You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modules-dev@httpd.apache.org by Daniil A Megrabjan <da...@gmail.com> on 2012/03/05 22:34:49 UTC
mod_ssl ignores connection->aborted & eos_sent
Hello,
I'm writing a module which serves a special URL.
In cases when URL-string matches the special pattern my module sends the connection(SCM_RIGHTS) between HTTP client and Apache to another process. Furthermore, Apache child has been told to forget about this connection in this way:
r->connection->aborted = 1;
r->eos_sent = 1;
After that my process communicates with HTTP-client by itself without Apache's assistance.
Everything is fine with this scheme inside basic HTTP, but when I'm switching to HTTPS I can guess that mod_ssl ignores "aborted" and "eos_sent" properties and eventually drops the connection.
How to persuade mod_ssl not to touch the connection?
Thank you in advance.
Dani.
Re: mod_ssl ignores connection->aborted & eos_sent
Posted by Ben Noordhuis <in...@bnoordhuis.nl>.
On Tue, Mar 6, 2012 at 13:27, Daniil A Megrabjan
<da...@gmail.com> wrote:
> Anyway, as far as I understood I'm not allowed to change the default
> behavior of mod_ssl. In this case there is the other question - how to
> register my hook to be really before mod_ssl? and even if request has
> been received on 443 TCP port process the request as usual HTTP.
>
> Something like:
> *
> *
> *static* *const* *char* * *const* aszPre[] = { "mod_ssl.c", NULL };
>
> ap_hook_handler(ixcell_init_handler, aszPre, NULL, APR_HOOK_REALLY_FIRST);
>
> doesn't help.
Try ap_hook_pre_connection().
Re: mod_ssl ignores connection->aborted & eos_sent
Posted by Daniil A Megrabjan <da...@gmail.com>.
>
> > I'm writing a module which serves a special URL.
> > In cases when URL-string matches the special pattern my module sends the
> connection(SCM_RIGHTS) between HTTP client and Apache to another process.
> Furthermore, Apache child has been told to forget about this connection in
> this way:
> > r->connection->aborted = 1;
> > r->eos_sent = 1;
> >
> > After that my process communicates with HTTP-client by itself without
> Apache's assistance.
> >
> > Everything is fine with this scheme inside basic HTTP, but when I'm
> switching to HTTPS I can guess that mod_ssl ignores "aborted" and
> "eos_sent" properties and eventually drops the connection.
> >
> > How to persuade mod_ssl not to touch the connection?
>
> I don't think you can - or should. How will you decrypt the traffic?
> The SSL/TLS session parameters are private to mod_ssl.
>
Frankly speaking, not sure, but I hope that I am able to decrypt the
traffic in my process with libssl.
Anyway, as far as I understood I'm not allowed to change the default
behavior of mod_ssl. In this case there is the other question - how to
register my hook to be really before mod_ssl? and even if request has
been received on 443 TCP port process the request as usual HTTP.
Something like:
*
*
*static* *const* *char* * *const* aszPre[] = { "mod_ssl.c", NULL };
ap_hook_handler(ixcell_init_handler, aszPre, NULL, APR_HOOK_REALLY_FIRST);
doesn't help.
Cheers!
Dani.
Re: mod_ssl ignores connection->aborted & eos_sent
Posted by Ben Noordhuis <in...@bnoordhuis.nl>.
On Mon, Mar 5, 2012 at 22:34, Daniil A Megrabjan
<da...@gmail.com> wrote:
> Hello,
>
> I'm writing a module which serves a special URL.
> In cases when URL-string matches the special pattern my module sends the connection(SCM_RIGHTS) between HTTP client and Apache to another process. Furthermore, Apache child has been told to forget about this connection in this way:
> r->connection->aborted = 1;
> r->eos_sent = 1;
>
> After that my process communicates with HTTP-client by itself without Apache's assistance.
>
> Everything is fine with this scheme inside basic HTTP, but when I'm switching to HTTPS I can guess that mod_ssl ignores "aborted" and "eos_sent" properties and eventually drops the connection.
>
> How to persuade mod_ssl not to touch the connection?
I don't think you can - or should. How will you decrypt the traffic?
The SSL/TLS session parameters are private to mod_ssl.