Re: [PATCH] canonical ssl server name and port

Ralf S. Engelschall Thu, 20 May 1999 06:30:37 -0700
On Wed, May 19, 1999, [EMAIL PROTECTED] wrote:

> This patch[1] adds two new directives, SSLServerName and SSLServerPort. The
> idea behind these two directives is to associate a SSL-aware Apache server,
> with a non SSL-aware Apache server. For example:
> 
> One could have in httpd.conf:
> 
>         Listen 80
>         Listen 443
> 
>         SSLServerName ssl.foobar.org
>         SSLServerPort 443
> 
>         <VirtualHost ssl.foobar.org:443>
>         SSLEngine On
>         [...other directives...]
>         </VirtualHost>
> 
>         <VirtualHost www.xyzzy.com:80>
>         SSLServerName ssl.xyzzy.com
>         SSLServerPort 443
>         [...other directives...]
>         </VirtualHost>
> 
>         <VirtualHost ssl.xyzzy.com:443>
>         SSLEngine On
>         [...other directives...]
>         </VirtualHost>
> 
> Then you could write a module[2] that could, when necessary, redirect to an 
> appropriate SSL-aware server whenever SSL is required. No, this will not
> work with name-based virtual hosts.
> 
> If this patch is accepted, I'd be happy to follow up with documentation.

My problem with this patch is that it adds two additional directives, although
both do (mainly) nothing more than set variables. I'm not sure whether I
really understand the situation (feel free to change this), so this might be
still my problem. But all you seem to achieve is to be able to find out in a
module the name and port of the corresponding SSL server. Fine, two comments:

1. When this is a separate module which does the redirect and 
   mod_ssl does nothing more with the variables than just implement them, it
   would be more clean to implement the two directives directly in your own
   module where you do the redirects.

2. I'm still not convinced whether it's necessary to implement this
   stuff with two new directives. All you need is a way to set server/port and
   fetch these values later. Why not use this:

     Listen 80
     Listen 443

     SetEnv SSLServerName ssl.foobar.org
     SetEnv SSLServerPort 443

     <VirtualHost ssl.foobar.org:443>
     SSLEngine On
     [...other directives...]
     </VirtualHost>

   and then use r->subprocess_env in a Fixup handler to test the values and do
   the redirect. Ok, I know you want to do the redirect earlier. But when you
   insist on this you can still implement the two directives yourself in your
   own module.  The relationship to mod_ssl seems to be just logically, but
   not physically. And as I said, when you do the redirect in an own module it
   would be more clean to set the vars there, too.

                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
Re: [PATCH] canonical ssl server name and port

Reply via email to
