httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <shen...@opensslfoundation.com>
Subject Re: OpenSSL configuration and mod_ssl
Date Sat, 04 Feb 2012 14:10:41 GMT
On 04/02/2012 07:32, Kaspar Brand wrote:
> On 02.02.2012 15:13, Dr Stephen Henson wrote:
>>
>> int SSL_CTX_config(SSL_CTX *ctx, const char *config_name);
>>
>> Where "config_name" is a named configuration option in the OpenSSL configuration
>> file. This has the substantial advantage that there would
>> then be one configuration file format used by all OpenSSL applications.
>> The disadvantage is that it would look nothing like the existing Apache
>> configuration format.
> 
> Maybe mod_ssl could offer both - a directive for configuring via
> key-value pairs for "simple" cases, and a config file based way for
> complex setups. (In some way, it's what PHP currently does with the
> php_value/php_admin_value directives and php.ini.)
> 

I agree some of the more complex operations might need nested configuration
options (for example setting verification policies).

It should be possible to setup most options for an SSL_CTX or SSL structure this
way, including which key(s) and certificate(s) to use, though not sure mod_ssl
would make use of that.

> BTW: I would like to see SSL_set_config_string(), too - for those
> mod_ssl options which can be set on a per-directory basis.
> 

Yes I certainly plan to have an equivalent for SSL structures too.

Steve.
-- 
Dr Stephen Henson. OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
+1 877-673-6775
shenson@opensslfoundation.com

Mime
View raw message