https://issues.apache.org/bugzilla/show_bug.cgi?id=29744
--- Comment #57 from Emmanuel Elango <[EMAIL PROTECTED]> 2008-03-05 09:07:12 --- I dont see why CONNECT should not be supported over an SSL connection. I mean after all a proxy is a proxy and ssl is ssl. The proxy should do its job and ssl should do its. I think writing directly to the socket instead of the handler that called it not a great idea on the part of mod_proxy. This is becoming a much needed functionality given the increasing restrictiveness of corporate firewalls. If I (and others) get access only to port 443 and I need to run a secure webserver as well as a proxy then apache is the only solution. If I use SSHD then only I will benefit and others cannot use the secure web server (since I cant be handing out ssh logins to all and sundry). Most people do not get 2 IP addresses to run both SSHD and Apache separately. I have been running this patch on winxp for over 3 years now and it works great. Managed to compile it using MSVC++. One can get a free one month ssl certificate from rapidssl. Since this certificate will be verifiable from the certificate store of all browsers (except for the expired date) it provides fairly good security against a man in the middle attack too. I think if this patch is made mainstream, interesting apps on bypassing restrictive firewalls will make their appearance. I myself have one which I have not released because of this unfixed issue. Havent had problems with plain over SSLv3 or SSLv3 over SSLv3 using putty and/or mozilla and my own app which does what stunnel does except that it verifies the certificate (unlike stunnel). Sometimes disconnects are a problem, but it could be because of intermediate proxies. Setting keep-alives in putty does keep the connection going for a fairly long time (a couple of hours at least). In any case I think Apache has a rather intimidating attitude towards requests. The default hypothesis seems to be that most requests are worthless. But then I guess that the problem with the world. A few people control resources that affect far too many people, some of whom may not even be aware of how it is affecting or not affecting them. Look at our politicians or bureaucrats or even our bosses within the organization. Some requests may be worthless, some may be worth it, but demand is never a very great indicator at least in this case. I am sure not many really cared whether man had to go to the moon, or whether Mozart should have composed his famous pieces. After all these were paid for by the majority since Mozart didnt possibly go farming in the mornings. But why intimidation and sarcasm should always be part of the response I often fail to understand. Enough said I guess. Glad to help in case anyone needs help compiling or setting up. I'd really like this to be included or else a fork to happen. Que sera sera. (In reply to comment #55) > (In reply to comment #54) > > I do not agree, we first need closure on the fact whether the Apache > > developers > > want to support CONNECT over an SSL connection. > > You won't get that by posting here. This isn't the dev list. > > > There are cases where this > > functionality is needed and useful, but as long as this is not acknowledge > > by > > any of the developers, why should we bother with patches ? > > People have lots of demands on their time, and a chronic shortage of round > tuits. Evidently no committer sees a need for this (or it would have got > their > attention before now). If anyone wants a patch, you have to convince us it's > worth our time and effort to review it. > > > I also do not agree with your assessement of this bugreport. Did you try or > > use > > the functionality yourself ? Did you have a problem with it ? > > I have no use for it. > > I took a look, because the sheer number of people subscribed seems to indicate > a real demand. But when I see numerous competing patches, and lots of > comments > about them not working, it's too much effort to figure out where to start. > -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
