Re: Bug#139710: first version of https support available
On Thu, 4 Apr 2002, Jason Gunthorpe wrote:
>
> On Fri, 5 Apr 2002, Tomas Pospisek wrote:
>
> > Which means that finally the ifdefs will be transformed in ifs and ww'll
> > have f.ex. in HttpMethod::Loop:
> >
> > // Connect to the host
> > if(Server->Open() == false)
> > {
> > [...]
> > }
> > if (https && ConnectSSL(ServerFd,&ctx) == false) {
> > [...]
> > }
>
> Well, you'd probably want to just absorbe the connectssl stuff into the
> circlebuf constructor, and replace the tail end of the ::Open method with
> creating the right circlebuf for later use.
>
> Actually, the overall scheme ensures that a single process will never
> change methods, seperate processes will be used for http and https always.
> So you just need to create the right circlebuf at the start of time and
> change Reset to reload the fd and do the SSL negotiations.
Erm... but the way it's implemented now, the "internet connection" is
being kept in ServerState in ServerFd (IMO rightly so). Every time you
call CircleBuf.Write or .Read you pass CircleBuf the internet connection
(ServerFd) to write in it/to read from along.
Now technically Ssl sits on top of that internet connection. We are
actually making an SSL-encrypted tunnel over that internet connection
(ServerFd).
So IMO it would be natural to put that Ssl handle at the same place where
ServerFd resides, and either pass it on to CircleBufSSL or CircleBufSSL'd
need a way to grab it from there (the later is turning the idea of
abstracting things into separate classes ad absurdum).
Your proposition is now, to put that Ssl handle into CircleBuf.
That's not a problem from a technical viewpoint. But from a design
or from a common sense viewpoint it's IMHO completely upside down.
Of course we han make *two* Ssl connection over that ServerFd and so keep
one in ServerState.(CircleBuf)In and the other in Out. But again this is
IMO very counter-intuitive and also I'm really not sure that all webserver
designers have taken into account such hacks and that it will work.
Another Idea would be not to pass FileDescriptors between the classes, but
to abstract this into a "Connection" from where the method has to extract
the Fd or the Ssl Handle.
Since this seems pretty obvious to me and what I understand from your
ideas feels a bit bizzare to me, it makes me doubt that I really do
understanding your vision. Would you mind to meet on IRC or I plain
call you on the phone so we can finalize the design issue and I can
implement whatever we agree on? It's Fri, 5 Apr 2002 12:50:15 +0200 here
right now, so I'd suggest in like two hours from now.
?
> > clog("Https method unavailable - APT was not linked against openssl");
>
> Since the https method will be a seperate binary it is sufficient to just
> ignore this. The only ifdef should be in the creation of the right
> circlebuf.
>
> Heck, because of that you could just use a -DCIRCLEBUF=CircleBufSSL to do
> the switching <shrug>.
Yes.
*t
-----------------------------------------------------------------------
Tomas Pospisek
Infinite Justice for the World:
http://www.heise.de/tp/deutsch/inhalt/co/11621/11621_2.jpg
------------------------------------------------------------------------
--
To UNSUBSCRIBE, email to deity-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: