httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject [PATCH] Further refinements for SNI
Date Wed, 13 Feb 2008 09:00:23 GMT
While I was testing revocation checking for client certs in an SNI
configuration (Dirk, many thanks for make_sni.sh, btw!), I came across a
flaw in the current implementation when CRL information - i.e.
SSLCARevocationFile/SSLCARevocationPath - is set on a per-vhost basis
(don't know how much sense it makes to have non-global CRLs, but anyway...).

The attached patch addresses this issue, and it also improves the
logging behavior for an SNI enabled configuration (previously some of
the messages would always go to the first vhost, or wouldn't appear at
all, depending on the LogLevel of the first vhost).

Kaspar

Mime
View raw message