httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: cvs commit: httpd-2.0/modules/tls config.m4
Date Sat, 05 May 2001 13:23:06 GMT
Greg Stein wrote:
> 
> On Sat, May 05, 2001 at 11:09:47AM +0200, Ralf S. Engelschall wrote:
> >...
> > mod_tls and mod_ssl are unrelated. mod_tls was the first shot Ben did
> > for us. mod_ssl is the port of my Apache 1.3's mod_ssl to Apache 2.0.
> > The idea is that mod_ssl takes over the way SSL/TLS is hooked into
> > Apache 2.0 from mod_tls.
> 
> No. That is not my understanding at all.
> 
> The way that I heard things: mod_tls is how we do the SSL connection at the
> basic level. It deals with Apache's I/O filtering. mod_ssl builds *ON TOP*
> of mod_tls.
> 
> Further: I understood that building on mod_tls was a necessary precondition.
> Not that mod_ssl was to replace mod_tls.
> 
> Ben got all the kinks worked out of how to do the basic SSL/TLS stuff within
> the filter system. Modules such as mod_ssl (and possibly others) are to
> build on that.

That's the basic idea, though what its called and how it integrates I
don't particularly care about. The first obvious candidate for also
using mod_tls is the proxy - for outbound SSL requests, of course, which
means mod_tls will need some work doing on it.

It will also need lots of hooks adding to allow the appropriate
integration of certificate handling, caching and so forth. This is
particularly interesting when considered in conjunction with support of
other crypto libraries (or scarey, depending on how you look at it :-).

The bottom line is, of course, that it is necessary to have a filter to
do SSL, but we want one that is sufficiently independent of mod_ssl to
be useful for other things. I suspect that this means that mod_ssl will
end up being a bunch of different modules handling various hooks, but we
shall see what emerges :-)

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Mime
View raw message