On 09/13/2009 07:30 PM, Graham Leggett wrote: > Ruediger Pluem wrote: > >>> The use of the connection in the HTTP proxy code is a prerequisite for >>> supporting SSL to a backend server. > >> As said there was no alternative as we had and have no SSL aware HTTP client >> library >> in httpd. > > We do, take a look for the "SSLProxy*" directives in mod_ssl. This SSL > support is possible because we use connections, not raw sockets.
I guess we are circling around the same point with no real difference in opinion: All of the available HTTP code in httpd (as I said) and the SSL stuff (as you point out) was only available via that connection interface and no other more client oriented interface was present in httpd to use. So it was done with connections. And it works. My point in the previous mail was that using the connection interface for this purpose imposes some problems with pool lifetimes, allocators and the pre connection hook and that there might be more elegant and clearer solutions for the *HTTP* backend via the means of a HTTP client library like serf. But this requires a complete rewrite of the current HTTP proxy code (like mod_serf does) and adds another library dependency on httpd. So the state is as is. But I stick to the point that I see no benefit in using the connection interface for handling the proxy connect interface, as the nature of the proxy connect interface is that we explicitly want a raw communication with the backend. Regards RĂ¼diger
