summaryrefslogtreecommitdiff
path: root/www/ap-ssl/files
diff options
context:
space:
mode:
authorjwise <jwise@pkgsrc.org>2000-02-17 04:21:58 +0000
committerjwise <jwise@pkgsrc.org>2000-02-17 04:21:58 +0000
commit38d7a782741c407c5698ea96c86267bdd6095566 (patch)
treeb0c13329969c5a67909154c4ffd5b16893741633 /www/ap-ssl/files
parent9f7c7dba2ec95d86ecc65da115904b2976df7d79 (diff)
downloadpkgsrc-38d7a782741c407c5698ea96c86267bdd6095566.tar.gz
Update ap-ssl to mod_ssl-2.5.0.
Main change is support for apache-1.3.11. In more detail: Changes with mod_ssl 2.5.0 (08-Jan-2000 to 22-Jan-2000) *) Switched the old "POST for HTTPS" support code from defined(SSL_EXPERIMENTAL) to !defined(SSL_CONSERVATIVE), because this code is both already stable (even it's not a conservative approach) and important. This way POST support is now available per default, but still can be disabled/removed by very conservative people with an easy --enable-rule=SSL_CONSERVATIVE. *) Added SSL_CONSERVATIVE rule to src/Configuration.tmpl which complements SSL_EXPERIMENTAL. Both rules are per default set to "no", i.e. disabled. But while SSL_EXPERIMENTAL still enables experimental code, enables SSL_CONSERVATIVE conservative code. That is, actually per default some non-conservative things might be enabled which can be _disabled_ by forcing mod_ssl to use only conservative approaches. *) Added entry about "no shared ciphers" to FAQ. *) Upgraded to the new Apache version: 1.3.11 (BTW, Apache 1.3.10 was never released). This moves the mod_ssl community to the latest Apache state and this way implicitly provides them over 70 bugfixes and cleanups which 1.3.11 provides over 1.3.9. Changes with mod_ssl 2.4.10 (24-Nov-1999 to 08-Jan-2000) *) Mentioned MD5-encrypted password in ssl_reference.wml in addition to DES-encrypted password. *) Added a new FAQ entry about the path internally pre-defined by EAPI_MM_CORE_PATH. *) Adjust the name-based-vhost complain: Talk say "you should not use" instead of "you cannot use", because first there are situations where it can be reasonable to use name-based vhosts with SSL and second there is no technical restriction on the mod_ssl side, of course. *) Changed the license on mod_define.c from the BSD/Apache-style license to a even less restrictive MIT-style license to allow everyone to do with this module what they want. *) Fixed a compile-time warning under very strict compilers by using a more correct `ssl_verify_t' (enum based) instead of `int' in ssl_engine_config.c. *) Various minor documentation updates. *) Made the EAPI-vs-plain-API complain in mod_so more clear. *) Adjusted all copyright messages to contain the new year 2000 ;) *) Fixed INSTALL.W32 document for latest OpenSSL versions. *) Fixed SSL session id context configuration: the value is now an MD5 of `server:port' and this way always a string of just 32 bytes, so OpenSSL's SSL_set_session_id_context() doesn't fail. *) Removed old CVS informations from etc/patch.tar tarball. Changes with mod_ssl 2.4.9 (05-Nov-1999 to 24-Nov-1999) *) Fixed SSLRequire expression evaluation for number strings. Expressions like `SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128' didn't work if SSL_CIPHER_USEKEYSIZE was "40" because the evaluation used strcmp(3) and this fails to compare numbers of different length. An own comparison function is now used to avoid this problem. *) Now on Win32 a warning is logged once on startup that mod_ssl is NOT officially supported under Win32 and people have to use it there on their own risk (and so shouldn't complain if it doesn't work). Because only the Unix platform is officially supported and mod_ssl is checked for security issues only related this platform. *) For performance reasons it is unreasonable