httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas, Peter" <ptho...@HPTI.com>
Subject RE: mod_ssl, SNI and dynamic virtual hosts
Date Tue, 25 May 2010 17:42:59 GMT
Loading & processing server certificates, keys, trust chains, and CRLs
Request time doesn't make sense to me, unless it's implemented as a
"one-time cost" for the first use of a dynamic virtual host.  Are these
virtual hosts truly dynamic?  It seems that there would have to be some
a priori knowledge of the possible servers you might be hosting. Are you
in fact proposing some mechanism whereby you provide a path generator as
in "certs/%s/server.crt" where Apache will look for the certificates
[and other files] defining the PKI environment for each dynamic virtual
host, and that further these files might not have been present on the
system at httpd's startup?

Warmly,

--Pete

> -----Original Message-----
> From: Adam Hasselbalch Hansen [mailto:ahh@one.com] 
> Sent: Tuesday, May 25, 2010 7:06 AM
> To: dev@httpd.apache.org
> Subject: Re: mod_ssl, SNI and dynamic virtual hosts
> So what I'm attempting to get feedback on is whether or not 
> it will be possible or even feasible to move certificate 
> loading (as in the actual reading of certificate files) from 
> startup time to request time, and if so, what caveats if any 
> this may lead to.

Mime
View raw message