[Fedora-directory-devel] TLS upgrades with mod_nss

Peter Djalaliev peter.djalaliev at gmail.com
Wed Mar 15 20:14:05 UTC 2006


Hello,

Apache/mod_ssl supports TLS upgrades (RFC2817) in version 2.2.0 and I was
wondering - has anybody anybody ported this to mod_nss?

If not, I will try to implement TSL upgrades in mod_nss.  I can find online
the patch that was probably applied to mod_ssl to implement the TLS upgrades
there and my plan is to start from there and try to make equivalent changes
to mod_nss.

Does anybody have any advice as to what I should be careful about - e.g.
places where mod_nss might require something more than just changes
equivalent to those done to mod_ssl?  Two of the significant differences b/n
mod_nss and mod_ssl that I can think of right now are the NSS database vs.
the mod_ssl certificate and key files, as well as that mod_nss always
authenticates the whole certificate chain.

>From what I see so far the main changes that need to be made to mod_nss are
in the way the module configures: itself (ssl_init_Modules), the SSL engine
(nss_cmd_NSSEngine) and a server (ssl_init_ConfigureServer).  Also, changed
would be needed in the Access handler, Authentication handler, Read Request
handler, and Fixup hook functions.

An additional question is: where is the nss_cmd_NSSEngine function invoked?
It's function prototype should be changed because now the NSSEngine state is
not simply a boolean, but I can't find where the function is invoked from...

Thanks in advance :)

Regards,
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20060315/f7b1b663/attachment.htm>


More information about the Fedora-directory-devel mailing list