[
https://issues.apache.org/jira/browse/TS-2437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13870186#comment-13870186
]
James Peach commented on TS-2437:
---------------------------------
Changes to the public API need to go through the review process described here:
https://cwiki.apache.org/confluence/display/TS/API+Review+Process
Comments on this proposal:
- I'm uncomfortable directly exposing OpenSSL data structures Although the
probability of using a different SSL implementation is quite low, it still
seems like something we should try hard to avoid.
- This creates a dependency from iocore up to the HTTP proxy.
- The API itself has a fixed limit on the number of certificates, which won't
work. There's no way to determine the number of registered certificates, so the
only use case here is to iterate over them all and alter them one at a time.
- I think that an API of this nature should be better integrated into the
existing Traffic Server API. For example, it would be useful to manipulate the
SSL context at session creating time.
There's some more ideas for a SSL API in TS-1584 and TS-2210
> Add an API to expose SSL_CTX for applications
> ---------------------------------------------
>
> Key: TS-2437
> URL: https://issues.apache.org/jira/browse/TS-2437
> Project: Traffic Server
> Issue Type: Task
> Components: SSL
> Reporter: Wei Sun
> Assignee: James Peach
> Fix For: 4.2.0
>
> Attachments: TS-2437.diff
>
>
> It'll be good to add an API to expose all the SSL_CTXs, so that plugins can
> manipulate their specific ssl settings / call back, etc.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)