httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhusudan Mathihalli <mam...@gmail.com>
Subject Re: Use of X509_NAME_oneline in mod_ssl
Date Wed, 20 Oct 2004 15:50:50 GMT
On Wed, 20 Oct 2004 08:37:01 +0100, Joe Orton <jorton@redhat.com> wrote:
> On Wed, Oct 20, 2004 at 12:13:14AM -0700, Madhusudan Mathihalli wrote:
> > On Sat, 16 Oct 2004 07:58:57 +0100, Joe Orton <jorton@redhat.com> wrote:
> > > Changing just the _DN variable format with a config directive sounds OK.
> > > Adding new variables would be an alternative, but the names would
> > > probably get *really* ugly...
> > >
> > That is correct - I should've been more clear in my mail. What I
> > really meant was to give options like
> > DNFormat SSL_SERVER_S_DN default
> > DNFormat SSL_CLIENT_S_DN rfc2253
> 
> Actually I do wonder whether just adding new variable names
> 
>  SSL_{SERVER,CLIENT}_{I,S}_2253DN
> 
> is the best way.  If you have other modules which are accessing the DNs
> directly from ssl_var_lookup you may not want to change the DN format
> for them, but you do for some script, or vice versa.  Those names aren't
> so ugly, and it saves adding more config directives.  What do you
> reckon?
> 

Sure - I like the idea.

The one concern is that if we end up exporting both _DN and _2253DN
formats, it'll have a performance impact on Apache. As it stands now,
Apache is around 50% slower than Zeus (even with SPECweb2003).

I'll start working on the patch

Thanks
-Madhu

Mime
View raw message