RE: SSL validation

Mon, 09 Apr 2001 15:36:14 -0700 

> -----Original Message-----
> From: Harrington, Thomas [mailto:[EMAIL PROTECTED]]
> Sent: April 09, 2001 2:39 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: SSL validation
> 
> 
> > From: Hansknecht, Deborah A [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, April 02, 2001 8:44 AM
> > To: '[EMAIL PROTECTED]'
> > Subject: RE: SSL validation
> > 
> > 
> > In an authentication module, I wanted to be sure that the server was
> > properly configured before even trying to get the password 
> > (we *must* not
> > send our passwords unencrypted.) It may not be the best way 
> > or even solve
> > your problem, but I used the SSL ctx information:
> > 
> >    /* if we don't have an SSL connection, we're not even going
> >       to ask for the Kerberos Password, you can't get here 
> from there */
> >    ssl = ap_ctx_get(r->connection->client->ctx, "ssl");
> 
> This looks like it'll be useful to me, thanks a lot.  But one 
> thing I'm not
> yet clear on:  What's the difference would it make if you had 
> written the
> above like this:
> 
>       // Use request_rec's ctx
>       ssl = ap_ctx_get(r->ctx, "ssl");
> 
> Or this:
> 
>       // Use conn_rec's ctx
>       ssl = ap_ctx_get(r->connection->ctx, "ssl");
> 
> I don't yet understand when (or if) the SSL context is set on the
> request_rec or conn_rec, as opposed to the client field.  All 
> of them have a
> "ap_ctx *ctx" field, do all of them end up with "ssl" being set?
> 
> Thanks
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
> 

To be honest, I don't know if "ssl" gets set in the other contexts. I don't
think so. I haven't found it, but of course that doesn't mean it isn't
there. I know it DOES get set for the client->ctx. If you want to look at
it, it gets set in the ssl_hook_NewConnection function of
ssl_engine_kernel.c. That function gets invoked from the new_connection
function in http_main.c (not directly, it's one of the new_connection
hooks). I have not found any documentation that explicitly lists the
settings in the different contexts for mod-ssl (although give a pat on the
back to Ralf, because it is extremely well documented.)

Sorry, that's all I know. Hope it helps.

Deb

Deborah Hansknecht
Sandia National Laboratories
[EMAIL PROTECTED]
505 844-6532 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to