You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Adi Mallikarjuna Reddy V <ad...@gmail.com> on 2017/10/18 23:06:54 UTC

[users@httpd] SSL hooks

Hi

I am looking at this file
https://github.com/apache/httpd/blob/trunk/modules/ssl/mod_ssl_openssl.h
and see that there are 3 hooks defined for handling SSL connections. Are
these available for modules/handlers to use?

Can my module register to thees hooks and manipulate SSL context?


Thanks
Adi

Re: [users@httpd] SSL hooks

Posted by Luca Toscano <to...@gmail.com>.

Hi,

2017-10-19 1:06 GMT+02:00 Adi Mallikarjuna Reddy V <
adimallikarjunareddy@gmail.com>:

> Hi
>
> I am looking at this file https://github.com/apache/httpd/blob/trunk/
> modules/ssl/mod_ssl_openssl.h and see that there are 3 hooks defined for
> handling SSL connections. Are these available for modules/handlers to use?
>
> Can my module register to thees hooks and manipulate SSL context?
>
>
From the git blame:
https://github.com/apache/httpd/commit/6fd55ccc770c5b898d0c612584c9eedf8a8c5378#diff-8517096c9c992f986d308655575f8e7d

"mod_ssl: Add hooks to allow other modules to perform processing at
several stages of initialization and connection handling.  See
mod_ssl_openssl.h.

This is enough to allow implementation of Certificate Transparency
outside of mod_ssl."

So I'd say yes, but bare in mind that those hooks are executed way before
the (content) handler. I'd suggest to play with them and figure out if they
are enough for your needs. mod_md (https://github.com/icing/mod_md) could
also be a module to take as example for mod_ssl interactions.

Hope that helps!

Luca