to create the SSL_* CGI/SSI variables _all the time_, because their creation is a rather expensive operation which slows down the server noticeable. Instead it is more reasonable to let them create for CGI and SSI requests _only_. For consistency reason with other `SSLOptions' variables (which all have positive names) and to avoid necessary cleanups changes in the future, I decided to make the incompatibility change _NOW_ (sorry). In short: With mod_ssl 2.4.9 per default no SSI/CGI variables SSL_* are created any longer (only the special "HTTPS" variable is always created). Instead one has to use `SSLOptions +StdEnvVars' to switch the creation on. *) Added an `SSLOptions' variable `StdEnvVars' which now controls the creation of the numerious SSL_* CGI/SSI variables. *) Renamed old variable SSL_{CLIENT,SERVER}_{S,I}_DN_SP to more correct SSL_{CLIENT,SERVER}_{S,I}_DN_ST variable to conform to RFC2156 and current OpenSSL state (which also prints this OID as "ST" and no longer "SP"). *) Added support for SSL_{CLIENT,SERVER}_{S,I}_DN_{T,I,G,S,D,UID} variables (corresponding to X.509 title, initials, givenName, surname, description and uniqueIdentifier OIDs) to allow the checking of more X.509 certificate ingredients. *) Allow mod_rewrite to also lookup the "HTTPS" variable, for instance via ``RewriteCond %{HTTPS} !=on''. *) Removed old URL references to rsaref20.tar.Z from INSTALL document. *) Now an explicit error message is logged also if an SSL session cannot be stored to the DBM file via dbm_store (and not just if dbm_open failed). *) Now the pass phrase dialog no longer uses the hard-coded filedescriptor 10 as the storage for stderr while the pass phrase dialog is displayed. Instead (at least under Unix) it tries to open /dev/null and uses this filedescriptor instead. And when this fails (or always under Win32) it uses the hard-coded filedescriptor 50 (a lot higher than 10 to avoid problems with logfile rotation programs and other things Apache could have started). *) Fixed SSL_make_ciphersuite() function: it calculated the required string length incorrectly and could segfault. BUT THIS FUNCTION IS STILL NOT USED IN MOD_SSL AT ALL, so don't panic. This function is for debugging purposes only. *) Fixed a filedescriptor leak which happened if encrypted private keys were used. Here the pass phrase dialog forgot to close a temporary filedescriptor. *) Added three new OpenSSL log entry annotations: First, "*no start line*" now triggers "Bad file contents or format - or even just a forgotten SSLCertificate KeyFile?" and "*bad password read*" triggers "You entered an incorrect pass phrase!?". Additionally "*bad mac decode*" now triggers "Browser still remembered details of a re-created server certificate?" because people often get "bad data" dialog boxes while (re-)testing with Snake Oil certs. *) Added hint about possibly blocking /dev/random devices also to httpd.conf-default to make sure people don't overlook this subtle platform-dependent problem. Additionally a new FAQ entry was made about this, too. *) Added an entry to the FAQ about GIDs and their intermediate certificate which has to be configured with SSLCertificateChainFile. *) Fixed some external URLs in the FAQ.
Diffstat (limited to 'www/ap-ssl/files')
-rw-r--r--www/ap-ssl/files/md54
1 files changed, 2 insertions, 2 deletions
diff --git a/www/ap-ssl/files/md5 b/www/ap-ssl/files/md5
index a2638c546b3..6397b155fd6 100644
--- a/www/ap-ssl/files/md5
+++ b/www/ap-ssl/files/md5
@@ -1,3 +1,3 @@
-$NetBSD: md5,v 1.4 1999/12/01 01:00:18 bad Exp $
+$NetBSD: md5,v 1.5 2000/02/17 04:21:59 jwise Exp $
-MD5 (mod_ssl-2.4.8-1.3.9.tar.gz) = f764b961220b8c067e88ae3abc717785
+MD5 (mod_ssl-2.5.0-1.3.11.tar.gz) = 0d630dd536e2cdc6885368c79b45766f