httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: mod_tls
Date Wed, 29 Aug 2001 18:32:47 GMT
From: "Gonyou, Austin" <>
Sent: Wednesday, August 29, 2001 11:48 AM

> The referrence here is one about all the filters used by apache 2.0. If
> there is a filter bucket in APR, it's understandable that Apache 2.0 modules
> will have 2 parts. The logic piece and the filter piece. As far as I can
> tell, the filter mechanism allows for some distinct advantages and makes for
> a very flexible configuration framework. My issue here is that if mod_tls is
> sacrificed, then what's the point of using filters at all anyway? That said,
> could it be said that you CAN write a module for Apache 2.0 without needing
> the use of filters? If so, then that makes sense. 

I think we are confusing Content filters with Connection Filters.

Connection Filters can rarely be divorced from the protocol.  E.g., chunking
and byterange filters can't be split (easily) from the http protocol.  An ssl
filter can't be split from the negotiation of the ssl conversation.

When we implement Connection-Upgrade (SSL over IP) then the extention needs
to be burried directly into mod_ssl's https layer.

I can only see splitting this into two parts from it's current state.  One part
would be the https module.  The other part would be all the client negotiation
that's left over, with hooks between.

I'm not certain we wish to 'extend' tls into this connection aspect.  To get
it right, it's easier to split out https_protocol and proxy_https from the
rich set of mod_ssl features.  Then the ssh protocol will stand alone, with an
appropriate _protocol module, for future expansion.

I'm going to state, right now, that I see this (and the further 'rearrangement'
of modules/http into a stand-alone/removable component) as httpd-2.1 features.
Right now modules/http contains a lot of core features, and the core still contains
a bunch of http features.

The third split in 2.1 would be mod_filesystem, for all the file hackishness in
the core today ;)

So I'll call these for a vote...

  a removable modules/http (fully segregated from core) is not an Apache 2.0 showstopper.

  a removable modules/https (fully segregated from mod_ssl) is not an Apache 2.0 showstopper.

  a removable mod_filesystem (fully segregated from core) is not an Apache 2.0 showstopper.

  These above-mentioned features, once complete, will instigate the 2.1 bump. 

  Today, we pull mod_tls from the distribution till we do the split above for 2.1.

This doesn't mean we don't continue to focus on Content filters until the semantics are
right (see my next post a bit later) - it just means that Connection filters have some 
growing to do :)


View raw message