httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject Re: svn commit: r1550060 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c
Date Sun, 22 Dec 2013 08:30:42 GMT
On 11.12.2013 08:16, jkaluza@apache.org wrote:
> Author: jkaluza
> Date: Wed Dec 11 07:16:28 2013
> New Revision: 1550060
> 
> URL: http://svn.apache.org/r1550060
> Log:
> mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
> configured SSL CA certificates to stdout the same way as DUMP_CERTS does.

In addition to what RĂ¼diger noted (on 13 December): are -DDUMP_CERTS and
-DDUMP_CA_CERTS supposed to be mutually exclusive? Right now, specifying
both will have the effect of only outputting the certs (due to the early
return in line 1937).

Another idea is to interleave server and CA cert information and output
them by the vhost_id, e.g.:

foo.example.net:443
  Server: /usr/local/apache2/conf/server-foo.crt
  CA:     /usr/local/apache2/conf/ssl.crt/ca-bundle-foo.crt
bar.example.net:443
  Server: /usr/local/apache2/conf/server-bar.crt
  CA:     /usr/local/apache2/conf/ssl.crt/ca-bundle-bar.crt
...

And third, could we document -DDUMP_CERTS and -DDUMP_CA_CERTS on this
occasion (either in server/main.c or docs/man/httpd.8)?

Kaspar

Mime
View raw message