httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <>
Subject RE: SSL configuration file
Date Tue, 02 Oct 2001 01:37:57 GMT

Two POV for separating out the SSL configuration :
1. As Ryan mentioned, SSL is not built into the binary - so, why put the SSL
information in the httpd.conf at all. Another view is if a user doesn't want
to enable SSL, why should he at all see any SSL config in the httpd.conf
2. The no. of possible SSL config parameters are more than any other
individual module (which i know of). So, if all/most of the SSL parameters
is enabled, it's makes the httpd.conf look big / uneasy.

I'm not sure the above explaination makes sense. As regards your POV - I
feel that there should be sufficient information in the config file, giving
the details of the various SSL directives. So, just including the minimal
config. information would not be ideal (to me).


-----Original Message-----
From: Justin Erenkrantz []
Sent: Monday, October 01, 2001 6:20 PM
Subject: Re: SSL configuration file

On Mon, Oct 01, 2001 at 09:06:09PM -0400, MATHIHALLI,MADHUSUDAN
(HP-Cupertino,ex1) wrote:
> Oh !!.. that's right :-).. I had the DocumentRoot setup with full path in
> the v-host configuration, and hence the confusion.. I thought the
> *is* required in setting it up..
> But does it really matter if we have the @@ServerRoot@@ variable in the
> configuration file ?.. It should be really simple to 'sed' it to the
> that's configured by the user - right ?..

I'm obviously missing something here...  Shouldn't the most simplisitic
config syntax for mod_ssl simply be:

<IfModule mod_ssl.c>
  <VirtualHost _default_:443>
    DocumentRoot htdocs 
    SSLEngine on
    SSLCertificateFile /path/to/my/certificate/file

I'm just not really seeing why we need this config to be separated out 
into another file.  We don't need to have an example that shows 
everything - just the most simplistic and common case.  Anything else 
should be RTFM.  -- justin

View raw message