help porting module

[Alexey Toptygin <al...@freeshell.org>]

I'm trying to port a module from NSAPI to apache2. What it basically does 
is authenticates the client based on the client-supplied certificate 
given during SSL negotiation. I've read this:

http://httpd.apache.org/docs/2.0/developer/

and now I'm just confused. So, some questions, in no particular order:

Is there sane documentation of the 2.0 API, or do I need to read the 
source for everything?

If not, what sources should I be reading?

What hook should I be hooking into to do the auth? How?

Is there a good way to extract the entire client-provided certificate out 
of mod_ssl?

Since the actual authentication is time-consuming, I need to cache 
results. Since this cache needs to persist for the lifetime of the server 
(child) and I'll need to discard stale entries, I assume I should be 
building the cache on top of malloc/free and not any of the pools?

I'm calling into a non-threadsafe library, so I probably need to be 
running under prefork? Or maybe i can use mutexes to serialize access to 
the non-threadsafe lib?

Can I assume that any memory and fd init I (or the libs I call into) do in 
the parent httpd will survive untouched into the children answering 
requests? Even after the server runs for a while and does a reload, 
killing and reforking the worker children?

 			Alexey
--
Is it safe?
I just want some smokes! <run outside> <catch fire>