httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralf S. Engelschall" <>
Subject Re: Apache 2.0 API and mod_ssl
Date Mon, 01 May 2000 08:09:14 GMT
On Sun, Apr 30, 2000, Zakon, Stuart wrote:

> Are there any sources which describe how the Apache 2.0 API
> will affect future mod_ssl integration?
> In particular we are interested in how the EAPI might be affected
> since we are currently implementing a module which leverages
> the client 'hooks' in the EAPI.

The Apache 2.0 API is still horribly in flux (and IMHO still far away
from a real and clean API on which one can count). So it is even still
not clear to myself how the Apache 2.0 API and Apache 2.0 itself will
finally affect the future of mod_ssl. At this point I'm myself still not
convinced that Apache 2.0 actually has a reasonable future at all :-(

Apache 2.0 already contains partial functionality which can replace
EAPI, but not all of EAPI. We could add the remaining EAPI functionality
to Apache 2.0, or rewrite mod_ssl to no longer provide functionality
which is now based on EAPI, or ignore the Apache 2.0 issue at all and
stick with Apache 1.3. Which way we go is still not clear. Perhaps there
are more possibilities I've still not recognized. We will see...

The whole decisions have to be delayed until Apache 2.0 settled a lot
more and especially until the politics behind Apache 2.0 become more
clear (especially the involvement and intentions of some vendors).
Because at this stage it is far away from clear where Apache 2.0 will go
and why it goes this way (I know that some of us will not agree with my
point of view here).

There are issues in the Apache 2.0 development which we have to still
observe before implications can be made (like the fact that more and
more non-Unix platforms are worked on while focus on Unix flavors
decreases dramatically; the fact that important technologies like
Autoconf and DSO are used too thoughtless and without enough care; the
fact that the 2.0 API will be as unclean as the 1.3 API because people
have no priority on creating a well-thought out API, etc.). So currently
IMHO it is a pure waste of manpower to pre-port mod_ssl to Apache 2.0,
because it would end in a maintainance desaster until a 2.0 release
version is available. And because of the same reasons I still cannot
give you a reasonable statement how Apache 2.0 will affect the future of
mod_ssl. I've a few plans for mod_ssl under my desk, but nothing I can
share in public.

The only point on which you can count is the same as the point I count
on: If you program with EAPI, you can be sure that both your module
will run the next 12 months without problem (because Apache 2.0 will
certainly require this time until it is ready for production) and that
guidelines to convert from EAPI to Apache 2.0 API will be available
later, too. And you can be sure that mod_ssl will exist in the future,
too ;)

                                       Ralf S. Engelschall

    I don't know if it's what you want, but it's what you get.
               -- Larry Wall
    What you see is all you get.
               -- Brian Kernighan

Apache Interface to OpenSSL (mod_ssl)         
User Support Mailing List            
Automated List Manager                  

View raw message