Re: [RFC] Certificate validation helper

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Tue, 03 Jul 2012 18:11:45 -0600

On 07/03/2012 04:56 PM, Amos Jeffries wrote:
> On 03.07.2012 14:59, Alex Rousskov wrote:
>> On 07/02/2012 06:20 PM, Amos Jeffries wrote:
>>>
>>> I am in the process of modifying the helper API for consistency across
>>> all helpers starting with 3.3. It would be great if you could design
>>> your helper to use a generic output format for data sent back to Squid:
>>>
>>> [channel-ID] (OK/ERR/BH) [key-pairs] <terminator>
>>
>> OK, but not all helper communication is line-based. We may need to send
>> PEM-encoded certificates back (and ssl_crtd already does that). That
>> requires sending multiline blocks of data.
>>
>> If you want to generalize that, consider adding body start/end
>> terminators.
>
> I know. That is why I omit the word "line" and specify <terminator>
> instead of <EOL>.

The proposed format is missing the body itself, unless you want to force
all helpers to use key=value format for blobs such as PEM-encoded
certificates. Ideally, there will be a way for generic helper parsers to
detect and extract the body. To reach that ideal, there should be a
common format that includes the body.

>> Do you want me to provide basic reusable classes for helper request
>> formatting and response parsing, if I have a chance?
>
> I have one almost finished as a callback params object for replies. As
> soon as it passes all the build tests I'll be submitting a patch before
> starting to merge the parsers and extend the available response key-pairs.
>
> If you want to make a generic one for requests that would help. It's a
> bit more complicated to get backward compatible due to the larger syntax
> variance between helper request formats.

Understood.

Alex.
Received on Wed Jul 04 2012 - 00:11:56 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 04 2012 - 12:00:03 MDT