[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] patch for https

Hi Nick,

Ok, I will consider your suggestion.Â

But I have another question, has the libevent supported http upload? If not, what's your plan?

Thanks,
Ben Chen

2011/5/7 Nick Mathewson <nickm@xxxxxxxxxxxxx>
On Thu, May 5, 2011 at 12:17 PM, Ben Chen <benfounder@xxxxxxxxx> wrote:
> In my project, a https server is needed. I added the https feature based on
> 2.0.10-stable release.

Hi, Ben! ÂI'd love to get HTTPS support into the 2.1 series. ÂSome
comments on the patch:

Â* evhttps_connection_base_new is mostly duplicated code from
evhttp_connection_base_new. ÂThe main difference seems to be in
setting up the bufferevent. ÂPerhaps both functions should be
implemented in terms of a Ânew third function that takes a struct
bufferevent as an argument?

Â* Passing SSL_CTX objects around as void * makes me nervous. ÂC
doesn't have the best type system in the world, but there's no point
in violating it needlessly. ÂIf the goal is to avoid a dependency on
the OpenSSL headers, just use "struct ssl_ctx_st *".

Â* For historical reasons, there are more than a few ways to create an
evhttp_bound_socket. ÂThe one that you're extending here is the
_least_ powerful. ÂPeople also use evhttp_accept_socket_with_handle,
evhttp_bind_listener, and so on. ÂI don't think it's a good idea to
create a new HTTPS variant for each one of those. ÂInstead, what if
there is a separate function to set an SSL_CTX for a struct http?

Â* I don't think that we need to support TLS vhosts immediately, but
we should look at our design here and make sure that we're not doing
anything to stop us from supporting it in the future.

Â* We should make sure that there's an interface for asking whether an
HTTP connection is encrypted, accessing its SSL object, and so on.

Â* Not everybody who compiles libevent uses openssl: that's why the
libevent_openssl library is separated. ÂWe shouldn't add an SSL
dependency into http.c per se. ÂWe should isolate the functions into a
new https.c module, I think.

If you or anybody else is interested in revising this code, that would
be great; again, this is a feature I'd love to have in 2.1.

many thanks,
--
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users  Âin the body.