httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: PR29744
Date Sun, 13 Sep 2009 20:38:39 GMT


On 09/13/2009 07:30 PM, Graham Leggett wrote:
> Ruediger Pluem wrote:
> 
>>> The use of the connection in the HTTP proxy code is a prerequisite for
>>> supporting SSL to a backend server.
> 
>> As said there was no alternative as we had and have no SSL aware HTTP client library
>> in httpd.
> 
> We do, take a look for the "SSLProxy*" directives in mod_ssl. This SSL
> support is possible because we use connections, not raw sockets.

I guess we are circling around the same point with no real difference
in opinion:
All of the available HTTP code in httpd (as I said) and the SSL stuff
(as you point out) was only available via that connection interface and no
other more client oriented interface was present in httpd to use.
So it was done with connections. And it works.

My point in the previous mail was that using the connection interface for
this purpose imposes some problems with pool lifetimes, allocators and the
pre connection hook and that there might be more elegant and clearer
solutions for the *HTTP* backend via the means of a HTTP client library
like serf. But this requires a complete rewrite of the current HTTP
proxy code (like mod_serf does) and adds another library dependency
on httpd. So the state is as is.
But I stick to the point that I see no benefit in using the connection
interface for handling the proxy connect interface, as the nature of
the proxy connect interface is that we explicitly want a raw communication
with the backend.

Regards

RĂ¼diger

Mime
View raw message