SSL-data access from verious handlers. was: Re: [mod_python] problem w/ authen handler

Graham Dumpleton grahamd at
Mon May 23 08:05:22 EDT 2005

On 23/05/2005, at 9:03 PM, Bud P. Bruegger wrote:

> At 20.47 23/05/2005 +1000, Graham Dumpleton wrote:
>> On 23/05/2005, at 6:55 PM, Bud P. Bruegger wrote:
>>> The concept of Loginhandler is really interesting.  My doubt is 
>>> whether it would execute before mod-rewrite clicks in?
>> Since it is essentially executed as part of the content handler phase 
>> it
>> would be after mod_rewrite. Overall, not sure you will be able to do 
>> what
>> you want in mod_python as it doesn't give fine enough control. 
>> Probably
>> simpler for you to write your own DSO in C which does it.
>> Graham
> hmm, I like the idea of python to be able to flexibly apply regular 
> expressions and similar to massage ID strings and also to rapidly 
> integrate additional eID types.
> Considering that I'm not the first person who wanted access to SSL 
> data from mod-python, would it be possible/desirable to extend 
> mod-python to see these?  Alternatively, would it be possible to 
> access internals with python's ctypes module?

A bit of information that may be useful, or may not.

 From looking at code for mod_python and mod_ssl, when registering a 
handler hook
you can specify its relative location as first, middle or last. Both 
mod_ssl and
mod_python specify it as middle for the fixup handler. Ie.,

     ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, 

     /* [8] fixups */
                    NULL, NULL, APR_HOOK_MIDDLE);

It is in the SSL fixup handler that it pushes all the variable into the 
If you aren't seeing the variables in the common vars in the fixup 
handler, then the
SSL fixup handler is being called after the mod_python fixup handler.

The issue thus is whether you can control the order in any way such 
that you can
guarantee that the SSL fixup handler is executed before that for 
mod_python. If
you can do this, you can ensure that common vars is set and can be used 
by your
Python handler.

The Apache documentation says:

   Controlling hook calling order

   In the example above, we didn't use the three arguments in  the hook 
registration function
   that control calling order.  There are two mechanisms for doing this. 
The first, rather
   crude, method, allows us to specify roughly where the hook is  run 
relative to other modules.
   The final argument control this.  There are three possible values: 
   and HOOK_LAST.

   All modules using any particular value may be run in any  order 
relative to each other,
   but, of course, all modules using  HOOK_FIRST will be run before 
HOOK_MIDDLE  which are
   before HOOK_LAST. Modules that don't care  when they are run should 

   Note that there are two more values,  HOOK_REALLY_FIRST and 
   should only be used by the hook exporter.

Thus, within a single level, eg, middle, can be run in any order.

As far as controlling order within a level, the documentation goes on 
further to say:

   The other method allows finer control. When a module knows  that it 
must be run before
   (or after) some other modules, it  can specify them by name. The 
second (third) argument
   is a  NULL-terminated array of strings consisting of the names of  
modules that must be
   run before (after) the current module. For example, suppose we want 
"mod_xyz.c" and
   "mod_abc.c" to run  before we do, then we'd hook as follows:

     static void register_hooks()
       static const char * const aszPre[] = { "mod_xyz.c", "mod_abc.c", 

       ap_hook_do_something(my_something_doer, aszPre, NULL, 

   Note that the sort used to achieve this is stable, so  ordering set 
   is preserved, as far  as is possible.

This though isn't of any use here as at point that mod_python is 
registering hooks it isn't
going to know anything about dependencies.

Overall, what would be most useful I guess is if mod_python provided a 
way of saying
whether a handler should be executed as first, middle or last. If this 
ability existed
you could specify your handler to be run within the last group of the 
thus ensuring that it is run after the SSL middle fixuphandler where 
common vars would
be primed.

The only other I can think of is you play around with 
req.add_handler(). This allows you
to add additional handlers to be executed within a certain phase. What 
I can't work out
from the source code at the moment though is that if you were to add a 
handler to the
PythonFixupHandler phase from the fixuphandler itself, whether it would 
be executed before
mod_python returns control back to Apache, or whether control would go 
back to Apache,
it would then execute SSL fixup handler and then return into mod_python 
to execute the
newly specified fixup handler.

Anyway, if you can understand what I am talking about, you might play 
with req.add_handler()
and let us know what you find. I think though it is still going to be 
executed before the
SSL fixup handler which sets up the vars.


More information about the Mod_python mailing list