mod_ssl ignores connection->aborted & eos_sent

[Daniil A Megrabjan <da...@gmail.com>]

Hello, 

I'm writing a module which serves a special URL. 
In cases when URL-string matches the special pattern my module sends the connection(SCM_RIGHTS) between HTTP client and Apache to another process. Furthermore, Apache child has been told to forget about this connection in this way:
r->connection->aborted = 1;
r->eos_sent = 1;

After that my process communicates with HTTP-client by itself without Apache's assistance.

Everything is fine with this scheme inside basic HTTP, but when I'm switching to HTTPS I can guess that mod_ssl ignores "aborted" and "eos_sent" properties and eventually drops the connection.

How to persuade mod_ssl not to touch the connection?

Thank you in advance.

Dani.

Re: mod_ssl ignores connection->aborted & eos_sent

[Ben Noordhuis <in...@bnoordhuis.nl>]

On Tue, Mar 6, 2012 at 13:27, Daniil A Megrabjan
<da...@gmail.com> wrote:
> Anyway, as far as I understood I'm not allowed to change the default
> behavior of mod_ssl. In this case there is the other question -  how to
> register my hook to be really before  mod_ssl? and even if request has
> been received on 443 TCP port process the request as usual HTTP.
>
> Something like:
> *
> *
> *static* *const* *char* * *const* aszPre[] = { "mod_ssl.c", NULL };
>
> ap_hook_handler(ixcell_init_handler, aszPre, NULL, APR_HOOK_REALLY_FIRST);
>
> doesn't help.

Try ap_hook_pre_connection().

Re: mod_ssl ignores connection->aborted & eos_sent

[Daniil A Megrabjan <da...@gmail.com>]

>
> > I'm writing a module which serves a special URL.
> > In cases when URL-string matches the special pattern my module sends the
> connection(SCM_RIGHTS) between HTTP client and Apache to another process.
> Furthermore, Apache child has been told to forget about this connection in
> this way:
> > r->connection->aborted = 1;
> > r->eos_sent = 1;
> >
> > After that my process communicates with HTTP-client by itself without
> Apache's assistance.
> >
> > Everything is fine with this scheme inside basic HTTP, but when I'm
> switching to HTTPS I can guess that mod_ssl ignores "aborted" and
> "eos_sent" properties and eventually drops the connection.
> >
> > How to persuade mod_ssl not to touch the connection?
>
> I don't think you can - or should. How will you decrypt the traffic?
> The SSL/TLS session parameters are private to mod_ssl.
>

Frankly speaking, not sure, but I hope that I am able to decrypt the
traffic in my process with libssl.
Anyway, as far as I understood I'm not allowed to change the default
behavior of mod_ssl. In this case there is the other question -  how to
register my hook to be really before  mod_ssl? and even if request has
been received on 443 TCP port process the request as usual HTTP.

Something like:
*
*
*static* *const* *char* * *const* aszPre[] = { "mod_ssl.c", NULL };

ap_hook_handler(ixcell_init_handler, aszPre, NULL, APR_HOOK_REALLY_FIRST);

doesn't help.

Cheers!

Dani.

Re: mod_ssl ignores connection->aborted & eos_sent

[Ben Noordhuis <in...@bnoordhuis.nl>]

On Mon, Mar 5, 2012 at 22:34, Daniil A Megrabjan
<da...@gmail.com> wrote:
> Hello,
>
> I'm writing a module which serves a special URL.
> In cases when URL-string matches the special pattern my module sends the connection(SCM_RIGHTS) between HTTP client and Apache to another process. Furthermore, Apache child has been told to forget about this connection in this way:
> r->connection->aborted = 1;
> r->eos_sent = 1;
>
> After that my process communicates with HTTP-client by itself without Apache's assistance.
>
> Everything is fine with this scheme inside basic HTTP, but when I'm switching to HTTPS I can guess that mod_ssl ignores "aborted" and "eos_sent" properties and eventually drops the connection.
>
> How to persuade mod_ssl not to touch the connection?

I don't think you can - or should. How will you decrypt the traffic?
The SSL/TLS session parameters are private to mod_ssl.