httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject Re: svn commit: r1562500 - /httpd/httpd/branches/2.4.x/STATUS
Date Thu, 30 Jan 2014 18:25:59 GMT
On 29.01.2014 19:15, Graham Leggett wrote:
> On 29 Jan 2014, at 16:24, kbrand@apache.org wrote:
>> URL: http://svn.apache.org/r1562500
>> Log:
>> propose SSLCertificate[Key]File/SSLCertificateChainFile overhaul for mod_ssl
> 
> Would it be possible to do the same for the SSLProxy* directives?

I think so. Without having looked at the details of the current
implementation, switching to OpenSSL's "standard" calls for loading
certs and keys (SSL_CTX_use_*_file) should be possible for the SSL
client case as well. Given that SSLProxyMachineCertificateFile,
SSLProxyMachineCertificateChainFile and SSLProxyMachineCertificatePath
are global-level-only directives, and that there is no
SSLProxyMachineCertificateKeyFile directive right now, it would probably
be a somewhat more intrusive change, compared to what has been done for
the server-side part so far.

Kaspar

Mime
View raw message