Bug 84177
| Summary: | mod_ssl dynamic configuration directives are inconsistent | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Carl Litt <carl> |
| Component: | mod_ssl | Assignee: | Nalin Dahyabhai <nalin> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 7.3 | CC: | jorton |
| Target Milestone: | --- | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2003-09-01 10:54:11 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The -DHAVE_FOO system was removed in 8.0 in favour of the conf.d directory; this is essentially a solved problem. Thanks for the report. |
Description of problem: Most dynamic module options in httpd.conf are surrounded by <IfModule> which only get processed if that module was activated previously in the config. Some mod_ssl options are surrounded by <IfModule mod_ssl.c> but other mod_ssl virtual host and listen options are surrounded by <IfDefine HAVE_SSL>, which is inconsistent with the rest of the dynamic config. <IfModule> evaluates based on the preceeding configuration, <IfDefine> evaluates based on how the binary was loaded by the sysadmin or init scripts. This basically splits parts of the configuration out of the configuration file. As such, to properly disable mod_ssl requires commenting out large portions of httpd.conf because <IfDefine> regards how the binary was loaded, not how it was configured previously in httpd.conf. It really doesn't matter either way too much except that it's inconsistent, and it doesn't make sense to do it this way when there's a better more uniform way. Version-Release number of selected component (if applicable): apache-1.3.27-2, mod_ssl-2.8.12-2 How reproducible: Every time Steps to Reproduce: 1. Install apache, mod_ssl 2. less /etc/httpd/conf/httpd.conf 3. Actual results: It seems that the packager intended the sysadmin to chmod a-x the modules in the filesystem in order to configure their server. This adds to the complexity of installation and upgrading. There is no guarantee that the file modes will stay the same during an upgrade (in fact they likely would not), which would cause a dramatic change in the configuration of the server, and potential failure to load. Configuration should be in the config files, not in the filesystem. Expected results: All mod_ssl options being surrounded by <IfModule mod_ssl.c> instead of <IfDefine HAVE_SSL>. Sysadmin should be able to select which modules they want loaded in httpd.conf and have the rest of the config adapt. Additional info: