httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Bannert <>
Subject Re: [PATCH]
Date Wed, 21 Nov 2001 00:15:10 GMT
On Tue, Nov 20, 2001 at 06:18:34PM -0500, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
> >> It's not going to happen. Everything that is a runtime-configurable
> >> parameter should be controlled by httpd.conf. This slow migration to
> >> command-line parameters is, IMHO, wrong.
> Okay.. When I build SSL as a DSO, I do get the line "LoadModule
> ssl_module..." in my httpd.conf, and all other SSL configuration parameters
> ifdef'ed out.. Thus, when I try to bring up Apache (non-SSL mode), I just
> can't do it !!.. I'm FORCED to bring up the seve in SSL mode (-DSSL) - which
> is not acceptable (to me).. 

I don't understand. Are you saying there are runtime failures if you try
to start the server in non-ssl mode while mod_ssl is loaded?  <runs off
and builds mod_ssl as a DSO>. Indeed you are correct, but the fact that
mod_ssl can't be loaded w/o -DSSL seems like a bug to me.

-DSSL == enable SSL configuration directives
LoadModule ssl_module == load mod_ssl DSO

> If you feel that we should not allow the user to control the startup
> behaviour (SSL / non-SSL) by giving command line options, then (IMHO), the
> current configuration wrong - the "<IfDefine SSL>..." has to be eliminated
> from the httpd.conf and ssl.conf files.. Rather, they should be replaced by
> something like "<IfModule mod_ssl>.. " instead.. 

Since it seems that -DSSL and LoadModule ssl_module are mutually dependent,
I see no reason now to have -DSSL in the first place. If mod_ssl must have
properly formed runtime directives (ie. in httpd.conf) then why don't we
just check <IfModule mod_ssl.c> instead of looking for -DSSL? Please fill
me in, because it seems like I've missed something here.

> >What happens when I build httpd with SSL support statically? -DSSL would
> >have no effect in that case, and would probably confuse a bunch of people.
> AFAIK, most of the builds compile SSL as a DSO (because of the
> flexibility).. In the case where SSL is built statically, the server SHOULD
> come up in SSL mode.. The -DSSL would/should have no effect on the startup
> behaviour - which (to me) is perfectly acceptable.. 

I disagree on both points. Apache's modules may be built statically, or
as DSOs. We support both. From the standpoint of runtime configuration,
a statically built mod_ssl and a loaded DSO mod_ssl are virtually
equivalent. <IfModule mod_ssl.c> works in both cases. However, SSL
support should not be considered the same as SSL-mode.


View raw message