Re: [PATCH] mod_ssl APIs to allow implementation of Certificate Transparency as a separate mod

On Mon, Apr 14, 2014 at 11:29 AM, Joe Orton wrote: > On Mon, Apr 14, 2014 at 08:32:18AM -0400, Jeff Trawick wrote: > > FWIW, I think it is reasonable to say "This *is* a private mod_ssl > > interface for the purposes of introducing some modularity within this > > particular SSL/TLS implementation

Re: [PATCH] mod_ssl APIs to allow implementation of Certificate Transparency as a separate mod

On Mon, Apr 14, 2014 at 08:32:18AM -0400, Jeff Trawick wrote: > FWIW, I think it is reasonable to say "This *is* a private mod_ssl > interface for the purposes of introducing some modularity within this > particular SSL/TLS implementation, and these interfaces aren't intended for > third-party modu

Re: [PATCH] mod_ssl APIs to allow implementation of Certificate Transparency as a separate mod

On Mon, Apr 14, 2014 at 8:14 AM, Graham Leggett wrote: > On 14 Apr 2014, at 2:03 PM, Joe Orton wrote: > > > Interesting stuff! > > > > I do think it is preferable to keep mod_ssl.h toolkit-agnostic. > > +1. > > > Because > > the API you are adding is not indended to be "private", I'd suggest >

Re: [PATCH] mod_ssl APIs to allow implementation of Certificate Transparency as a separate mod

On Mon, Apr 14, 2014 at 8:03 AM, Joe Orton wrote: > On Sat, Apr 12, 2014 at 09:00:08AM -0400, Jeff Trawick wrote: > > So... Concerns? Suggestions? Etc.? Speak up, or forever* ask me to > fix > > it after committing ;) (*Let's not be ridiculous though) > > Interesting stuff! > > I do think it

Re: [PATCH] mod_ssl APIs to allow implementation of Certificate Transparency as a separate mod

On 14 Apr 2014, at 2:03 PM, Joe Orton wrote: > Interesting stuff! > > I do think it is preferable to keep mod_ssl.h toolkit-agnostic. +1. > Because > the API you are adding is not indended to be "private", I'd suggest > mod_ssl_openssl.h or something like that instead. Pass what you need a

Re: [PATCH] mod_ssl APIs to allow implementation of Certificate Transparency as a separate mod

On Sat, Apr 12, 2014 at 09:00:08AM -0400, Jeff Trawick wrote: > So... Concerns? Suggestions? Etc.? Speak up, or forever* ask me to fix > it after committing ;) (*Let's not be ridiculous though) Interesting stuff! I do think it is preferable to keep mod_ssl.h toolkit-agnostic. Because the A

[PATCH] mod_ssl APIs to allow implementation of Certificate Transparency as a separate mod

http://people.apache.org/~trawick/httpd-ct.patch Here is the documentation for the new hooks, annotated with an idea of what mod_ssl_ct does with them: /** * init_server hook -- allow SSL_CTX-specific initialization to be performed by * a module for each SSL-enabled server (one at a time) * @p