httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@mjwilcox.com
Subject Re: SSL as a layer?
Date Tue, 28 Mar 2000 03:35:37 GMT
On 27 Mar 00, at 17:01, Greg Stein wrote:

> On Mon, 27 Mar 2000 rbb@apache.org wrote:
> > I wrote:
> > > Do you mean that the SSL needs to write to the socket file descriptor Or
> > > simply that it must be the "last layer"? (by arranging to be last or
> > > hooking at the r->connection->client level?)
> > 
> > SSL must be the layer to actually write out to the network.  
> 
> To clarify: it must be the *last* layer. i.e. when it does something like
> ap_layer_write(), the contents spill out the socket.
> 
> Or do you mean the SSL layer must do send(fd, buf, len) ?
> 
> If the former, then I believe we simply ensure SSL is the last layer. If
> the latter, then how does it hook in today? Replace conn->client->iol? If
> so, then we aren't obviating that with any of the suggested designs.
> 
> > That's one of the reasons this model doesn't work, and why modules must
> > know if they have other modules to operate on the data.
> 
> I don't see how this follows. A processing module writes its "output" to
> the "next layer". That next layer is truly a layer, or it is
> connection->client. But the processor doesn't have to know that...
> 
I agree with Greg and Ryan. SSL  in Apache should be like it is 
with the SSL libraries in Perl or Java. You simply write to the 
socket (or layer in this case) and be done with it. 

My question is (and this maybe dumb, but it's never stopped me 
before ;), how do things like client certificates get passed to other 
modules. Will the SSL layer simply add to a generic environmental 
structure? 

Mark




Mime
View raw message