httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Jones <JON...@er6s1.eng.ohio-state.edu>
Subject Re: SSL support
Date Sun, 04 Feb 2001 18:37:35 GMT
In message <Pine.LNX.4.21.0102040727001.12907-100000@koj>,
  rbb@covalent.net writes:
>> A fallback position would be to replace the bottom (i.e. socket) layer,
>> but I'd rather avoid that if I can - however, if the answer to the above
> is "forget it", then I guess I need to know how one does that (I haven't
> looked, so just kick me if its obvious).
>
>One doesn't.  :-)  It should be perfectly possible to create an SSL module
>that is a filter.

The current mod_ssl works by simply handing over the socket fd to the OpenSSL 
library and letting it do reads and writes (by way of the BIO_s_fd callbacks)
as it sees fit.  To make the reads and writes happening inside OpenSSL go to 
bucket streams instead, you have to write a class to replace BIO_s_fd.

I think there is a good argument to be made that SSL should be implemented as
a replacement for the socket layer, that's why it is named Secure Socket
Layer.

-------------------------------------------------------------------------------
David L. Jones               |      Phone:    (614) 292-6929
Ohio State University        |      Internet:
140 W. 19th St. Rm. 231a     |               jonesd@er6s1.eng.ohio-state.edu
Columbus, OH 43210           |               vman+@osu.edu

Mime
View raw message