Bug 84177 - mod_ssl dynamic configuration directives are inconsistent
mod_ssl dynamic configuration directives are inconsistent
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: mod_ssl (Show other bugs)
7.3
All Linux
low Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-02-12 23:20 EST by Carl Litt
Modified: 2007-03-27 00:00 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-09-01 06:54:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Carl Litt 2003-02-12 23:20:20 EST
Description of problem:
Most dynamic module options in httpd.conf are surrounded by <IfModule> which 
only get processed if that module was activated previously in the config.  Some 
mod_ssl options are surrounded by <IfModule mod_ssl.c> but other mod_ssl 
virtual host and listen options are surrounded by <IfDefine HAVE_SSL>, which is 
inconsistent with the rest of the dynamic config.  <IfModule> evaluates based 
on the preceeding configuration, <IfDefine> evaluates based on how the binary 
was loaded by the sysadmin or init scripts.  This basically splits parts of the 
configuration out of the configuration file.

As such, to properly disable mod_ssl requires commenting out large portions of 
httpd.conf because <IfDefine> regards how the binary was loaded, not how it was 
configured previously in httpd.conf.  It really doesn't matter either way too 
much except that it's inconsistent, and it doesn't make sense to do it this way 
when there's a better more uniform way.

Version-Release number of selected component (if applicable):
apache-1.3.27-2, mod_ssl-2.8.12-2

How reproducible:
Every time

Steps to Reproduce:
1. Install apache, mod_ssl
2. less /etc/httpd/conf/httpd.conf
3.
    
Actual results:
It seems that the packager intended the sysadmin to chmod a-x the modules in 
the filesystem in order to configure their server.  This adds to the complexity 
of installation and upgrading.  There is no guarantee that the file modes will 
stay the same during an upgrade (in fact they likely would not), which would 
cause a dramatic change in the configuration of the server, and potential 
failure to load.  Configuration should be in the config files, not in the 
filesystem.

Expected results:
All mod_ssl options being surrounded by <IfModule mod_ssl.c> instead of 
<IfDefine HAVE_SSL>.  Sysadmin should be able to select which modules they want 
loaded in httpd.conf and have the rest of the config adapt.

Additional info:
Comment 1 Joe Orton 2003-09-01 06:54:11 EDT
The -DHAVE_FOO system was removed in 8.0 in favour of the conf.d directory; this
is essentially a solved problem.  Thanks for the report.

Note You need to log in before you can comment on or make changes to this bug.