From: Ilya Goldberg <igg@mit.edu>
Subject: xmlrpc-SSL
To: eric.kidd@pobox.com
Date: Fri, 26 Jan 2001 18:33:14 -0500

Hi Eric

[snip]

The thing that I needed in an RPC-type environment was keeping track
of the users - not so much for security, but just to keep people from
doing destructive things - because clients can make calls that will
make changes to the database on the server, which will potentially
affect other clients.  The simplest way to implement user
authentication in a seamless (and cross-platform) way seemed to be
SSL.  Unfortunately, SSL didn't seem to be a supported protocol of
xmlrpc.  Turns out you can make xmlrpc-perl servers and clients
communicate over SSL just by installing the right perl SSL packages.
So, I patched your source to do SSL also.  I only messed around with
the xmlrpc_client.c, because my servers will be served as CGIs from
Apache (with mod_ssl), so I didn't need SSL in stand-alone servers.
  
Now all you need to do to go over SSL is specify https:// instead of
http:// in the server URL.  http:// still works, obviously.  Your
example CGI server works either way when served by Apache/mod_ssl.
  
I'm including the patch at the bottom of this email.  One thing that
seems to be broken in w3c-libwww is that libwww-config doesn't link
against -lwwwssl, even though it specifies linking against -lssl, etc
(?).  I just added -lwwwssl to the library list in the libwww-config
script, which makes your configure script work properly.  Obviously,
libwww needs to be compiled with the ssl package before compiling
xmlrpc-c.  The newest libwww comes with openssl glue, but doesn't
include openssl.
