httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: [PATCH] mod_ssl APIs to allow implementation of Certificate Transparency as a separate mod
Date Mon, 14 Apr 2014 12:38:22 GMT
On Mon, Apr 14, 2014 at 8:14 AM, Graham Leggett <minfrin@sharp.fm> wrote:

> On 14 Apr 2014, at 2:03 PM, Joe Orton <jorton@redhat.com> wrote:
>
> > Interesting stuff!
> >
> > I do think it is preferable to keep mod_ssl.h toolkit-agnostic.
>
> +1.
>
> >  Because
> > the API you are adding is not indended to be "private", I'd suggest
> > mod_ssl_openssl.h or something like that instead.
>
> Pass what you need as DER encoded structures, that way can can swap
> backends and they will still work.
>

Pragmatically, what I need is to make OpenSSL calls at certain points
(e.g., augment the type of setup that mod_ssl is doing).  I'm not in a
position (i.e., many days with nothing to do) to create enough generic
interfaces to allow arbitrary mod_foo+FooSSL to implement CT.

The generic TLS extension APIs submitted earlier were just a start, and
even those needed additional work.


> Regards,
> Graham
> --
>
>


-- 
Born in Roswell... married an alien...
http://emptyhammock.com/
http://edjective.org/

Mime
View raw message