[prev in list] [next in list] [prev in thread] [next in thread] 

List:       perlbal
Subject:    Perbal and Stunnel
From:       aar () cpan ! org (Alessandro Ranellucci)
Date:       2006-01-16 18:47:55
Message-ID: r02010500-1038-7549450A86C011DAAE5B000393199010 () [192 ! 168 ! 1 ! 107]
[Download RAW message or body]

On 16-01-2006 at 18:32, Kevin Minnick wrote:

 >Yes, 100 different IP addresses.  We host SSL sites for many different
 >companies, each with their own SSL cert.

100 stunnel instances will work for sure. I don't know how does stunnel
scale, though, so it may also become a bottleneck. Maybe an SSL-enhanced
hardware load balancer would do that more nicely.

 >If mod_proxy supported an easy way (or any way) to:
 >1.  Detect a backend server failure
 >2.  Load Balance backend servers
 >I would use that since it does support SSL nicely.

What about mod_proxy > Perlbal > backends?

 >On a side note, I looked at the code for IO::Socket::SSL but I could
 >not figure out how to get passed the blocking issue, but I'm by no
 >means a skilled perl programmer.

The problem is not in IO::Socket::SSL and neither in Net::SSLeay, but is
in the OpenSSL libraries. That tiny SSL_accept() function in ssl_lib.c
is the blocking part, so I'm afraid that it would be quite impossible to
make that non-blocking by providing callbacks and so on.
I think that this task could be accomplished by a module silimiar to
IO::AIO, that is something with pthreads and a poll-like interface.
I haven't got no time to work on such a module, though :)

  - alessandro.

[prev in list] [next in list] [prev in thread] [next in thread]