You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Stefan Fritsch <sf...@sfritsch.de> on 2010/09/29 12:55:36 UTC
Making the ssl expr parser thread safe
Hi,
while looking if it would be possible to make an authz provider out of
SSLRequire, I noticed that the ssl expression parser isn't even thread
safe.
After quite some fiddling, I think I have successfully converted the
parser to be re-entrant. This requires bison instead of yacc (but the
generated code does not fall under the GPL so this should not be a
problem).
Most of the changes are rather mechanical, because the state needs to
be passed as parameters instead of being stored in global variables.
The diffs are at
http://people.apache.org/~sf/ssl_expr_source.diff
http://people.apache.org/~sf/ssl_expr_generated.diff
Is there anyone with yacc/bison/flex know how who wants to look at it?
Or do I just commit it? It compiles and passes the test suite.
Cheers,
Stefan
Re: Making the ssl expr parser thread safe
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On 9/29/2010 11:04 AM, Joe Orton wrote:
> On Wed, Sep 29, 2010 at 12:55:36PM +0200, Stefan Fritsch wrote:
>> Most of the changes are rather mechanical, because the state needs to
>> be passed as parameters instead of being stored in global variables.
>> The diffs are at
>>
>> http://people.apache.org/~sf/ssl_expr_source.diff
>> http://people.apache.org/~sf/ssl_expr_generated.diff
>>
>> Is there anyone with yacc/bison/flex know how who wants to look at it?
>> Or do I just commit it? It compiles and passes the test suite.
>
> That's awesome, commit away!
Amen - this is 10 years overdue :) Nice work!
Re: Making the ssl expr parser thread safe
Posted by Joe Orton <jo...@redhat.com>.
On Wed, Sep 29, 2010 at 12:55:36PM +0200, Stefan Fritsch wrote:
> Most of the changes are rather mechanical, because the state needs to
> be passed as parameters instead of being stored in global variables.
> The diffs are at
>
> http://people.apache.org/~sf/ssl_expr_source.diff
> http://people.apache.org/~sf/ssl_expr_generated.diff
>
> Is there anyone with yacc/bison/flex know how who wants to look at it?
> Or do I just commit it? It compiles and passes the test suite.
That's awesome, commit away!
Regards, Joe
ap_expr (was: Making the ssl expr parser thread safe)
Posted by Stefan Fritsch <sf...@sfritsch.de>.
On Friday 01 October 2010, Joe Orton wrote:
> The ap_expr API is still as fugly as when I reviewed it way back;
> lacks namespace-safety, lacks docs, exposure of parser internals
> is awful, etc. Is nobody planning to clean this up before 2.4?
I will look at it.
Re: Making the ssl expr parser thread safe
Posted by Joe Orton <jo...@redhat.com>.
On Wed, Sep 29, 2010 at 11:07:14PM +0200, Stefan Fritsch wrote:
> On Wednesday 29 September 2010, Nick Kew wrote:
> > It's been sitting in my to-do list to review mod_ssl's expression
> > parser, and see if we can't substitute ap_expr - with updates to
> > the latter if necessary.
> >
> > Any thoughts on whether that would work based on your look at it?
>
> From a technical point of view I see no reason why it would not work.
> But it would mean to either make the syntax of ap_expr match exactly
> the syntax of ssl_expr or to break backward compatibility in
> SSLRequire. I am not sure either makes sense.
>
> Maybe it would be better to keep both in 2.4 and throw out ssl_expr in
> 3.0?
"Require expr" is close enough to SSLRequire if ap_expr grew
documentation and SSL variable lookup, by the looks of it. The only
thing missing then is PeerExtList() which would make sense to do via
Lua, really; it's inflexible and awkward in SSLRequire already. I'd be
more than happy to see that done in 2.4.
The ap_expr API is still as fugly as when I reviewed it way back; lacks
namespace-safety, lacks docs, exposure of parser internals is awful,
etc. Is nobody planning to clean this up before 2.4?
Regards, Joe
Re: Making the ssl expr parser thread safe
Posted by Stefan Fritsch <sf...@sfritsch.de>.
On Wednesday 29 September 2010, Nick Kew wrote:
> It's been sitting in my to-do list to review mod_ssl's expression
> parser, and see if we can't substitute ap_expr - with updates to
> the latter if necessary.
>
> Any thoughts on whether that would work based on your look at it?
From a technical point of view I see no reason why it would not work.
But it would mean to either make the syntax of ap_expr match exactly
the syntax of ssl_expr or to break backward compatibility in
SSLRequire. I am not sure either makes sense.
Maybe it would be better to keep both in 2.4 and throw out ssl_expr in
3.0?
Re: Making the ssl expr parser thread safe
Posted by Nick Kew <ni...@webthing.com>.
On Wed, 29 Sep 2010 12:55:36 +0200
Stefan Fritsch <sf...@sfritsch.de> wrote:
> Hi,
>
> while looking if it would be possible to make an authz provider out of
> SSLRequire, I noticed that the ssl expression parser isn't even thread
> safe.
It's been sitting in my to-do list to review mod_ssl's expression
parser, and see if we can't substitute ap_expr - with updates to
the latter if necessary.
Any thoughts on whether that would work based on your look at it?
> http://people.apache.org/~sf/ssl_expr_source.diff
> http://people.apache.org/~sf/ssl_expr_generated.diff
>
> Is there anyone with yacc/bison/flex know how who wants to look at it?
> Or do I just commit it? It compiles and passes the test suite.
Not reviewed, but if you're happy with it, it should be fine for trunk
and presumably won't prejudice a possible switch to ap_expr one way or
another.
--
Nick Kew
Re: Making the ssl expr parser thread safe
Posted by Igor Galić <i....@brainsware.org>.
----- "Stefan Fritsch" <sf...@sfritsch.de> wrote:
> Hi,
>
> while looking if it would be possible to make an authz provider out of
a couple of weeks ago someone made such a request on #httpd, niq wanted
to take a look at it.. I wonder if this is it...
i
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/