httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: [patch] Cleaning out my trees, proxy-ssl patch
Date Thu, 25 Oct 2007 18:48:37 GMT


On 10/25/2007 06:24 PM, William A. Rowe, Jr. wrote:
> Plüm wrote:
>> Sorry, but I do not get the purpose of this patch.
>> Why reading from our *client* (regardless if it is SSL or not)
>> when the backend is SSL?
> 
> The original flaw, maybe long gone, is that mod_ssl implementation was
> pull; on first read handshake would occur.  The INIT blocking-flag was
> added when Doug (IIRC) noted that mod_ftp couldn't simply write to the
> client, the handshake wouldn't run properly.
> 
> INIT let us do an initial pull from the client of nothing, soliciting
> the SSL handshake before Ftp Welcome.

Sorry for still being confused, but I don't get what this has to do with
the client when the backend is SSL. I would understand that something like
this is needed if the proxied backend is SSL or the connection to our client is SSL.
I don't get why I need to read also from a non SSL client if the the connection
to the backend is SSL. Just to avoid confusion with the terms:

Client (e.g. browser) <--> httpd (proxy / reverse proxy) <--> backend server

So reading from an SSL backend as the first thing might make sense (haven't
thought this out further.

Regards

Rüdiger


Mime
View raw message