httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@apache.org
Subject Re: SSL Upgrade support.
Date Tue, 08 Oct 2002 02:48:35 GMT

Joe,

I tried to compile cadaver 0.19.1 and 0.18.5, but neither one would
compile for me.  Do you happen to have linux binaries lying around, or do
you have the magic incatation to get it to compile?  BTW, I tried 0.18.5
becasue according to the CVS logs, it looks like that is the cadaver
version with the upgrade support.

Any help you can offer would be great.  Otherwise, I will have to add the
support back to the most recent version of neon.

Ryan

On Mon, 7 Oct 2002, Joe Orton wrote:

> On Sun, Oct 06, 2002 at 11:50:04PM -0400, Ryan Bloom wrote:
> > Just a heads up.  I wrote SSL Upgrade support this weekend for Apache
> > 2.0.  In my (currently) limited testing, things look pretty good.  We
> > currently respond to all requests correctly, and I think I have the SSL
> > filters being inserted properly.  However, there are no clients that I
> > know of that support this feature yet.  My hope was to have time to add it
> > to Neon this weekend, but it didn't happen.  I won't commit the Apache
> > code until I can test it with a client, so if anybody wants to
> > help me implement the client side, or if anybody knows of any clients that
> > already support this, please let me know.
> 
> I did have TLS upgrade support in neon but removed it in 0.22.0 since it
> was unused in practice and not really very useful even in theory (see
> ietf-tls archives).
> 
> You can try cadaver 0.19.1 with this patch, which will send the Upgrade
> header, and should switch to SSL on receiving a 101 interim response,
> though I haven't tested that.  (It will continue sending the Upgrade
> header on requests sent via SSL, which it shouldn't, so watch out for
> that)
> 
> --- ./src/cadaver.c.1	2002-10-07 10:09:37.000000000 +0100
> +++ ./src/cadaver.c	2002-10-07 10:10:08.000000000 +0100
> @@ -367,6 +367,8 @@
>  
>      init_locking(lockstore);
>      
> +    ne_set_request_secure_upgrade(session, 1);
> +
>      ne_set_progress(session, transfer_progress, NULL);
>      ne_set_status(session, connection_status, NULL);
>  
> --- ./libneon/ne_request.c.1	2002-10-07 10:13:23.000000000 +0100
> +++ ./libneon/ne_request.c	2002-10-07 10:15:57.000000000 +0100
> @@ -455,6 +455,9 @@
>      req->reqbuf = ne_buffer_create();
>      req->respbuf = ne_buffer_create_sized(BUFSIZ);
>  
> +    if (sess->request_secure_upgrade == 1)
> +	req->upgrade_to_tls = 1;
> +
>      /* Add in the fixed headers */
>      add_fixed_headers(req);
>  
> @@ -474,10 +477,6 @@
>  	req->use_proxy = sess->have_proxy;
>      }
>  
> -    if (sess->request_secure_upgrade == 1) {
> -	req->upgrade_to_tls = 1;
> -    }
> -
>      /* Add in handlers for all the standard HTTP headers. */
>  
>      ne_add_response_header_handler(req, "Content-Length", 
> 

-- 

_______________________________________________________________________________
Ryan Bloom                        	rbb@apache.org
550 Jean St
Oakland CA 94610
-------------------------------------------------------------------------------


Mime
View raw message