httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <>
Subject Re: [PATCH 55593] Add "SSLServerInfoFile" directive
Date Sat, 28 Sep 2013 13:42:35 GMT
On 27.09.2013 20:58, Trevor Perrin wrote:
> On Fri, Sep 27, 2013 at 9:16 AM, Kaspar Brand <> wrote:
>> It could probably be handled in
>> ssl_engine_config.c:ssl_cmd_SSLOpenSSLConfCmd(), but this would again
>> mean adding specific code for ServerInfoFile.
> If we're adding specific code for ServerInfoFile, would it make more
> sense just to do a separate directive?

I would like to avoid that, as it would mean to extend
modssl_pk_server_t (or some other struct) whenever an additional OpenSSL
feature is added. See also this thread for some background:

>>   Define SR /path/to/server/root/
>>   SSLOpenSSLConfCmd ServerInfoFile ${SR}relative/file/name
> Hmm, are you asking the web admin to define SR?  That doesn't seem
> much easier then just telling them to use the absolute name:
> SSLOpenSSLConfCmd ServerInfoFile /path/to/server/root/relative/file/name

We could do that in the default httpd.conf file, similar to how it was
done with for DocumentRoot.

If the ability to specify relative path names with SSLOpenSSLConfCmd is
considered an absolutely essential feature, then OpenSSL could perhaps
"standardize" its option names somewhat - e.g. by always naming those
which take a file name argument with "...File". We could then handle
such a case in mod_ssl as illustrated by the attached patch.


View raw message