As a small experiment we have been trying to add STLS support to mod_pop3. Just for info STLS is equivalent to STARTTLS in SMTP and means that the connection is established as an insecure one and then later is upgraded to TLS security.
mod_ssl was enabled on the virtual host for mod_pop3. A different filter chain was used when creating the request. As the filter chain only contained mod_core, mod_ssl and mod_pop3 acted as the content module, I set the request filters to point directly to mod_core (e.g c->output_filters->next). The request filter were again modified to point to mod_ssl when connection is upgraded to TLS. This worked fine, accept for the fact that some https request started crashing. A better idea it seems is to allow the request to have the same filter chain as connection, but use two seperate filter_pointers in the get_brigade and ap_fprintf. These pointers can initially point to mod_core and later when the connection is upgraded, they can be set to point to mod_ssl. I want some feedback from other developers whether such a technique will be successful and stable?
