This looks pretty reasonable to me. One concern I have is that this API creates SSL server contexts, so we ought to distinguish that in the API name.
I propose that TSSslContextCreate() be named TSSslServerContextCreate(), and that we define TSSslContextDestroy() will be able to destroy both server and client contexts (assuming we ever implement the latter). How does that sound? > On Apr 21, 2016, at 10:22 AM, Mathias Biilmann <math...@bitballoon.com> wrote: > > *API Review of adding TSSslContextCreate and TSSslContextDestroy* > > Hi All, > > Here's the API review request for the pull request: > > It adds two new API functions for creating and destroying SSL > contexts. > > Traffic server exposes hooks that plugins can use to load certificates via > other > mechanisms than the ssl_multicert.config, but there's currently no way for > a plugin > to create a new SSL context based on the current ATS settings (cipher > suites, which > protocols to support, etc, etc). > > The TSSslContextCreate gives plugins an API function that will return a > wrapped > SSL context that respect all the SSL related settings in records.config > > It's up to the plugin to free the context after use, so the pull request > includes > a corresponding TSSslContextDestroy API function for freeing the context > (just > wraps the open ssl call for this, but having an API function makes it more > obvious > that it's up to the plugin author to free the context). > > The two new API functions are: > > tsapi TSSslContext TSSslContextCreate() > tsapi void TSSslContextDestroy(TSSslContext ctx) > > Best, > Matt > > On Thu, Apr 21, 2016 at 10:11 AM, David Calavera <david.calav...@gmail.com> > wrote: > >> Originally proposed in https://github.com/apache/trafficserver/pull/402. >> >> It would be convenient to have those two methods in the API to properly >> create SSL contexts setting the right configuration from records.config. >> >> I opened a ticket to track the issue: >> https://issues.apache.org/jira/browse/TS-4373 >> The final code is in https://github.com/apache/trafficserver/pull/594 >> You can see the API documentation is isolated in this commit: >> >> https://github.com/apache/trafficserver/pull/594/commits/523e9e703ecd835dc84e829d4539a1bf40e3ee3c >> >> Please, let me know if there is anything else I should do. >> >> Cheers, >> David >>
