[ANNOUNCE] mod_ssl 2.8.13

Another maintainance release of mod_ssl 2.8 for Apache 1.3 delivers to
you mod_ssl 2.8.13 for Apache 1.3.27. Changes are listed below. Grab it
from the following locations:

o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/

Yours,
Ralf S. Engelschall
rse@engelschall.com
www.engelschall.com

Changes with mod_ssl 2.8.13 (23-Oct-2002 to 18-Mar-2003)

*) Always enforce RSA blinding on RSA private keys in order to be
resistent to timing attacks.

*) Added timeout also to the "pre-sucking" of the trailing data in
POST request handling.

*) Correctly shutdown shared memory pools on fork+exec situations.

*) Bugfix SSL client certificate verification: OpenSSL was not
informed with SSL_set_verify_result(ssl, X509_V_OK) in case
mod_ssl forced the verification to be ok.

*) Consistently use OPENSSL_free() instead of plain free() to
deallocate memory chunks allocated inside OpenSSL.

*) Fixed various memory leaks related to X509 certificates.

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org