Joe Orton wrote:
On Thu, Mar 19, 2009 at 04:36:42PM -0400, Jeff Trawick wrote:
Beyond the mod_authany question, why doesn't mod_ssl declare its check user
id hook really-first if it can generate the basic auth? (Let the extremely
limited number of modules which generate basic auth headers fight it out via
predecessor/successor lists.)
I doubt much thought has gone into it.
Since, as you say, all the FakeBasic code needs to happen before the
real check_user_id hooks run, I'd reckon it would make more sense to
move it to e.g. the post_read_request hook (ssl_hook_ReadReq), rather
than trying harder to win the hook ordering game?
For that matter, why does SSLRequire still exist? Has nothing to do at
all with SSL ;-) Perhaps it's time to start doing what Mr Laurie wanted
to accomplish in the first place, and (saving functionality elsewhere)
pare mod_ssl to the bone of what it is meant to do? socache was a good
start, obviously :)
