On Tue, Sep 20, 2005 at 05:32:32PM +0200, Martin Kraemer wrote:
> On Tue, Sep 20, 2005 at 12:12:53PM +0100, Joe Orton wrote:
> > >
> > > I haven't traced it: why is match_headers too early?
> >
> > match_headers is a header_parser hook, and header_parser hooks run
> > before auth hooks in reque
On Tue, Sep 20, 2005 at 12:12:53PM +0100, Joe Orton wrote:
> If this were e.g. a
> mod_rewrite extension instead it would work correctly for per-dir rules
> since mod_rewrite per-dir rules are processed in a fixup hook - *after*
> the auth hooks.
So, on a time scale,
1. mod_setenvif sets an e
On Tue, Sep 20, 2005 at 12:12:53PM +0100, Joe Orton wrote:
> >
> > I haven't traced it: why is match_headers too early?
>
> match_headers is a header_parser hook, and header_parser hooks run
> before auth hooks in request processing; per-dir SSL negotiation is an
> auth hook.
>
> [...]
> It h
On Thu, Sep 15, 2005 at 04:30:50PM +0100, Joe Orton wrote:
>
> Can we just back out the mod_setenvif stuff from the trunk or is someone
> going to make it work BTW?
Uhm. Strange. Back at the 'Con, I tested my committed changes with a
configuration like:
SetEnvIf OID("2.16.840.1.113730.1.13") "(
On Tue, Sep 20, 2005 at 12:16:40PM +0200, Martin Kraemer wrote:
> To recap the problem, Joe said:
> > there
> > seems to be a rather annoying fundamental problem: the match_headers
> > hooks runs too early to be useful for this when doing per-dir client
> > cert negotiation.
>
> I haven't traced i
On Fri, Sep 16, 2005 at 09:56:25AM +0100, David Reid wrote:
> > Can we just back out the mod_setenvif stuff from the trunk or is someone
> > going to make it work BTW?
>
> I didn't add the code, but unless it works then I'm +1 on it's removal.
> That said, Dirk claims it works for him, so I'd be
Joe Orton wrote:
> On Wed, Sep 14, 2005 at 11:11:44PM +0100, David Reid wrote:
>
>>OK, then what about the below.
>
>
> Looks good, +1 with just one nit - it's OK to presume that
> apr_array_make always succeeds. Thanks David :) (+1 for 2.2.x too)
I'll make that small change then commit.
> C
On Wed, Sep 14, 2005 at 11:11:44PM +0100, David Reid wrote:
> OK, then what about the below.
Looks good, +1 with just one nit - it's OK to presume that
apr_array_make always succeeds. Thanks David :) (+1 for 2.2.x too)
Can we just back out the mod_setenvif stuff from the trunk or is someone
go
Joe Orton wrote:
> On Mon, Sep 12, 2005 at 04:02:02PM +0100, David Reid wrote:
>
>>Following the comments from Joe, here is a revised patch that should
>>work better :-) I've tried to add a sensible comment about why we have
>>both functions listed.
>
>
> "OpenSSL... isn't up to much" isn't real
On Mon, Sep 12, 2005 at 04:02:02PM +0100, David Reid wrote:
> Following the comments from Joe, here is a revised patch that should
> work better :-) I've tried to add a sensible comment about why we have
> both functions listed.
"OpenSSL... isn't up to much" isn't really very helpful (or sensible)
Following the comments from Joe, here is a revised patch that should
work better :-) I've tried to add a sensible comment about why we have
both functions listed.
It removes the nastiness of the len pointer and also converts the
extlist fucntion to simply call into ssl_ext_lookup.
I've changed th
11 matches
Mail list logo