httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@covalent.net
Subject Re: SSL support
Date Sun, 04 Feb 2001 18:44:34 GMT

> >> A fallback position would be to replace the bottom (i.e. socket) layer,
> >> but I'd rather avoid that if I can - however, if the answer to the above
> > is "forget it", then I guess I need to know how one does that (I haven't
> > looked, so just kick me if its obvious).
> >
> >One doesn't.  :-)  It should be perfectly possible to create an SSL module
> >that is a filter.
> 
> The current mod_ssl works by simply handing over the socket fd to the OpenSSL 
> library and letting it do reads and writes (by way of the BIO_s_fd callbacks)
> as it sees fit.  To make the reads and writes happening inside OpenSSL go to 
> bucket streams instead, you have to write a class to replace BIO_s_fd.
> 
> I think there is a good argument to be made that SSL should be implemented as
> a replacement for the socket layer, that's why it is named Secure Socket
> Layer.

That can all be done as a filter, by simply replacing the
core_output_filter with an ssl_output_filter.  Instead of calling the
write or sendfile or writev calls that are currently in
core_output_filter, you just call the SSL equivalents.

Ryan

_______________________________________________________________________________
Ryan Bloom                        	rbb@apache.org
406 29th St.
San Francisco, CA 94131
-------------------------------------------------------------------------------


Mime
View raw message