httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <>
Subject Re: SNI in 2.2.x (Re: Time for 2.2.10?)
Date Wed, 08 Oct 2008 20:14:00 GMT

On 10/08/2008 09:56 PM, Jim Jagielski wrote:
> On Sep 23, 2008, at 5:37 AM, David Shane Holden wrote:
>> Kaspar Brand wrote:
>>>> Making SNI support configurable at runtime also seems a more attractive
>>>> solution to me - it would basically mean that in ssl_init_ctx(), the
>>>> SNI
>>>> callback is not registered unless it's explicitly configured. I would
>>>> suggest using something like
>>>>   SSLEnableSNI port [port] ...
>>>> which would be used as a per-server directive (i.e. not within vhosts,
>>>> only globally) and enable SNI on the specified ports.
>>> Attached is a proof of concept for such an "SSLEnableSNI" config
>>> directive (for 2.2.x only).
>>> Will need more fine-tuning, most likely, but I would appreciate to get
>>> feedback whether this is considered a feasible approach - thanks.
>>> Kaspar
>> I managed to find some time to experiment with this patch against
>> 2.2.9, and so far so good.  It works as advertised.  I'm eager to see
>> SNI included in Apache!
> As we all know, this will not be in 2.2.10... Please recall that
> things must be in -trunk before being viable for backport to 2.2.x.

I must admit that I lost a little bit of track of the exact status of SNI in trunk.
It would be very cool if Joe could point out the remaining issues with the trunk
version of SNI so that it can be worked on. I guess Kaspar would be happy to
supply at least some of the needed patches. I will then try to do my very best
to review this.



View raw message