[ 
https://issues.apache.org/jira/browse/TS-2437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13870186#comment-13870186
 ] 

James Peach commented on TS-2437:
---------------------------------

Changes to the public API need to go through the review process described here: 
https://cwiki.apache.org/confluence/display/TS/API+Review+Process

Comments on this proposal:

- I'm uncomfortable directly exposing OpenSSL data structures Although the 
probability of using a different SSL implementation is quite low, it still 
seems like something we should try hard to avoid.

- This creates a dependency from iocore up to the HTTP proxy.

- The API itself has a fixed limit on the number of certificates, which won't 
work. There's no way to determine the number of registered certificates, so the 
only use case here is to iterate over them all and alter them one at a time.

- I think that an API of this nature should be better integrated into the 
existing Traffic Server API. For example, it would be useful to manipulate the 
SSL context at session creating time.

There's some more ideas for a SSL API in TS-1584 and TS-2210

> Add an API to expose SSL_CTX for applications
> ---------------------------------------------
>
>                 Key: TS-2437
>                 URL: https://issues.apache.org/jira/browse/TS-2437
>             Project: Traffic Server
>          Issue Type: Task
>          Components: SSL
>            Reporter: Wei Sun
>            Assignee: James Peach
>             Fix For: 4.2.0
>
>         Attachments: TS-2437.diff
>
>
> It'll be good to add an API to expose all the SSL_CTXs, so that plugins can 
> manipulate their specific ssl settings / call back, etc. 



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to