Re: [apache-ssl] SSL / MS FrontPage coexistence problem

To: apache-ssl@lists.aldigital.co.uk
Subject: Re: [apache-ssl] SSL / MS FrontPage coexistence problem
From: Ben Laurie <ben@algroup.co.uk>
Date: Fri, 01 May 1998 12:19:44 +0100
Delivered-To: mailing list apache-ssl@lists.aldigital.co.uk
Mailing-List: contact apache-ssl-help@lists.aldigital.co.uk; run by ezmlm
Organization: http://www.apache-ssl.org
Organization: A.L. Digital Ltd.
References: <Pine.LNX.3.96.980501053413.200B-100000@fishie.worldweb.net>
Reply-To: apache-ssl@lists.aldigital.co.uk

Rob Heittman wrote:
> 
> > FrontPage is therefore dependant on that second call to init_modules()
> > that the SSL patch has removed (because the SSL module does not like to
> > be initialized twice.)
> 
> A similar problem affects FastCGI initialization in mod_fastcgi.  But it
> is possible to patch mod_fastcgi in an accommodating fashion, because it
> is available as source  :-)
> 
> Ben, would it be safe to invert the sense of this operation in Apache-SSL?
> -- mod_fastcgi, for example, does the following detect:
> 
>     /*
>      * This hack will prevent the starting of the process manager
>      * the first time Apache reads its configuration files.
>      */
>     if((restarts==0)&&(standalone==1)) {
>         restarts++;
>         readingConfig = FALSE;
>         return;
>     }
> 
> which, I believe, causes it to run only on the second round of
> init_modules.  Could Apache-SSL do something similar?
> 
> As more modules appear with picky behavior concerning this startup
> activity of Apache, it does raise a number of interoperability problems
> with the Apache-SSL patch set.

I did try to embed this in the Apache-SSL module, but it didn't work,
and I can't remember why now. If someone else wants to have a go, they
are more than welcome - I'll happily apply a working patch.

I seem to remember the only reason I removed the double-init was to
avoid prompting for the passphrase twice. An alternative would be to
store the passphrase or make the key persistent, so the passphrase
wasn't needed (though that would defeat a key changed followed by a
restart). I decided not to store the passphrase because I reckoned
losing your private key was no worse than losing your passphrase, and
possibly better, since you may have used the same passphrase elsewhere.
But I guess we could advise against that, instead.

OTOH, most people don't use passphrases anyway, because they prevent
autorestart, so perhaps I should just ignore the problem?

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686|  Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author    http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache

Follow-Ups:
- Re: [apache-ssl] SSL / MS FrontPage coexistence problem
  - From: Rob Heittman <rob@central.worldweb.net>

References:
- Re: [apache-ssl] SSL / MS FrontPage coexistence problem
  - From: Rob Heittman <rob@central.worldweb.net>

Prev by Date: patch problems
Next by Date: Re: [apache-ssl] SSL / MS FrontPage coexistence problem
Prev by thread: Re: [apache-ssl] SSL / MS FrontPage coexistence problem
Next by thread: Re: [apache-ssl] SSL / MS FrontPage coexistence problem
Index(es):
- Date
- Thread