httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <>
Subject Re: [PATCH 55593] Add "SSLServerInfoFile" directive
Date Thu, 10 Oct 2013 23:44:23 GMT
On 10/10/2013 23:18, Trevor Perrin wrote:
> How would you expect the code to track the Cert -> ServerInfo
> relationship between these points?

Disclaimer: it's been a while since I looked at that code and someone else might
have a better idea. It didn't quite work in the way I recalled.

It may be a bit messy to handle, to say the least.

AFAICS the certificate and key files both go through the function
ssl_cmd_check_aidx_max and store the filenames with an associated index. At that
point you could save the last index used and store any associated ServerInfo
with the same index.

I *think* you then have to delve into ssl_pphrase_Handle() [note the comment on
the way in] and somehow link the ServerInfo index with something you can use to
recognise it later. The algorithm type 'at' might be usable or perhaps turn the
algorithm type into one of the SSL_AIDX_<ALGORITHM> values?

After that you look for an appropriate ServerInfo value when SSL_use_certificate
or SSL_use_PrivateKey is called (you'll be able to use the associated
SSL_AIDX_<ALGORITHM> value) and set the ServerInfo.

There *should* be an easier way to do it than this but I can't immediately see
what it is.

Dr Stephen Henson. OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
+1 877-673-6775

View raw message