From: "Ryan Morgan" <[EMAIL PROTECTED]>
Sent: Thursday, November 15, 2001 12:10 AM


> I just noticed that both the SSL filter and the CORE output filter have
> the same filter type of AP_FTYPE_NETWORK.. Is this intended?  It causes
> an ordering problem since we must insert the SSL filter before the CORE
> output filter. (since the SSL filter relies on CORE to send the data)
> 
> If a module wants to remove the SSL filter, then add it later that module
> must remove the core output filter, then add ssl, then add the core again.
> 
> This is a problem with protocols that allow a user to connect w/o ssl,
> then start ssl later on during the same connection.


All of the above sound correct.

> It looks to me that we should register it as FTYPE_NETWORK-1 since 
> FTYPE_CONNECTION filters are not allowed in a subrequest.


Well, more properly, FTYPE_CONNECTION filters are reset for subrequests.

> There is also a note in util_filter.h that says NETWORK filters do not
> modify content, but the SSL filter obviously does.

No, not really.  The content remains identical, simply unencrypted.  From
http's perspective, the content is 'right' (it matches the headers provided,
including the CONTENT_LENGTH, etc.)  Content filters may then munge the data,
making it inconsistent with the client-supplied headers.

Bill

Reply via email to