IIS (and IPlanet) has built-in SSL support, no extra modules needed. I
haven't looked up the source since they both set HTTPS=on at an early stage
and everything worked fine, so I'm not sure on what's happening under the
hood. Sorry.
A module in IIS gets a session object (PHTTP_FILTER_CONTEXT), where you just
read the attribute fIsSecurePort. And that really should be the case with
Apache as well, but different SSL implementations handles this in different
ways.
Regards,
Manne Anliot.
-----Original Message-----
From: Owen Boyle [mailto:[EMAIL PROTECTED]]
Sent: den 3 april 2001 11:09
To: [EMAIL PROTECTED]
Subject: Re: SSL validation [solved]
Manne Anliot wrote:
>
> Someone proposed to just parse https from the uri. I can't see how that is
> possible since the webserver only gets "GET /yadda.html HTTP/1.1" from the
> client.
Oops - that was me. I wasn't thinking too straight and confused the
"referer" with the uri (the referer field is obviously not much use). I
know what you mean though - you want a variable that gets set early in
the negotiation that declares the session as SSL... But SSL takes some
time to set up. The client has to accept the certificate, extract the
public key, negotiate a cipher, encrypt and send off the session key
then the server has to decrypt it and confirm. Only then is SSL truly
enabled.
How does IIS decide that SSL is on?
Rgds,
Owen Boyle
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
