On Mon, Apr 14, 2014 at 8:14 AM, Graham Leggett <[email protected]> wrote:
> On 14 Apr 2014, at 2:03 PM, Joe Orton <[email protected]> wrote: > > > Interesting stuff! > > > > I do think it is preferable to keep mod_ssl.h toolkit-agnostic. > > +1. > > > Because > > the API you are adding is not indended to be "private", I'd suggest > > mod_ssl_openssl.h or something like that instead. > > Pass what you need as DER encoded structures, that way can can swap > backends and they will still work. > Pragmatically, what I need is to make OpenSSL calls at certain points (e.g., augment the type of setup that mod_ssl is doing). I'm not in a position (i.e., many days with nothing to do) to create enough generic interfaces to allow arbitrary mod_foo+FooSSL to implement CT. The generic TLS extension APIs submitted earlier were just a start, and even those needed additional work. > Regards, > Graham > -- > > -- Born in Roswell... married an alien... http://emptyhammock.com/ http://edjective.org/
