Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5A08B10A2F for ; Wed, 25 Sep 2013 15:53:15 +0000 (UTC) Received: (qmail 66235 invoked by uid 500); 25 Sep 2013 15:53:13 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 66180 invoked by uid 500); 25 Sep 2013 15:53:12 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 66168 invoked by uid 99); 25 Sep 2013 15:53:11 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Sep 2013 15:53:11 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy includes SPF record at spf.trusted-forwarder.org) Received: from [209.85.192.176] (HELO mail-pd0-f176.google.com) (209.85.192.176) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Sep 2013 15:53:05 +0000 Received: by mail-pd0-f176.google.com with SMTP id q10so6222618pdj.21 for ; Wed, 25 Sep 2013 08:52:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:content-transfer-encoding:message-id:references:to; bh=dGf3GY7LH9ARVnpGvnMLUjN1cwVGyCXa6we+TUg96fc=; b=kED2njxLX4b4btZoyH9JLOhd+HUgrCsKeV3mbcYq81R0m3HiXQlHBrqUWGaVim+dGt TsGVt40pK0zkE/kUM5akH/yK4C/EaWhGiSzrdNKlnGFDS36bfhmgwyGCtmZA2YBAnDef aE1kaRoSIDLarsr2UBP6n+5ZNUsxsaWL6pYa6jFHjQm8DhyLC7+EWns5K4egPsTgLtmJ MyzM5rdQ2TqbWibwsH1gd8PNA32HvjE0BJOPR7ODiSLNcoY93CAQXt/lGbSj7KeyIraY nVHZPxqnjgRXe52ruaF+a9vuUD2n+TqmmWx3c4AnK9WC1UhICpHj8pEAgOsU9zWAbZnF A3cA== X-Gm-Message-State: ALoCoQlxH/KFuHe222Y0YMUvCvXfufusYsUekT946hE8rwik+BafhHEb7H5b3TWe6XefX2Wljr80 X-Received: by 10.66.196.110 with SMTP id il14mr18279069pac.130.1380124363868; Wed, 25 Sep 2013 08:52:43 -0700 (PDT) Received: from [192.168.1.141] (c-67-171-160-128.hsd1.or.comcast.net. [67.171.160.128]) by mx.google.com with ESMTPSA id y5sm48508088pbs.18.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 25 Sep 2013 08:52:43 -0700 (PDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) Subject: Re: [PATCH 55593] Add "SSLServerInfoFile" directive From: Scott Deboy In-Reply-To: <52427722.3050105@velox.ch> Date: Wed, 25 Sep 2013 08:52:42 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <80B30C37-A072-409E-871B-08D7F3418037@secondstryke.com> References: <52427722.3050105@velox.ch> To: dev@httpd.apache.org X-Mailer: Apple Mail (2.1510) X-Virus-Checked: Checked by ClamAV on apache.org Since you mentioned RFC 5878, I've attached a patch to issue 55467 which = allows third party modules to send and receive custom TLS extensions or = supplemental data (which can be used to implement support for RFC 5878), = and adds reneg support as well (as some folks only want to send the = extensions after the initial handshake). https://issues.apache.org/bugzilla/show_bug.cgi?id=3D55467 Scott On Sep 24, 2013, at 10:39 PM, Kaspar Brand = wrote: > On 25.09.2013 04:13, Trevor Perrin wrote: >> The feature is checked in to the 1.0.2 branch [1], so we'd like to >> expose it through Apache. >>=20 >> The patch is pretty simple. I suppose more tests or docs might be >> needed (?), which I'm happy to write. >>=20 >> Anyways, is this something Apache is interested it? Does the patch >> look correct? [2] >=20 > I'd very much prefer to see this supported via SSLOpenSSLConfCmd > (http://svn.apache.org/r1421323), and not code this into mod_ssl by > adding yet another directive. For the authz_file / RFC 5878 stuff, I = did > some experiments at the time, and am attaching a[n untested] patch for > SSL_CTX_use_serverinfo_file - could you give it a try? >=20 > Depending on when exactly you need the SSL_CTX_use_serverinfo_file to > happen in ssl_engine_init.c, we might have to move around the #ifdef > HAVE_SSL_CONF_CMD block somewhat, but this shouldn't be a real issue > (for authz_file, it was necessary/doable). >=20 > Kaspar >