> Am 23.02.2021 um 11:14 schrieb Joe Orton <jor...@redhat.com>:
>
> On Mon, Feb 22, 2021 at 05:28:03PM +0100, Stefan Eissing wrote:
>> Regarding my proposal to add SSL related inquiry functions to our core
>> server, here
>> is a patch for the "ssl_is_https()" function. This allows:
>>
>> a) anyone to inquire about a connections SSLiness without the optional
>> function retrieval.
>> It will itself call such a function provided by a module. So this should
>> make anyone
>> using the new ap_ssl_is_ssl(c) remain compatible to existing ssl modules.
>
> This makes sense to me except, obviously, I will start a fight to
> bikeshed the naming, since "SSL is SSL" scans quite weirdly?
> ap_is_https() or ap_conn_is_{ssl,tls}() or something would be better
> IMO?
Was ping-pong in this as well. But we need to extend this for other 'ssl'
optional functions and I thought keeping a comming 'ap_ssl_' prefix is overall
better to parse. But I am not strong opinioned on this.
>
>> b) provide a hook to ssl modules where they can register to inform about
>> connections they manage.
>> c) allow old modules that use the existing optional functions to work when
>> everyone uses the new hook.
>>
>> If I got this right, of course. Feedback very much appreciated.
>
> Looks like the right design otherwise to me. And all the modules which
> do the dance to retrieve ssl_is_https currently, can be changed over to
> this new API? A nice simplification.
\o/
>
> FWIW we briefly tried in RHEL supporting loading mod_ssl & mod_nss into
> httpd simultaneously, patching both to juggle the optional functions,
> and it was a bit painful/stupid. So, this is definitely much better.
> (We dropped mod_nss from RHEL8 onwards anyway)
>
> Regards, Joe
>
>