httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: OpenSSL configuration and mod_ssl
Date Sat, 04 Feb 2012 11:47:31 GMT
On 02 Feb 2012, at 4:13 PM, Dr Stephen Henson wrote:

> So my thoughts are that this concept could be generalised.
> 
> A simple answer is to add new string setting options. For example:
> 
> int SSL_CTX_set_options_string(SSL_CTX *ctx, const char *str);
> 
> This works for existing simple configuration but a new string (for example TLS
> 1.2 supported signature algorithms) might be added in the future so then we're
> back to having to explicitly add support to all applications for each new string
> configuration option.

This came up during the design of the apr_crypto interface, which also required hard coded
constants originally.

What we ended up with is a string modeled on the argv string (ie whitespace separated tokens,
with support for quoting). The reason for this was that some crypto backends (Mozilla NSS
primarily) required support for filesystem paths, which meant spaces, which meant quoting:

crypto_make():

https://svn.apache.org/repos/asf/apr/apr/trunk/crypto/apr_crypto_openssl.c

Regards,
Graham
--


Mime
View raw message