On Tue, Feb 18, 2014 at 3:50 PM, Scott Deboy <[email protected]>wrote:
> Hi folks, > > I was wondering if someone would be willing/interested in reviewing the > patch I've attached to issue 55467. > > https://issues.apache.org/bugzilla/show_bug.cgi?id=55467 > > The patch adds hooks to mod_ssl which give third-party modules the ability > to send and receive custom TLS hello extensions TLS supplemental data. It > also gives third-party modules the ability to trigger renegotiation. It > leverages APIs recently added to OpenSSL master and 1.0.2 stable branches. > > Any feedback is appreciated! > > Any thoughts out there on passing SSL* to the hook as void* as in the patch? I've been experimenting with some hooks to enable Certificate Transparency in a module, and it seemed feasible to me to let mod_ssl.h own the job of getting the right headers included in order to specify the right OpenSSL datatype on the API. Is that asking for trouble? If building with OpenSSL < 1.0.2, the affected optional hooks shouldn't be available. I anticipate syncing my CT code with the pieces for SSL_CTX_set_custom_cli_ext()/SSL_CTX_set_custom_srv_ext() and committing the relevant parts of your patch (not that the rest is much different). Hopefully some "genuine" mod_ssl developers will render an opinion on placement and any other details. > Thanks much, > > Scott > > On Feb 6, 2014, at 2:20 PM, Scott Deboy <[email protected]> wrote: > > > Support for sending and receiving TLS hello extensions and TLS > supplemental data messages has recently been added to the OpenSSL GitHub > master branch. > > > > I've submitted a patch to mod_ssl which allows third-party modules to > send and receive TLS hello extensions and TLS supplemental data via > optional hooks and functions. > > > > The patch can be found here: > https://issues.apache.org/bugzilla/show_bug.cgi?id=55467 > > > > I'm happy to update the patch based on feedback. > > > > Thanks much, > > > > Scott Deboy > > > > -- Born in Roswell... married an alien... http://emptyhammock.com/ http://edjective.org/
