httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject Re: SNI in 2.2.x (Re: Time for 2.2.10?)
Date Thu, 02 Apr 2009 16:20:36 GMT
Plüm, Rüdiger, VF-Group wrote:
> Going through the follow ups the following question remains for me:
> 
> Where did you address to adjust the
> 
> SSLCARevocation{File,Path} and
> SSLOCSP{Enable,DefaultResponder,OverrideResponder}
> 
> settings in the case of an non SNI client connecting to the non default vhost?

By modifying ssl_callback_SSLVerify and ssl_callback_SSLVerify_CRL to
use r->server as the server_rec (instead of conn->base_server), which
makes sure that the correct mctx gets selected. These callbacks will be
used during a renegotiation, which is triggered by ssl_hook_Access if
the non-default vhost has more restrictive SSLVerify{Client,Depth}
settings compared to the default vhost.

Kaspar


Mime
View raw message