httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hasselbalch Hansen <...@one.com>
Subject Re: mod_ssl, SNI and dynamic virtual hosts
Date Thu, 27 May 2010 11:08:57 GMT
Thomas, Peter wrote:
>> -----Original Message-----
>> From: Adam Hasselbalch Hansen [mailto:ahh@one.com] 
>> Sent: Tuesday, May 25, 2010 7:06 AM
>> To: dev@httpd.apache.org
>> Subject: Re: mod_ssl, SNI and dynamic virtual hosts
>> So what I'm attempting to get feedback on is whether or not 
>> it will be possible or even feasible to move certificate 
>> loading (as in the actual reading of certificate files) from 
>> startup time to request time, and if so, what caveats if any 
>> this may lead to.

> Loading & processing server certificates, keys, trust chains, and CRLs
> Request time doesn't make sense to me, unless it's implemented as a
> "one-time cost" for the first use of a dynamic virtual host.  Are these
> virtual hosts truly dynamic?  It seems that there would have to be some
> a priori knowledge of the possible servers you might be hosting. Are you

Not in a consistent way. Dynamic hosts can (and will) be added or 
removed from under Apache's nose without restarting it.

> in fact proposing some mechanism whereby you provide a path generator as
> in "certs/%s/server.crt" where Apache will look for the certificates
> [and other files] defining the PKI environment for each dynamic virtual
> host, and that further these files might not have been present on the
> system at httpd's startup?

That is exactly what I am proposing.


Thank you,
-- 
Adam Hasselbalch Hansen
UNIX Systems Developer, CPH
e: ahh@one.com, w: www.one.com

Mime
View raw message