httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gonyou, Austin" <aus...@coremetrics.com>
Subject RE: mod_tls
Date Wed, 29 Aug 2001 16:48:43 GMT
The referrence here is one about all the filters used by apache 2.0. If
there is a filter bucket in APR, it's understandable that Apache 2.0 modules
will have 2 parts. The logic piece and the filter piece. As far as I can
tell, the filter mechanism allows for some distinct advantages and makes for
a very flexible configuration framework. My issue here is that if mod_tls is
sacrificed, then what's the point of using filters at all anyway? That said,
could it be said that you CAN write a module for Apache 2.0 without needing
the use of filters? If so, then that makes sense. 

-- 
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-796-9023
email: austin@coremetrics.com 

> -----Original Message-----
> From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
> [mailto:madhusudan_mathihalli@hp.com]
> Sent: Tuesday, August 28, 2001 9:39 PM
> To: 'dev@httpd.apache.org'
> Subject: RE: mod_tls
> 
> 
> 'not sure what you mean by "entire filter scheme" - if you're 
> referring to
> the proposal to seperate the HTTPS and the SSL filter logic - 
> I'd rather
> prefer to leave SSL as it is (especially if it works with 
> other protocol
> modules).. 
> 
> Thanks
> -Madhu 
> 
> -----Original Message-----
> From: Gonyou, Austin [mailto:austin@coremetrics.com]
> Sent: Tuesday, August 28, 2001 1:08 PM
> To: 'dev@httpd.apache.org'
> Subject: RE: mod_tls
> 
> 
> Kewl. Less maintenance all around. Is the entire filter 
> scheme doomed like
> this though?
> 
> -- 
> Austin Gonyou
> Systems Architect, CCNA
> Coremetrics, Inc.
> Phone: 512-796-9023
> email: austin@coremetrics.com 
> 
> > -----Original Message-----
> > From: Ryan Bloom [mailto:rbb@covalent.net]
> > Sent: Tuesday, August 28, 2001 1:58 AM
> > To: dev@httpd.apache.org; Doug MacEachern
> > Cc: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
> > Subject: Re: mod_tls
> > 
> > 
> > On Monday 27 August 2001 23:03, Doug MacEachern wrote:
> > > On Thu, 23 Aug 2001, Ryan Bloom wrote:
> > > > Because mod_ssl only implements the SSL wrapping for 
> > HTTP.  The idea is
> > > > that the filters go in mod_tls, and mod_ssl just has the 
> > logic to make
> > > > the filters work for HTTP.  That way, SSL can work with 
> > POP3, NNTP, and
> > > > the proxy.
> > >
> > > i think mod_ssl should work with all protocols (it works 
> > with nntp right
> > > now).  mod_ssl provides features such as:
> > > CRLs
> > > session caching
> > > per-location renegotation
> > > SSLRequire
> > > logging
> > > var lookups
> > > and so on that are not http specific.
> > >
> > > there is a bit more effort to get a protocol module such as 
> > nntp working
> > > both with and without ssl.  for example with nntp when the 
> > first client
> > > connects it does not send a request (like http clients do), 
> > but awaits a
> > > 200 - ready response.  to work with ssl, an nntp protocol 
> > module needs to
> > > first call get_brigade to trigger the initial ssl 
> > negotiation.  but the
> > > same issue is there with mod_tls.   personally, i don't 
> > think its worth
> > > the effort to maintain both mod_tls and mod_ssl.  effort 
> > would be better
> > > spent modularizing mod_ssl to support other protocols if needed.
> > 
> > Cool, if this works, then we should just ditch mod_tls.
> > 
> > Ryan
> > 
> > ______________________________________________________________
> > Ryan Bloom                        	rbb@apache.org
> > Covalent Technologies			rbb@covalent.net
> > --------------------------------------------------------------
> > 
> 

Mime
View raw message