Open alexmv opened 10 years ago
This is one of the "can't make everyone happy" problem. I'm sure we'll see loads of issues when we disable this check because MOD_PERL env can be used for variety of things like we see here.
I guess the workaround here is to wrap the loading of Net::SSLeay into a block that adds MOD_PERL so that initialization phase will see it but not elsewhere.
When you say "wrap the loading of Net::SSLeay," the only way that I'm coming up with to do that is pushing a coderef onto @INC, or something equally horrid. Was there something less twitch-worthy you had in mind?
I feel this at least warrants a warning in the documentation, because Net::SSLeay is really not that odd a module to require. Would you take a doc patch?
Oh I was thinking of little more explicit, like
BEGIN { local $ENV{MOD_PERL} = 1; require Net::SSLeay; }
and that obviously should happen before loading any modules that attempts to load Net::SSLeay underneath.
I wonder - could there be any better way for Net::SSLeay to detect that it is running under mod_perl, besides MOD_PERL env variable? Just curious.
The problem is that places the burden on all modules which might require Net::SSLeay. This is biting us in the instance of RT, where an RT plugin might use TLS to talk to a remote LDAP server, or similar. Either we can add that code to every RT plugin which uses Net::SSLeay, or we can do that globally before loading all RT plugins -- and hope that all of the modules that all possible plugins might load will do good things with detecting $ENV{MOD_PERL} and not evil things. The former means having to repeat oneself in a slew of modules, the latter is possibly over-broad.
I'm not aware of any cleaner way to detect the presence of mod_perl from C, offhand.
I get that pain, and would love to kill this kludge but there probably needs a configuration flag, and maybe documentation first, to switch this behavior?
Yeah, I agree that any change here needs to be made carefully, soas to not break code which tries to seize the reins when mod_perl is involved. Which is why I was pondering earlier about what we know about the current failure modes (from Catalyst, CGI, etc) if it's not deleted from %ENV.
Plack::Handler::Apache2 hides $ENV{MOD_PERL} before preloading applications. This is in an attempt to:
However, this interacts poorly with modules which need to be aware of if they are loaded in a mod_perl environment. Take, for instance, Net::SSLeay, which does:
This means that the following minimal PSGI app, if preloaded, segfaults Apache during startup:
...if run on an SSL-enabled Apache with the suggested configuration:
The only recourse apparently available to PSGI apps is to kludgily attempt to determine if they're running under mod_perl via:
...before loading any code which might load Net::SSLeay.
Is it known which Plack-compatible applications still inspect
$ENV{MOD_PERL}
in the context of PSGI preloading? Does Catalyst still care?