[ANNOUNCE] mod_ssl 2.8.16 for Apache 1.3.29

Apache 1.3.29 was released a few days ago. Although mod_ssl 2.8.15 would
still work fine with it, as usual, I take this new Apache release as the
trigger for releasing a corresponding mod_ssl version -- which is again
100% aligned to Apache 1.3.29 and also includes a few bugfixes which
were pending in my maintainance queue (see CHANGES entries below).

Fetch mod_ssl 2.8.16 from:

o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/

Yours,
Ralf S. Engelschall
rse@engelschall.com
www.engelschall.com

Changes with mod_ssl 2.8.16 (18-Jul-2003 to 01-Nov-2003)

*) Upgraded to Apache 1.3.29

*) Avoid memory corruption in certificate handling caused by a heap
memory double-freeing situation.

*) Allow "HTTPS" variable to be passed through by suEXEC.

*) Clear the OpenSSL error code in pass phrase reading code to
workaround the following situation: multiple keys, all with
different passphrases -- entering the correct pass phrase at each
prompt leads to an OpenSSL error message after the last prompt.

*) Reverted the recent change where ap_cleanup_for_exec() called
ap_kill_alloc_shared(). This caused nasty side-effects in other
processes and is not necessary at all (because shared memory
segments are not inherited across exec).

*) mod_ssl was checking the OpenSSL error reason code against
SSL_R_HTTP_REQUEST and concluded the result is an SSL error. Since
OpenSSL reason codes are not unique, this isn't always the case.
It now additionally checks that the library is the SSL library.

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org