I'm trying to port a module from NSAPI to apache2. What it basically does
is authenticates the client based on the client-supplied certificate
given during SSL negotiation. I've read this:
http://httpd.apache.org/docs/2.0/developer/
and now I'm just confused. So, some questions, in no particular order:
Is there sane documentation of the 2.0 API, or do I need to read the
source for everything?
If not, what sources should I be reading?
What hook should I be hooking into to do the auth? How?
Is there a good way to extract the entire client-provided certificate out
of mod_ssl?
Since the actual authentication is time-consuming, I need to cache
results. Since this cache needs to persist for the lifetime of the server
(child) and I'll need to discard stale entries, I assume I should be
building the cache on top of malloc/free and not any of the pools?
I'm calling into a non-threadsafe library, so I probably need to be
running under prefork? Or maybe i can use mutexes to serialize access to
the non-threadsafe lib?
Can I assume that any memory and fd init I (or the libs I call into) do in
the parent httpd will survive untouched into the children answering
requests? Even after the server runs for a while and does a reload,
killing and reforking the worker children?
Alexey
--
Is it safe?
I just want some smokes! <run outside> <catch fire>
