On 10/25/2007 06:24 PM, William A. Rowe, Jr. wrote: > Plüm wrote: >> Sorry, but I do not get the purpose of this patch. >> Why reading from our *client* (regardless if it is SSL or not) >> when the backend is SSL? > > The original flaw, maybe long gone, is that mod_ssl implementation was > pull; on first read handshake would occur. The INIT blocking-flag was > added when Doug (IIRC) noted that mod_ftp couldn't simply write to the > client, the handshake wouldn't run properly. > > INIT let us do an initial pull from the client of nothing, soliciting > the SSL handshake before Ftp Welcome.
Sorry for still being confused, but I don't get what this has to do with the client when the backend is SSL. I would understand that something like this is needed if the proxied backend is SSL or the connection to our client is SSL. I don't get why I need to read also from a non SSL client if the the connection to the backend is SSL. Just to avoid confusion with the terms: Client (e.g. browser) <--> httpd (proxy / reverse proxy) <--> backend server So reading from an SSL backend as the first thing might make sense (haven't thought this out further. Regards Rüdiger
