Paul’s Journal

I first heard details about OpenSolaris at the ApacheCon Keynote by Andrew Tucker (Streaming Video of it!). I walked away from his presentation believing that at least the Engineers at Sun wanted to make Solaris Open Source work. I was also quite impressed by Zones, and the capabilities it brings to server admins. Hopefully FreeBSD’s Jails will get some of these features.


I still wonder if OpenSolaris will explode into a great community, or fall flat on its face. It is a great experiment on Sun’s part, but, I am not sure they are prepared to let go of control. They still maintain a firm grip on everything that happens with it. Its not open version control. Then again, neither is Apache. Sun’s great challange will be giving out commit access. If they do this too slowly, people will leave the community. If they do it too quickly, the quality will decrease.


On another note, I do not want OpenSolaris to just take a Linux Distro’s userland and ship it on a ISO. I would much rather have a FreeBSD userland. What could be better than Solaris 10 Zones, with a FreeBSD userland?

I wish more clients would support RFC 2817 / TLS Upgrade in HTTP/1.1. Apache HTTPD 2.1 supports it in mod_ssl.

If more clients supported it, then you would not need a separate IP for every SSL enabled virtual host. That would be cool.

Here is an example config:

<VirtualHost *:80>
    ServerName svn.foo.com
    CustomLog logs/access_log common
    ErrorLog logs/error_log
    SSLEngine Optional
    SSLCertificateFile conf/svn.foo.com.cert
    SSLCertificateKeyFile conf/svn.foo.com.key
    SSLRequireSSL
</VirtualHost>

There are two key parts, first, setting SSLEngine to ‘optional’, this allows normal unencrypted HTTP requests initially. Second, the SSLRequireSSL bit tells the client that it *must* ugprade to SSL to continue with any requests. Its pretty sweet to see it in action. Sort of like START_TLS for other protocols, but designed to work within HTTP’s paradign.

I have submitted a bug to Mozilla, asking for support. It doesn’t look like any Mozilla developers are interested yet. darn.


I guess I will keep making wishes for support of cool protocols features. I am not motivated enough to attempt to write a patch for mozilla yet.