httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Trevor Perrin <>
Subject Re: [PATCH 55593] Add "SSLServerInfoFile" directive
Date Thu, 26 Sep 2013 21:59:11 GMT
On Tue, Sep 24, 2013 at 10:39 PM, Kaspar Brand <> wrote:
> On 25.09.2013 04:13, Trevor Perrin wrote:
>> The feature is checked in to the 1.0.2 branch [1], so we'd like to
>> expose it through Apache.
>> The patch is pretty simple.  I suppose more tests or docs might be
>> needed (?), which I'm happy to write.
>> Anyways, is this something Apache is interested it?  Does the patch
>> look correct? [2]
> I'd very much prefer to see this supported via SSLOpenSSLConfCmd
> (, and not code this into mod_ssl by
> adding yet another directive. For the authz_file / RFC 5878 stuff, I did
> some experiments at the time, and am attaching a[n untested] patch for
> SSL_CTX_use_serverinfo_file - could you give it a try?

Thanks, I tried that.

It doesn't work with filenames relative to the Apache root.  The patch
I submitted uses ssl_engine_config.c:ssl_cmd_check_file() to map
relative to absolute filenames.  I'm not sure how you'd do that with

(For context: the ServerInfo file is replacing the 5878/authz file, as
it's more useful to be able to provide ServerHello extensions, instead
of 5878 extensions.  I think 5878 is somewhat falling out of favor -
or at least I hope so... [1]).



View raw message