Re: svn commit: r1887085 - in /httpd/httpd/trunk: CHANGES include/ap_mmn.h include/http_protocol.h modules/md/mod_md.c modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_private.h server/protocol.c

Wed, 03 Mar 2021 02:37:09 -0800 


On 3/3/21 11:25 AM, Stefan Eissing wrote:
> 
> 
>> Am 03.03.2021 um 11:17 schrieb Ruediger Pluem <rpl...@apache.org>:
>>
>>
>>
>> On 3/3/21 11:01 AM, Stefan Eissing wrote:
>>>
>>>
>>>> Am 03.03.2021 um 10:44 schrieb Stefan Eissing 
>>>> <stefan.eiss...@greenbytes.de>:
>>>>
>>>>
>>>>
>>>>> Am 03.03.2021 um 10:31 schrieb Ruediger Pluem <rpl...@apache.org>:
>>>>>
>>>>>
>>>>>
>>>>> On 3/3/21 9:54 AM, Stefan Eissing wrote:
>>>>>>> Am 03.03.2021 um 09:35 schrieb Stefan Eissing 
>>>>>>> <stefan.eiss...@greenbytes.de>:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Am 02.03.2021 um 20:54 schrieb Ruediger Pluem <rpl...@apache.org>:
>>>>>>>>
>>>>>>>>
>>>>>>>>

>>> typedef struct ap_bytes ap_bytes;
>>> struct {
>>>  const char *data;
>>>  apr_size_t len;
>>> } ap_bytes;
>>>
>>> AP_DECLARE(int) ap_ssl_answer_challenge(conn_rec *c, const char 
>>> *server_name, const ap_bytes **pcertificate_key_pem);
>>
>> Crossing posts :-). Quick questions:
>>
>> 1. What is the need for the len field above? I think PEM encoded data could 
>> be nul terminated. Or do you want to leave an option
>>   for DER data?
> 
> I have been in too much contact with languages that do not NUL-terminate 
> strings, it seems. We could just make it a "const char **" then. 
> 
> I do not like to define something generic parameters where the additionals 
> use cases are unclear and may never happen. So, no DER foreseen by me. I 
> think for the amount of data that is passed with keys/certificates, a PEM 
> encoding is the most portable and should work fine.

PEM seems to be a good choice and having a clear interface as well. Hence +1 to 
PEM only.

> 
>> 2. As there is only one ap_bytes ** above, do you want to merge the PEM 
>> encoded certificate and key in one string?
> 
> That was the thought. When I started with mod_md, I kept them separate 
> because everyone else seem to be doing it. But I do not really see any 
> benefit in that, really. But then, I am ignorant of a lot of things, I found 
> in life...

I think having them together is fine, the only question is if this makes it 
harder to use for others if they keep them separate.

Regards

RĂ¼diger
























					Reply via email to