Re: bozohttpd support for SNI

2016-09-30 Thread Thor Lancelot Simon 
On Fri, Sep 30, 2016 at 04:45:10PM -0400, matthew sporleder wrote:
> 
> bozo is growing features pretty quickly as netbsd keeps trying to use it to
> do actual stuff(tm).  :)

I'd prefer to see a lot of the complex functionality in bozo split out into
helper programs.

This feature, in particular, along with the rest of bozo's SSL handling, could
go in something like pound -- except that pound is GPL.  The helper could
communicate with bozo on an AF_UNIX socket.

Experience from a past life tells me such a program would take about two days
to write, would leave me owing dyoung about six dinners for debugging, and
would be about 1500 lines long.

-- 
  Thor Lancelot Simont...@panix.com

"The dirtiest word in art is the C-word.  I can't even say 'craft'
 without feeling dirty."-Chuck Close

Re: bozohttpd support for SNI

2016-09-30 Thread matthew sporleder 
On Fri, Sep 30, 2016 at 4:43 PM, Alistair Crooks  wrote:

> Personally, I'd love to have support for SNI (and multiple -Z paths
> per site too) - I'd use it daily.
>
> In fact, I was just bemoaning that fact yesterday, but am not
> best-placed to do anything about it right now (yes, I suck :()
>
> Best,
> Alistair
>
> On 30 September 2016 at 13:37, J. Lewis Muir  wrote:
> > Hello!
> >
> > Does bozohttpd in NetBSD (7 or current) support SNI (Server Name
> > Identification) such that multiple SSL sites can be served from one
> > HTTPS server?  If not, what is NetBSD's position on the feature: is it
> > "we're open to accepting a quality patch," or is it more "we'd rather
> > not add the feature; it's better to just use separate server instances
> > on separate IP addresses; we're trying to keep with bozohttpd's main
> > feature as stated on its website which is 'the lack of features,
> > reducing the code size and improving verifiability'"?
> >
> > Thanks!
> >
> > Lewis
> >
>

bozo is growing features pretty quickly as netbsd keeps trying to use it to
do actual stuff(tm).  :)

Re: bozohttpd support for SNI

2016-09-30 Thread Alistair Crooks 
Personally, I'd love to have support for SNI (and multiple -Z paths
per site too) - I'd use it daily.

In fact, I was just bemoaning that fact yesterday, but am not
best-placed to do anything about it right now (yes, I suck :()

Best,
Alistair

On 30 September 2016 at 13:37, J. Lewis Muir  wrote:
> Hello!
>
> Does bozohttpd in NetBSD (7 or current) support SNI (Server Name
> Identification) such that multiple SSL sites can be served from one
> HTTPS server?  If not, what is NetBSD's position on the feature: is it
> "we're open to accepting a quality patch," or is it more "we'd rather
> not add the feature; it's better to just use separate server instances
> on separate IP addresses; we're trying to keep with bozohttpd's main
> feature as stated on its website which is 'the lack of features,
> reducing the code size and improving verifiability'"?
>
> Thanks!
>
> Lewis
>