[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-users
Subject: Re: [users@httpd] SSL hooks
From: Luca Toscano <toscano.luca () gmail ! com>
Date: 2017-10-19 9:51:24
Message-ID: CAFedD42+PUKcG+jsS2JuSOXC2gbDhgdKOhVuoMej_wyFHe3K6Q () mail ! gmail ! com
[Download RAW message or body]
Hi,
2017-10-19 1:06 GMT+02:00 Adi Mallikarjuna Reddy V <
adimallikarjunareddy@gmail.com>:
> Hi
>
> I am looking at this file https://github.com/apache/httpd/blob/trunk/
> modules/ssl/mod_ssl_openssl.h and see that there are 3 hooks defined for
> handling SSL connections. Are these available for modules/handlers to use?
>
> Can my module register to thees hooks and manipulate SSL context?
>
>
From the git blame:
https://github.com/apache/httpd/commit/6fd55ccc770c5b898d0c612584c9eedf8a8c5378#diff-8517096c9c992f986d308655575f8e7d
"mod_ssl: Add hooks to allow other modules to perform processing at
several stages of initialization and connection handling. See
mod_ssl_openssl.h.
This is enough to allow implementation of Certificate Transparency
outside of mod_ssl."
So I'd say yes, but bare in mind that those hooks are executed way before
the (content) handler. I'd suggest to play with them and figure out if they
are enough for your needs. mod_md (https://github.com/icing/mod_md) could
also be a module to take as example for mod_ssl interactions.
Hope that helps!
Luca
[Attachment #3 (text/html)]
<div dir="ltr">Hi,<div class="gmail_extra"><br><div class="gmail_quote">2017-10-19 \
1:06 GMT+02:00 Adi Mallikarjuna Reddy V <span dir="ltr"><<a \
href="mailto:adimallikarjunareddy@gmail.com" \
target="_blank">adimallikarjunareddy@gmail.com</a>></span>:<br><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi<div><br></div><div>I am looking \
at this file <a href="https://github.com/apache/httpd/blob/trunk/modules/ssl/mod_ssl_openssl.h" \
target="_blank">https://github.com/<wbr>apache/httpd/blob/trunk/<wbr>modules/ssl/mod_ssl_openssl.h</a> \
and see that there are 3 hooks defined for handling SSL connections. Are these \
available for modules/handlers to use?</div><div><br></div><div>Can my module \
register to thees hooks and manipulate SSL \
context?</div><div><br></div></div></blockquote><div><br></div><div>From the git \
blame: <a href="https://github.com/apache/httpd/commit/6fd55ccc770c5b898d0c612584c9ee \
df8a8c5378#diff-8517096c9c992f986d308655575f8e7d">https://github.com/apache/httpd/comm \
it/6fd55ccc770c5b898d0c612584c9eedf8a8c5378#diff-8517096c9c992f986d308655575f8e7d</a></div><div><br></div><div>"mod_ssl: \
Add hooks to allow other modules to perform processing at</div><div>several stages of \
initialization and connection handling. \
See</div><div>mod_ssl_openssl.h.</div><div><br></div><div>This is enough to allow \
implementation of Certificate Transparency</div><div>outside of \
mod_ssl."</div><div><br></div><div>So I'd say yes, but bare in mind that \
those hooks are executed way before the (content) handler. I'd suggest to play \
with them and figure out if they are enough for your needs. mod_md (<a \
href="https://github.com/icing/mod_md">https://github.com/icing/mod_md</a>) could \
also be a module to take as example for mod_ssl \
interactions.</div><div><br></div><div>Hope that \
helps!</div><div><br></div><div>Luca</div></div></div></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic