httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: Some mod_tls questions
Date Fri, 27 Apr 2001 20:36:36 GMT
Graham Leggett wrote:
> Hi all,
> I want to be able to insert the mod_tls filters at the relevant places
> in the proxy so as to support backend TLS to https:// and ftps:// URLs.
> Trouble is, the "sense" of the certificates will be the other way around
> - I would need to specify a set of root certificates instead of a single
> cert/key combination.
> Is this the case? Or can I put in a set of root certs where the cert/key
> pairs are?

Sorry for the delay - the intent of mod_tls is to provide filters for
all SSL/TLS use in Apache - however, it is more subtle than you think -
SSL is not symmetric, so several things have to be done differently when
you are using it for a client as opposed to when it is being used as a
server. One thing is the certs, another is the SSL "method" (a thing
that is internal to OpenSSL - chooses client or server and SSL version)
and, of course, the client initiates the connection instead of accepting
an incoming one. mod_tls should provide the functionality for either
direction (much of it is common), but currently doesn't - I'd suggest we
think about this when the (anticipated) flurry of work that's about to
happen dies down, if that's OK with you.




"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

ApacheCon 2001!

View raw message