httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Travis <jtra...@covalent.net>
Subject Re: SSL support
Date Sun, 04 Feb 2001 19:46:25 GMT
On Sun, Feb 04, 2001 at 02:03:05PM +0000, Ben Laurie wrote:
> Jon Travis wrote:
> > 
> > On Sat, Feb 03, 2001 at 08:13:20PM +0000, Ben Laurie wrote:
> > > OK, I'm not going to wait around for someone else to take the lead any
> > > more - so I've started work on mod_tls (name chosen to avoid confusion).
> > > I intend to check stuff in as soon as I have it working even a little -
> > > this is going to be a group activity :-)
> > >
> > > However, I've immediately hit a problem - SSL requires the ability to
> > > write when its reading and read when its writing, if you see what I
> > > mean. Now, I really wanted to slot it in as a filter, which means that
> > > the read filter has to be able to send stuff to the write filter chain
> > > (well, insert stuff, more to the point) and vice versa. I can't
> > > immediately see how that's possible, if it is at all. Is it? Should it
> > > be?
> > >
> > > A fallback position would be to replace the bottom (i.e. socket) layer,
> > > but I'd rather avoid that if I can - however, if the answer to the above
> > > is "forget it", then I guess I need to know how one does that (I haven't
> > > looked, so just kick me if its obvious).
> > 
> > Why not just replace the standard socket bucket with a new SSL socket
> > bucket.  And add output filters to send that data back out the pipe?
> > I don't think this needs to be implemented as a read filter.
> 
> You've lost me - why would I need to replace the socket bucket _and_ add
> an output filter? How come I need an output filter and not an input one?

Because the buckets are read from and not written to.  We can disregard
this dicussion though, because I believe that the 2 filtered approach
will be much better, and definitely more modular.

-- Jon

Mime
View raw message