[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] patch for https



Hi Nick,
I understand that https feature will be available in 2.1 series. When 2.1 series will be released?
Please, let us know.
Thanks.
-
Zulfiqer


From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
To: libevent-users@xxxxxxxxxxxxx
Sent: Fri, May 6, 2011 12:11:28 PM
Subject: Re: [Libevent-users] patch for https

On Thu, May 5, 2011 at 12:17 PM, Ben Chen <benfounder@xxxxxxxxx> wrote:
> In my project, a https server is needed. I added the https feature based on
> 2.0.10-stable release.

Hi, Ben!  I'd love to get HTTPS support into the 2.1 series.  Some
comments on the patch:

* evhttps_connection_base_new is mostly duplicated code from
evhttp_connection_base_new.  The main difference seems to be in
setting up the bufferevent.  Perhaps both functions should be
implemented in terms of a  new third function that takes a struct
bufferevent as an argument?

* Passing SSL_CTX objects around as void * makes me nervous.  C
doesn't have the best type system in the world, but there's no point
in violating it needlessly.  If the goal is to avoid a dependency on
the OpenSSL headers, just use "struct ssl_ctx_st *".

* For historical reasons, there are more than a few ways to create an
evhttp_bound_socket.  The one that you're extending here is the
_least_ powerful.  People also use evhttp_accept_socket_with_handle,
evhttp_bind_listener, and so on.  I don't think it's a good idea to
create a new HTTPS variant for each one of those.  Instead, what if
there is a separate function to set an SSL_CTX for a struct http?

* I don't think that we need to support TLS vhosts immediately, but
we should look at our design here and make sure that we're not doing
anything to stop us from supporting it in the future.

* We should make sure that there's an interface for asking whether an
HTTP connection is encrypted, accessing its SSL object, and so on.

* Not everybody who compiles libevent uses openssl: that's why the
libevent_openssl library is separated.  We shouldn't add an SSL
dependency into http.c per se.  We should isolate the functions into a
new https.c module, I think.

If you or anybody else is interested in revising this code, that would
be great; again, this is a feature I'd love to have in 2.1.

many thanks,
--
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.