httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: svn commit: r1562500 - /httpd/httpd/branches/2.4.x/STATUS
Date Thu, 30 Jan 2014 21:51:55 GMT
On Thu, Jan 30, 2014 at 2:37 PM, Dr Stephen Henson <
shenson@opensslfoundation.com> wrote:

> On 30/01/2014 18:25, Kaspar Brand wrote:
> > On 29.01.2014 19:15, Graham Leggett wrote:
> >> On 29 Jan 2014, at 16:24, kbrand@apache.org wrote:
> >>> URL: http://svn.apache.org/r1562500
> >>> Log:
> >>> propose SSLCertificate[Key]File/SSLCertificateChainFile overhaul for
> mod_ssl
> >>
> >> Would it be possible to do the same for the SSLProxy* directives?
> >
> > I think so. Without having looked at the details of the current
> > implementation, switching to OpenSSL's "standard" calls for loading
> > certs and keys (SSL_CTX_use_*_file) should be possible for the SSL
> > client case as well. Given that SSLProxyMachineCertificateFile,
> > SSLProxyMachineCertificateChainFile and SSLProxyMachineCertificatePath
> > are global-level-only directives, and that there is no
> > SSLProxyMachineCertificateKeyFile directive right now, it would probably
> > be a somewhat more intrusive change, compared to what has been done for
> > the server-side part so far.
> >
>
> I wasn't sure of the details of the current implementation either. Would
> it be
> appropriate to have SSL_CONF usable with SSLProxy* too?
>

Surely "yes" is the answer; i.e., there is or will be some optional OpenSSL
processing that could conceivably be appropriate for the TLS client used by
proxy, for which mod_ssl doesn't have specific support.


>
> Steve.
> --
> Dr Stephen Henson. OpenSSL Software Foundation, Inc.
> 1829 Mount Ephraim Road
> Adamstown, MD 21710
> +1 877-673-6775
> shenson@opensslfoundation.com
>



-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Mime
View raw message