httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: test framework/mod_authany's check user id hook vs. mod_ssl's
Date Fri, 20 Mar 2009 17:15:10 GMT
Joe Orton wrote:
> On Thu, Mar 19, 2009 at 04:36:42PM -0400, Jeff Trawick wrote:
>> Beyond the mod_authany question, why doesn't mod_ssl declare its check user
>> id hook really-first if it can generate the basic auth?  (Let the extremely
>> limited number of modules which generate basic auth headers fight it out via
>> predecessor/successor lists.)
> I doubt much thought has gone into it.
> Since, as you say, all the FakeBasic code needs to happen before the 
> real check_user_id hooks run, I'd reckon it would make more sense to 
> move it to e.g. the post_read_request hook (ssl_hook_ReadReq), rather 
> than trying harder to win the hook ordering game?

For that matter, why does SSLRequire still exist?  Has nothing to do at
all with SSL ;-)  Perhaps it's time to start doing what Mr Laurie wanted
to accomplish in the first place, and (saving functionality elsewhere)
pare mod_ssl to the bone of what it is meant to do?  socache was a good
start, obviously :)

View raw message