apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Stoddard <b...@wstoddard.com>
Subject Re: [PROPOSAL/PATCH] add ssl sockets
Date Mon, 19 Jun 2006 20:21:25 GMT
William A. Rowe, Jr. wrote:
> Jeff Trawick wrote:
>> On 6/13/06, david reid <david@jetnet.co.uk> wrote:
>>> The attached patch is a first pass at getting some support for using
>>> openssl directly for ssl sockets within APR. I've tried to be generic in
>>> the basic configure code, but the actaul guts are basically openssl 
>>> related.
>> What about an I/O layering system for sockets?  This is in essence the
>> set of function pointers used by the one true sockets API to call out
>> to the details, as mentioned in other posts.
> Only one question.  If we are back to BUFF filtering from Apache 1.3, can
> we at least go back to history and look at why it was replaced by 
> filtering?
> (Or would lurkers care to speak up?)

FWIW, I posted the apr_iol patch many years ago (perhaps to new-httpd) but for the life of
me I cannot find it 
in the archives.  It still needed a good deal of work to make it 'production' ready.  Looking
at this from an 
Apache HTTPD perspective, the main problem I see with David's patch is that it would require
modifications to 
(or replacement of) the CORE_IN and CORE_OUT filters to add SSL support.  The main value of
the apr_iol was 
that you could make all semantically similar i/o operations (ie, HTTP and HTTPS) use the exact
same API. 
Using apr_iol, it was possible to push an SSL socket into the IOL w/o modifying either CORE_IN
If I recall correctly, an IOL only added a single pointer redirection to the code path. apr_iol
solved a very 
specific problem (proliferation of semantically similar APIs) and I was never an advocate
of using IOLs as a 
generic filtering mechanism.

BTW, hello David, Jeff, Will, Justin and all. It's been a while since I've raised my head
up around here. Hope 
to see everyone at the Austin Con this year.  Lot's of beers to catch up on ;-)


View raw message