httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: More detailed review of Ryan's filtering patch
Date Wed, 26 Jul 2000 21:52:08 GMT

James Sutherland wrote:
> 
> On Tue, 25 Jul 2000, Ben Laurie wrote:
> 
> > Bill Stoddard wrote:
> > >
> > > > Any one of:
> > > >
> > > >   Filters (allowing integrated SSL)
> > >
> > > I think the simple iol goes a long way to making SSL integrate seamlessly.
Allan Edwards
> > > here at IBM has enabled SSL (using IBM's gskit library) and I don't think it
required any
> > > hits to the core with one exception... I think he had to work around the sendfile
path in
> > > the default handler.
> >
> > I also did this for Apache-SSL a while back - but sendfile wasn't used
> > then. The hit on the core should be made unnecessary, though.
> >
> > The only thing about adding SSL via IOL was that the method turned out a
> > little ugly (because there was a kind of weird interaction between two
> > levels of code that had other code in between them) but I haven't really
> > thought very deeply about how to fix that elegantly. I'm sure it can be
> > done.
> 
> If you're working over an SSL connection, sendfile() isn't usable anyway,
> surely - it doesn't allow the traffic to be encrypted between disk and
> network? In this case, just disabling sendfile() usage for SSL connections
> (per connection or per server??) should do?
> 
> If Apache still works without sendfile() present on the OS, this could
> certainly be done server-wide at compile time - how much harder to do per
> connection??

Right, its no big deal, my point was that the code needs fixing so it
becomes possible without a patch.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

Coming to ApacheCon Europe 2000? http://apachecon.com/

Mime
View raw message