httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject Re: SNI in 2.2.x (Re: Time for 2.2.10?)
Date Fri, 03 Apr 2009 10:31:42 GMT


> -----Ursprüngliche Nachricht-----
> Von: Kaspar Brand 
> Gesendet: Donnerstag, 2. April 2009 18:21
> An: dev@httpd.apache.org
> Betreff: Re: SNI in 2.2.x (Re: Time for 2.2.10?)
> 
> Plüm, Rüdiger, VF-Group wrote:
> > Going through the follow ups the following question remains for me:
> > 
> > Where did you address to adjust the
> > 
> > SSLCARevocation{File,Path} and
> > SSLOCSP{Enable,DefaultResponder,OverrideResponder}
> > 
> > settings in the case of an non SNI client connecting to the 
> non default vhost?
> 
> By modifying ssl_callback_SSLVerify and ssl_callback_SSLVerify_CRL to
> use r->server as the server_rec (instead of conn->base_server), which
> makes sure that the correct mctx gets selected. These 
> callbacks will be
> used during a renegotiation, which is triggered by ssl_hook_Access if
> the non-default vhost has more restrictive SSLVerify{Client,Depth}
> settings compared to the default vhost.
> 


Thanks for the pointer.

Regards

Rüdiger

Mime
View raw message