Bug 84177 - mod_ssl dynamic configuration directives are inconsistent
Summary: mod_ssl dynamic configuration directives are inconsistent
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: mod_ssl
Version: 7.3
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2003-02-13 04:20 UTC by Carl Litt
Modified: 2007-03-27 04:00 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2003-09-01 10:54:11 UTC

Attachments (Terms of Use)

Description Carl Litt 2003-02-13 04:20:20 UTC
Description of problem:
Most dynamic module options in httpd.conf are surrounded by <IfModule> which 
only get processed if that module was activated previously in the config.  Some 
mod_ssl options are surrounded by <IfModule mod_ssl.c> but other mod_ssl 
virtual host and listen options are surrounded by <IfDefine HAVE_SSL>, which is 
inconsistent with the rest of the dynamic config.  <IfModule> evaluates based 
on the preceeding configuration, <IfDefine> evaluates based on how the binary 
was loaded by the sysadmin or init scripts.  This basically splits parts of the 
configuration out of the configuration file.

As such, to properly disable mod_ssl requires commenting out large portions of 
httpd.conf because <IfDefine> regards how the binary was loaded, not how it was 
configured previously in httpd.conf.  It really doesn't matter either way too 
much except that it's inconsistent, and it doesn't make sense to do it this way 
when there's a better more uniform way.

Version-Release number of selected component (if applicable):
apache-1.3.27-2, mod_ssl-2.8.12-2

How reproducible:
Every time

Steps to Reproduce:
1. Install apache, mod_ssl
2. less /etc/httpd/conf/httpd.conf
Actual results:
It seems that the packager intended the sysadmin to chmod a-x the modules in 
the filesystem in order to configure their server.  This adds to the complexity 
of installation and upgrading.  There is no guarantee that the file modes will 
stay the same during an upgrade (in fact they likely would not), which would 
cause a dramatic change in the configuration of the server, and potential 
failure to load.  Configuration should be in the config files, not in the 

Expected results:
All mod_ssl options being surrounded by <IfModule mod_ssl.c> instead of 
<IfDefine HAVE_SSL>.  Sysadmin should be able to select which modules they want 
loaded in httpd.conf and have the rest of the config adapt.

Additional info:

Comment 1 Joe Orton 2003-09-01 10:54:11 UTC
The -DHAVE_FOO system was removed in 8.0 in favour of the conf.d directory; this
is essentially a solved problem.  Thanks for the report.

Note You need to log in before you can comment on or make changes to this bug.