httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: Making the ssl expr parser thread safe
Date Fri, 01 Oct 2010 09:23:54 GMT
On Wed, Sep 29, 2010 at 11:07:14PM +0200, Stefan Fritsch wrote:
> On Wednesday 29 September 2010, Nick Kew wrote:
> > It's been sitting in my to-do list to review mod_ssl's expression
> > parser, and see if we can't substitute ap_expr - with updates to
> > the latter if necessary.
> > 
> > Any thoughts on whether that would work based on your look at it?
> 
> From a technical point of view I see no reason why it would not work. 
> But it would mean to either make the syntax of ap_expr match exactly 
> the syntax of ssl_expr or to break backward compatibility in 
> SSLRequire. I am not sure either makes sense.
> 
> Maybe it would be better to keep both in 2.4 and throw out ssl_expr in 
> 3.0?

"Require expr" is close enough to SSLRequire if ap_expr grew 
documentation and SSL variable lookup, by the looks of it.  The only 
thing missing then is PeerExtList() which would make sense to do via 
Lua, really; it's inflexible and awkward in SSLRequire already.  I'd be 
more than happy to see that done in 2.4.

The ap_expr API is still as fugly as when I reviewed it way back; lacks 
namespace-safety, lacks docs, exposure of parser internals is awful, 
etc.  Is nobody planning to clean this up before 2.4?

Regards, Joe


Mime
View raw message