Re: bozohttpd support for SNI

2016-09-30 Thread Thor Lancelot Simon 
On Fri, Sep 30, 2016 at 04:45:10PM -0400, matthew sporleder wrote:
> 
> bozo is growing features pretty quickly as netbsd keeps trying to use it to
> do actual stuff(tm).  :)

I'd prefer to see a lot of the complex functionality in bozo split out into
helper programs.

This feature, in particular, along with the rest of bozo's SSL handling, could
go in something like pound -- except that pound is GPL.  The helper could
communicate with bozo on an AF_UNIX socket.

Experience from a past life tells me such a program would take about two days
to write, would leave me owing dyoung about six dinners for debugging, and
would be about 1500 lines long.

-- 
  Thor Lancelot Simont...@panix.com

"The dirtiest word in art is the C-word.  I can't even say 'craft'
 without feeling dirty."-Chuck Close

Re: bozohttpd support for SNI

2016-09-30 Thread matthew sporleder 
On Fri, Sep 30, 2016 at 4:43 PM, Alistair Crooks  wrote:

> Personally, I'd love to have support for SNI (and multiple -Z paths
> per site too) - I'd use it daily.
>
> In fact, I was just bemoaning that fact yesterday, but am not
> best-placed to do anything about it right now (yes, I suck :()
>
> Best,
> Alistair
>
> On 30 September 2016 at 13:37, J. Lewis Muir  wrote:
> > Hello!
> >
> > Does bozohttpd in NetBSD (7 or current) support SNI (Server Name
> > Identification) such that multiple SSL sites can be served from one
> > HTTPS server?  If not, what is NetBSD's position on the feature: is it
> > "we're open to accepting a quality patch," or is it more "we'd rather
> > not add the feature; it's better to just use separate server instances
> > on separate IP addresses; we're trying to keep with bozohttpd's main
> > feature as stated on its website which is 'the lack of features,
> > reducing the code size and improving verifiability'"?
> >
> > Thanks!
> >
> > Lewis
> >
>

bozo is growing features pretty quickly as netbsd keeps trying to use it to
do actual stuff(tm).  :)

Re: bozohttpd support for SNI

2016-09-30 Thread Alistair Crooks 
Personally, I'd love to have support for SNI (and multiple -Z paths
per site too) - I'd use it daily.

In fact, I was just bemoaning that fact yesterday, but am not
best-placed to do anything about it right now (yes, I suck :()

Best,
Alistair

On 30 September 2016 at 13:37, J. Lewis Muir  wrote:
> Hello!
>
> Does bozohttpd in NetBSD (7 or current) support SNI (Server Name
> Identification) such that multiple SSL sites can be served from one
> HTTPS server?  If not, what is NetBSD's position on the feature: is it
> "we're open to accepting a quality patch," or is it more "we'd rather
> not add the feature; it's better to just use separate server instances
> on separate IP addresses; we're trying to keep with bozohttpd's main
> feature as stated on its website which is 'the lack of features,
> reducing the code size and improving verifiability'"?
>
> Thanks!
>
> Lewis
>

bozohttpd support for SNI

2016-09-30 Thread J. Lewis Muir 
Hello!

Does bozohttpd in NetBSD (7 or current) support SNI (Server Name
Identification) such that multiple SSL sites can be served from one
HTTPS server?  If not, what is NetBSD's position on the feature: is it
"we're open to accepting a quality patch," or is it more "we'd rather
not add the feature; it's better to just use separate server instances
on separate IP addresses; we're trying to keep with bozohttpd's main
feature as stated on its website which is 'the lack of features,
reducing the code size and improving verifiability'"?

Thanks!

Lewis