Return-Path: Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 86692 invoked by uid 500); 6 Nov 2001 02:31:28 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 86680 invoked from network); 6 Nov 2001 02:31:28 -0000 Message-ID: From: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" To: "'dev@httpd.apache.org'" Subject: RE: mod_ssl as DSO Date: Mon, 5 Nov 2001 21:31:29 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N -----Original Message----- From: Aaron Bannert [mailto:aaron@clove.org] >On Mon, Nov 05, 2001 at 05:17:40PM -0800, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: >> >What platform and MPM are you using? (ie if you are using a threaded MPM >> >like worker, do you still see the degradation with the prefork mpm?) >> >> HPUX 11.0, Worker MPM, 2.0.28-dev > >I don't know if this is a known issue or not, but we may want to look >into reducing lock contention inside mod_ssl. All of the intraprocess >locks are being used in openssl, while the global locks look like they're >happening around all accesses of the session cache. > >I will eventually convert all apr_lock_t types to the new APR lock >types, which may raise the ceiling but won't fix actual lock contention. I don't think that's the actual problem.. The response varies from 38 tps (concurrency = 5) to 0.5 tps (concurrenty = 10) :-!.. I used to get 30 tps consistently on my box earlier (even with concurrency = 150).. Do you also see a similar degradation ?.. If no, there's some problem in my compiler / compiler options.. >> I get unresolved symbols error during the LoadModule phase. The reason I >> introduced this is because when mod_ssl is being loaded, it should bring in >> all the dependent libraries (libssl and libcrypto).. It also means that we >> shouldn't be linking -lssl, -lcrypto with httpd or any other executables. > >That makes sense. The reason I'm not seeing those problems is because >I've only got static libraries for ssl/crypto. I'll look into this further, >since I'm not sure that including all of EXTRA_LIBS is the best way to go. >Maybe APACHE_CHECK_SSL_TOOLKIT needs to be revamped to deal with DSOs >that dynamically link against shared versions of the openssl libs. Yep.. I did try modifying the acinclude.m4 file to have a SSL_LIBS instead of EXTRA_LIBS - but then failed miserably :-(.. I can try doing it again (i'd rather prefer somebody who knows autoconf to make the changes).. The reason I included EXTRA_LIBS is : it doesn't have significantly more than required libraries.. Moreover, since the modern-day linkers pick up only the required symbols from the libraries, it really doesn't matter which / how many libraries we pass to the link line.. -Madhu