httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject Re: OpenSSL configuration and mod_ssl
Date Sat, 04 Feb 2012 07:32:09 GMT
On 02.02.2012 15:13, Dr Stephen Henson wrote:
> So perhaps:
> 
> int SSL_CTX_set_config_string(SSL_CTX *ctx,
> 				const char *name, const char *value);
> 
> Where the values of "name" can expand over time.

I'm more in favor of this one - i.e., allow configuration through
key-value pairs (you could do that with the other variant by stuffing
them into a single string, but then there's the question of what
separator to use etc.)

> I'm not completely sure that this could be handled by the mod_ssl
> configuration routines, perhaps someone could comment on that?

Similar to the parameter handling in directives like "Define" or
"SetEnv", I think. "SSLSetOpenSSLOption" e.g.?

> int SSL_CTX_config(SSL_CTX *ctx, const char *config_name);
> 
> Where "config_name" is a named configuration option in the OpenSSL configuration
> file. This has the substantial advantage that there would
> then be one configuration file format used by all OpenSSL applications.
> The disadvantage is that it would look nothing like the existing Apache
> configuration format.

Maybe mod_ssl could offer both - a directive for configuring via
key-value pairs for "simple" cases, and a config file based way for
complex setups. (In some way, it's what PHP currently does with the
php_value/php_admin_value directives and php.ini.)

BTW: I would like to see SSL_set_config_string(), too - for those
mod_ssl options which can be set on a per-directory basis.

Kaspar

Mime
View raw message