
> ???????).

There are a number of issues, yes, but "controversial" might be too strong
of a term. *shrug*

In Apache 2.0, there will be quite a few things to minimize the patch set
for mod_ssl. 2.0 has a "hooks" implementation and APR is theoretically
supposed to include the "mm" sub-package (it is there, but not really
integrated yet).

> The last thing that I want is a flaming war. So please, Jim (or
> whoever forwarded this message), tell them that it is only a forward
> and that I didn't have any intention to change the main source tree
> of Apache and/or to post this message to new-httpd mailing list.
> 
> (although that up to this minute, thanks God, nobody started this
> flaming war; But it will come, for sure!).

Don't worry about it so much. I've been reading new-httpd for a little
more than a year. I think the only time that I've actually seen a "flame
war" was the problem with the guys from Remote Communications. The Apache
Group is quite level-headed and generally resilient against flames; the RC
guys were just plain antagonistic and some of the AG members rose to the
bait :-)

> In addition, if the message was forwarded, it could be better to
> forward the previous messages too, at least the one discussing the
> patches required to insert into the patch scripts of UNIX and
> Windows, in order to make them "compatible".

I haven't seen the prior messages, but the one that Jim forwarded from you
was quite complete in itself. I think it raises a number of good issues
(which is probably why Jim forwarded it; otherwise, maybe an accident :-).

Personally, I would not recommend altering mod_ssl to be a complete
distribution. That makes it difficult to track changes in Apache and to
apply Apache patches. It kind of boils down to what would a person want to
see for their base, and what they want to incrementally apply (patch). I
think you would like to start with a solid Apache and then apply patches
against that (mod_ssl, mod_*, patchXXX, etc). Starting with an
Apache/mod_ssl combination generates a few issues with apply additional
patches, changes, modules, etc. I think it would also cause a small worry
in some people's minds of "how is the mod_ssl Apache different from the
regular distribution of Apache?" (other than the mod_ssl changes, which
can easily be inspected if mod_ssl remains as a patch set).

A combination distro can obviously be created... heck, it doesn't even
have to be Ralf to do it. Eli: you could be the Apache/mod_ssl combination
distro supplier :-). It might be interesting to see how many people are
truly interested in that combination.

I would simply recommend keeping mod_ssl as a patch set.

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/


Mime
View raw message