httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Deboy <sde...@secondstryke.com>
Subject Re: [PATCH 55593] Add "SSLServerInfoFile" directive
Date Wed, 25 Sep 2013 15:52:42 GMT
Since you mentioned RFC 5878, I've attached a patch to issue 55467 which allows third party
modules to send and receive custom TLS extensions or supplemental data (which can be used
to implement support for RFC 5878), and adds reneg support as well (as some folks only want
to send the extensions after the initial handshake).

https://issues.apache.org/bugzilla/show_bug.cgi?id=55467

Scott

On Sep 24, 2013, at 10:39 PM, Kaspar Brand <httpd-dev.2013@velox.ch> wrote:

> On 25.09.2013 04:13, Trevor Perrin wrote:
>> The feature is checked in to the 1.0.2 branch [1], so we'd like to
>> expose it through Apache.
>> 
>> The patch is pretty simple.  I suppose more tests or docs might be
>> needed (?), which I'm happy to write.
>> 
>> Anyways, is this something Apache is interested it?  Does the patch
>> look correct? [2]
> 
> I'd very much prefer to see this supported via SSLOpenSSLConfCmd
> (http://svn.apache.org/r1421323), and not code this into mod_ssl by
> adding yet another directive. For the authz_file / RFC 5878 stuff, I did
> some experiments at the time, and am attaching a[n untested] patch for
> SSL_CTX_use_serverinfo_file - could you give it a try?
> 
> Depending on when exactly you need the SSL_CTX_use_serverinfo_file to
> happen in ssl_engine_init.c, we might have to move around the #ifdef
> HAVE_SSL_CONF_CMD block somewhat, but this shouldn't be a real issue
> (for authz_file, it was necessary/doable).
> 
> Kaspar
> <cmd_ServerInfoFile.diff>


Mime
View raw message