mod_ssl

This release has been upgraded to work with Apache
1.3.26. OpenSSL 0.9.7 is now supported. Random
files are now opened in binary mode under Win32 to
avoid stopping on EOS characters. An additional
internal vhost consistency check was added in case
no DNS entries are found for virtual hosts.
Detection of a faked "Faked Basic Auth" situation
for internal redirection situations was fixed.

This release has been upgraded to Apache 1.3.24, and supports leading whitespaces in commands of SSLLog "|..." directives. It fixes timeout handling on connection establishment by correctly resetting the timeout on errors. Two memory leaks related to CA certificate configuration, a memory leak related to temporary DH key handling, and a memory leak on shutdown if CRLs are used have been fixed. The remaining SIGBUS problems on SPARC inside the SHMCB session cache implementation have been fixed.

Support for the latest OpenSSL 0.9.7 snapshots, a fix for a potential buffer overflow in DBM and SHMHT session cache if very large certificate chains are used, compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete "head -1" and "tail -1" constructs with sed variants in scripts, and a fix for file descriptor leakage under Win32.

Apache has been updated to 1.3.23. A subtle indexing bug in SHMCB has been fixed. The SHMCB remove operation is performed under mutual exclusion to prevent an inter-process synchronization problem. This release makes sure that mod_ssl does not segfault if SCOREBOARD_SIZE is less than 1024. An SDBM patch has been merged in that fixes a problem with the sdbms .dir file which arrises when a second .dir block is needed for the first time.

We have upgraded to Apache 1.3.22, and various minor bugfixes have been made.