[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: svn commit: r1844001 - in /httpd/httpd/trunk/modules/ssl: mod_ssl.c ssl_engine_kernel.c ssl_private.h

On Wed, Oct 17, 2018 at 02:29:42PM +0200, jean-frederic clere wrote:
> One of the customer complains is that having the variables exposed like
> in StdEnvars has a huge performances cost (everything is exposed for
> each request) , he wants to check one variable and then decide in his
> code what are the other he needs to access and yes he wants to know what
> we can expose...

That is all possible with ssl_var_lookup() today.  What is it you're 
trying to do that isn't possible (or efficient) today?

The API which mod_ssl exposes is the list of SSL_ variable, a list of 
(name,value) pairs.  That some of those keys are listed in the 
ssl_hook_Fixup_vars array and some are not is an implementation detail 
which makes no sense to expose in the API.

If you wanted a new API which exposes the available SSL variable *names* 
without computing the values, that might makes sense but it is expensive 
in the general case because you'd still need to parse the DNs.