httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <>
Subject RE: cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c
Date Thu, 04 Oct 2001 18:47:07 GMT
I was initially thinking on similar lines - but then, I thought it's better
to honor the SSL_ERROR_WANT_READ error that's returned by SSL_accept. If the
filter can understand what SSL_accept is requesting (probably in terms of
the no. of bytes), we can easily get ssl to adapt to the current filter
logic.. Most of the ssl input data/parameters are stored in the SSL context
- I was thinking of something like :

ret = ssl_hook_process_connection()
if (ret == SSL_ERROR_WANT_READ) {
    find out how many more bytes are required;
    repeat the process;
else if (ret == SUCCESS)
    continue further..


-----Original Message-----
From: '' []
Sent: Thursday, October 04, 2001 11:14 AM
Subject: Re: cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c

On Thu, Oct 04, 2001 at 02:06:04PM -0400, MATHIHALLI,MADHUSUDAN
(HP-Cupertino,ex1) wrote:
> Justin,
> 	While you're working on cleaning up the input filter logic, can you
> also please clean up the variable names / function names used - OtherBill
> had brought up this issue long time back, but it got postponed as we were
> trying to stablize the filtering logic.. Incase you've lotsa other work, i
> can send a patch..

Oh, you bet your bippie, all of the local variables are getting changed
in the filter code (style changes be damned).  =)  I'm also planning on 
switching the style of the filter to match our "typical" filter code -
this will make it easier to understand, hopefully.

FWIW, I'm planning on implementing it like so:

if it is readbytes==0 (getline behavior), 
    read a chunk of data via ap_get_brigade
    decrypt it
    search for LF
    if match
        setaside remainder into local context.
        return the brigade
    repeat until we find LF
if it is readbytes!=0,
    call ap_get_brigade for that amount of data.
    decrypt the brigade.
    return the brigade. 
    (Note that I think we may end up returning less than is requested
     oftentimes, but that is definitely be permitted in our architecture - 
     just never return more than we ask for...)
I don't think we should support readbytes==-1 or peek just yet.

The only thing this means is that SSL_IN can be added at any point,
but it can't be removed once it has been added (since it will have
some buffering).  I don't think that'll be a problem though - I
know you can Upgrade a request to SSL, but I don't think you can
downgrade a request.  If that is the case, we need to think this
over some more...
I have class at 2PM, so I hope I can get something working out 
before I need to go to class...  -- justin

View raw message