httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <shen...@opensslfoundation.com>
Subject Re: svn commit: r1562500 - /httpd/httpd/branches/2.4.x/STATUS
Date Thu, 30 Jan 2014 19:37:42 GMT
On 30/01/2014 18:25, Kaspar Brand wrote:
> On 29.01.2014 19:15, Graham Leggett wrote:
>> On 29 Jan 2014, at 16:24, kbrand@apache.org wrote:
>>> URL: http://svn.apache.org/r1562500
>>> Log:
>>> propose SSLCertificate[Key]File/SSLCertificateChainFile overhaul for mod_ssl
>>
>> Would it be possible to do the same for the SSLProxy* directives?
> 
> I think so. Without having looked at the details of the current
> implementation, switching to OpenSSL's "standard" calls for loading
> certs and keys (SSL_CTX_use_*_file) should be possible for the SSL
> client case as well. Given that SSLProxyMachineCertificateFile,
> SSLProxyMachineCertificateChainFile and SSLProxyMachineCertificatePath
> are global-level-only directives, and that there is no
> SSLProxyMachineCertificateKeyFile directive right now, it would probably
> be a somewhat more intrusive change, compared to what has been done for
> the server-side part so far.
> 

I wasn't sure of the details of the current implementation either. Would it be
appropriate to have SSL_CONF usable with SSLProxy* too?

Steve.
-- 
Dr Stephen Henson. OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
+1 877-673-6775
shenson@opensslfoundation.com

Mime
View raw message