httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: [PATCH 55467] - Updates to mod_ssl to support TLS hello extensions and TLS supplemental data
Date Sat, 05 Apr 2014 01:48:51 GMT
On Tue, Feb 18, 2014 at 3:50 PM, Scott Deboy <sdeboy@secondstryke.com>wrote:

> Hi folks,
>
> I was wondering if someone would be willing/interested in reviewing the
> patch I've attached to issue 55467.
>
> https://issues.apache.org/bugzilla/show_bug.cgi?id=55467
>
> The patch adds hooks to mod_ssl which give third-party modules the ability
> to send and receive custom TLS hello extensions TLS supplemental data.  It
> also gives third-party modules the ability to trigger renegotiation.  It
> leverages APIs recently added to OpenSSL master and 1.0.2 stable branches.
>
> Any feedback is appreciated!
>
>
Any thoughts out there on passing SSL* to the hook as void* as in the
patch?  I've been experimenting with some hooks to enable Certificate
Transparency in a module, and it seemed feasible to me to let mod_ssl.h own
the job of getting the right headers included in order to specify the right
OpenSSL datatype on the API.  Is that asking for trouble?

If building with OpenSSL < 1.0.2, the affected optional hooks shouldn't be
available.

I anticipate syncing my CT code with the pieces
for SSL_CTX_set_custom_cli_ext()/SSL_CTX_set_custom_srv_ext() and
committing the relevant parts of your patch (not that the rest is much
different).  Hopefully some "genuine" mod_ssl developers will render an
opinion on placement and any other details.



> Thanks much,
>
> Scott
>
> On Feb 6, 2014, at 2:20 PM, Scott Deboy <sdeboy@secondstryke.com> wrote:
>
> > Support for sending and receiving TLS hello extensions and TLS
> supplemental data messages has recently been added to the OpenSSL GitHub
> master branch.
> >
> > I've submitted a patch to mod_ssl which allows third-party modules to
> send and receive TLS hello extensions and TLS supplemental data via
> optional hooks and functions.
> >
> > The patch can be found here:
> https://issues.apache.org/bugzilla/show_bug.cgi?id=55467
> >
> > I'm happy to update the patch based on feedback.
> >
> > Thanks much,
> >
> > Scott Deboy
> >
>
>


-- 
Born in Roswell... married an alien...
http://emptyhammock.com/
http://edjective.org/

Mime
View raw message