httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hasselbalch Hansen <>
Subject Re: mod_ssl, SNI and dynamic virtual hosts
Date Fri, 04 Jun 2010 10:07:08 GMT
Adam Hasselbalch Hansen wrote:
> Thomas, Peter wrote:
>>> -----Original Message-----
>>> From: Adam Hasselbalch Hansen [] Sent: Tuesday, May 
>>> 25, 2010 7:06 AM
>>> To:
>>> Subject: Re: mod_ssl, SNI and dynamic virtual hosts
>>> So what I'm attempting to get feedback on is whether or not it will 
>>> be possible or even feasible to move certificate loading (as in the 
>>> actual reading of certificate files) from startup time to request 
>>> time, and if so, what caveats if any this may lead to.
>> Loading & processing server certificates, keys, trust chains, and CRLs
>> Request time doesn't make sense to me, unless it's implemented as a
>> "one-time cost" for the first use of a dynamic virtual host.  Are these
>> virtual hosts truly dynamic?  It seems that there would have to be some
>> a priori knowledge of the possible servers you might be hosting. Are you
> Not in a consistent way. Dynamic hosts can (and will) be added or 
> removed from under Apache's nose without restarting it.
>> in fact proposing some mechanism whereby you provide a path generator as
>> in "certs/%s/server.crt" where Apache will look for the certificates
>> [and other files] defining the PKI environment for each dynamic virtual
>> host, and that further these files might not have been present on the
>> system at httpd's startup?
> That is exactly what I am proposing.

Any further comments? It seemed like you had more to say :)

Adam Hasselbalch Hansen
UNIX Systems Developer, CPH
e:, w:

View raw message