httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: Code update to handle apache dynamic configuration updates to httpd.conf.
Date Wed, 21 Dec 2005 06:38:31 GMT

Hi Paul,

I appreciate u'r response. Thank you.

Could u pls elaborate more on the "2) Dynamic loading of SSL Certificates.
I would like to give a try on this.  How can I proceed on this. Where all I
have to do the modifications?

And one more thing is I can keep the passphrase same in old and new

Pls reply back.
Thanks & Regards,

             Paul Querna                                                   
             .com>                                                      To 
             12/21/2005 11:11                                           cc 
                                       Re: Code update to handle apache    
             Please respond to         dynamic configuration updates to    
             dev@httpd.apache.         httpd.conf.                         
> Yes I do understand the issues. But the project requires this to be done.
> You said "There are also issues with loading SSLCerts without a full
> restart...."
> Do you mean there is a way to load SSLCerts without a restart?
> Pls let me know.
I will start over.

There are many issues to this problem. Here are the biggest:

1) Dynamic creation of server_recs.  There is currently no way to add a
server_rec, to the core, and to the listening interfaces, without at
least a graceful restart.  This is a VERY complicated issue.  It would
require a major rewrite of many core functions, and the addition of
locking, and perhaps even a garbage collection or reference counting
system, to handle the deletion of sever_recs.

2) Dynamic loading of SSL Certificates.  Easier, but still hard.  Will
require large modifications to mod_ssl, and documentation that things
like ssl passphrase can't work.  Will also require large modifications
to dynamically load certs from LDAP.

These are both very large and difficult problems.  They both might be
better addressed in the long run, by a complete rewrite of the
configuration system. It would be an interesting exercise, but I have
better fish to fry.


***********************  FSS-Unclassified   ***********************

***********************  FSS-Unclassified   ***********************
"DISCLAIMER: This message is proprietary to Hughes Software Systems Limited
(HSS) and is intended solely for the use of the individual to whom it is
addressed. It may contain  privileged or confidential information and
should not be circulated or used for any purpose other than for what it is
intended. If you have received this message in error, please notify the
originator immediately. If you are not the intended recipient, you are
notified that you are strictly prohibited from using, copying, altering, or
disclosing the contents of this message. HSS accepts no responsibility for
loss or damage arising from the use of the information transmitted by this
email including damage from virus."

View raw message