httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: svn commit: r1750779 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_kernel.c
Date Thu, 30 Jun 2016 15:49:24 GMT
On Thu, Jun 30, 2016 at 5:26 PM, Yann Ylavic <ylavic.dev@gmail.com> wrote:
> On Thu, Jun 30, 2016 at 5:05 PM, Ruediger Pluem <rpluem@apache.org> wrote:
>>
>> Is there a reson why we use ssl_callback_SSLVerify instead of NULL like we do in
asimilar situation below?
>> IMHO we do not want to change the callback here to whatever it may set.
>> I agree that in practice there won't be any difference right now, since we only have
one callback.
>
> I agree that if/when we have multiple callback possibilities, we
> should set NULL here, but also above where we force the new mode.

Also note that we could avoid this SSL_set_verify() dance in
ssl_hook_Access() with something like the attached patch, which moves
it just before the actual renegotiation.

The new AP_CONN_CLOSE are to help core HTTP with connections we know
are not unrecoverable.

>
> Regards,
> Yann.

Mime
View raw message