[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-dev
Subject:    Re: [patch] Cleaning out my trees, proxy-ssl patch
From:       Ruediger Pluem <rpluem () apache ! org>
Date:       2007-10-25 18:48:37
Message-ID: 4720E505.3000003 () apache ! org
[Download RAW message or body]



On 10/25/2007 06:24 PM, William A. Rowe, Jr. wrote:
> Plüm wrote:
>> Sorry, but I do not get the purpose of this patch.
>> Why reading from our *client* (regardless if it is SSL or not)
>> when the backend is SSL?
> 
> The original flaw, maybe long gone, is that mod_ssl implementation was
> pull; on first read handshake would occur.  The INIT blocking-flag was
> added when Doug (IIRC) noted that mod_ftp couldn't simply write to the
> client, the handshake wouldn't run properly.
> 
> INIT let us do an initial pull from the client of nothing, soliciting
> the SSL handshake before Ftp Welcome.

Sorry for still being confused, but I don't get what this has to do with
the client when the backend is SSL. I would understand that something like
this is needed if the proxied backend is SSL or the connection to our client is SSL.
I don't get why I need to read also from a non SSL client if the the connection
to the backend is SSL. Just to avoid confusion with the terms:

Client (e.g. browser) <--> httpd (proxy / reverse proxy) <--> backend server

So reading from an SSL backend as the first thing might make sense (haven't
thought this out further.

Regards

Rüdiger

[prev in list] [next in list] [prev in thread] [next in thread]