tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GOMEZ Henri <hgo...@slib.fr>
Subject RE: DO NOT REPLY [Bug 4545] New: - Webapp connector seg faults u nder an SSL connection
Date Mon, 05 Nov 2001 10:39:06 GMT
>Steve Downey wrote:
>> 
>> > >I will have a look to it... Has it is my bad...
>> >
>> > Normal, you need to have the SSLVars exported by mod_ssl.
>> >
>> > From :
>> > 
>http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howt
o.html
> >
> > When using mod_jk with Apache & mod_ssl, it is essential to specify
> > "SSLOptions +StdEnvVars +ExportCertData" in the httpd.conf file.
> >
> > Otherwise, mod_ssl will not produce the neccessary
> > environment variables for
> > mod_jk.
> > from (Tilo Christ <tilo.christ@med.siemens.de>).
> >
> 
> Requiring StdEnvVars is NOT a good thing, though. It adds a fair bit of
> overhead to the SSL connection, which is why it was made an option. Most
> httpd.confs will only turn it on for cgi and shtml. Tomcat wants it turned
> on for everything.

Yes it's adding overhead, but it's mandatory if you want to have
access to SSL vars. And thanks Ralf (mod_ssl author) to have put
the SSLOptions which allow you to make the export configurable.

>Are not the variable cached? (in httpd).

I don't think

> 
> For Apache 2.0, it should be possible to avoid this all. With mod_ssl a
> standard component, it should be possible to use ap_table_get for
> everything. Any other ssl implementation should support the same
interface.

Yes, the future :)


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message