> Am 23.02.2021 um 11:14 schrieb Joe Orton <jor...@redhat.com>:
> On Mon, Feb 22, 2021 at 05:28:03PM +0100, Stefan Eissing wrote:
>> Regarding my proposal to add SSL related inquiry functions to our core 
>> server, here
>> is a patch for the "ssl_is_https()" function. This allows:
>> a) anyone to inquire about a connections SSLiness without the optional 
>> function retrieval. 
>>   It will itself call such a function provided by a module. So this should 
>> make anyone 
>>   using the new ap_ssl_is_ssl(c) remain compatible to existing ssl modules.
> This makes sense to me except, obviously, I will start a fight to 
> bikeshed the naming, since "SSL is SSL" scans quite weirdly?  
> ap_is_https() or ap_conn_is_{ssl,tls}() or something would be better 
> IMO?

Was ping-pong in this as well. But we need to extend this for other 'ssl' 
optional functions and I thought keeping a comming 'ap_ssl_' prefix is overall 
better to parse. But I am not strong opinioned on this.

>> b) provide a hook to ssl modules where they can register to inform about 
>> connections they manage.
>> c) allow old modules that use the existing optional functions to work when 
>> everyone uses the new hook.
>> If I got this right, of course. Feedback very much appreciated.
> Looks like the right design otherwise to me.  And all the modules which 
> do the dance to retrieve ssl_is_https currently, can be changed over to 
> this new API?  A nice simplification.


> FWIW we briefly tried in RHEL supporting loading mod_ssl & mod_nss into 
> httpd simultaneously, patching both to juggle the optional functions, 
> and it was a bit painful/stupid.  So, this is definitely much better.  
> (We dropped mod_nss from RHEL8 onwards anyway)
> Regards, Joe

Reply via email to