Kewl. Less maintenance all around. Is the entire filter scheme doomed like
this though?
--
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-796-9023
email: [EMAIL PROTECTED]
> -----Original Message-----
> From: Ryan Bloom [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 28, 2001 1:58 AM
> To: [EMAIL PROTECTED]; Doug MacEachern
> Cc: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
> Subject: Re: mod_tls
>
>
> On Monday 27 August 2001 23:03, Doug MacEachern wrote:
> > On Thu, 23 Aug 2001, Ryan Bloom wrote:
> > > Because mod_ssl only implements the SSL wrapping for
> HTTP. The idea is
> > > that the filters go in mod_tls, and mod_ssl just has the
> logic to make
> > > the filters work for HTTP. That way, SSL can work with
> POP3, NNTP, and
> > > the proxy.
> >
> > i think mod_ssl should work with all protocols (it works
> with nntp right
> > now). mod_ssl provides features such as:
> > CRLs
> > session caching
> > per-location renegotation
> > SSLRequire
> > logging
> > var lookups
> > and so on that are not http specific.
> >
> > there is a bit more effort to get a protocol module such as
> nntp working
> > both with and without ssl. for example with nntp when the
> first client
> > connects it does not send a request (like http clients do),
> but awaits a
> > 200 - ready response. to work with ssl, an nntp protocol
> module needs to
> > first call get_brigade to trigger the initial ssl
> negotiation. but the
> > same issue is there with mod_tls. personally, i don't
> think its worth
> > the effort to maintain both mod_tls and mod_ssl. effort
> would be better
> > spent modularizing mod_ssl to support other protocols if needed.
>
> Cool, if this works, then we should just ditch mod_tls.
>
> Ryan
>
> ______________________________________________________________
> Ryan Bloom [EMAIL PROTECTED]
> Covalent Technologies [EMAIL PROTECTED]
> --------------------------------------------------------------
>
