httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Deboy <>
Subject [PATCH 55467] Support for OpenSSL custom TLS extensions and supplemental data
Date Wed, 21 Aug 2013 22:37:53 GMT
I'm contributing a patch which facilitates send and receive of custom TLS extensions and supplemental
data from third party modules.

The patch attached to the bugzilla issue is completely additive, and only updates mod_ssl

OpenSSL includes an API supporting send and receive of custom TLS extensions, which can be
found in the 1.0.2 stable and master git branches.  I've contributed a patch to OpenSSL which
adds similar support for supplemental data, which will hopefully be incorporated soon.

Updates to mod_ssl include:
 - Optional functions supporting registration of interest in specific TLS extensions or supplemental
data types.  Registering interest results in hook handlers being called.
 - Optional hooks supporting send and receive of the TLS extension data and supplemental data.
 - An optional hook notifying handlers of handshake completion.  Renegotiation is initiated
if the hook handler returns OK.  If the hook handler returns DECLINED, renegotiation is not
 - An optional function allowing third party modules to initiate renegotiation at any time.

I did implement an 'optional hook run first' capability directly in mod_ssl code, as it isn't
currently available in APR.  If it's preferable to have that change incorporated into APR
and leveraged from this change, I'm happy to provide an APR patch and update this patch.

Exposing support for send and receive of custom TLS extensions and supplemental data, as well
as the ability to initiate renegotiation on handshake completion, allows me to implement RFC
5878 (TLS authorization extensions) completely in third-party module code.

Any feedback is appreciated.

Thanks much,


View raw message