httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject SSLSrvConfigRec shared
Date Wed, 20 Sep 2017 10:09:27 GMT
mod_ssl's server_rec configurations (SSLSrvConfigRec) are shared between vhost and base server
*iff* there are no SSL* directives used inside a VirtualHost. This is not really a good idea
since mod_ssl modifies these recs in its post_config hook. This looks currently harmless,
e.g. setting sc->vhost_id n times (but the vhost_id is wrong for all but the last). With
adding certificate/keys in post-config (mod_md) this sharing can no longer happen.

To be precise: this is a side effect of a global "SSLEngine" config. The old-skool "SSLEngine
on" in each vhost will cause every server_rec to have its own SSLSrvConfigRec instance and
things work.

Now, I would like both cases to work. Does anyone have a recommendation? My current thoughts
go like (pseudo code):

if (server != base_server && sslconf(server) == sslconf(base_server)) {
   newconf = conf_merge(new_server_conf(), sslconf(base_server));
   ap_set_module_config(server, newconf);
}

Is there some better way?

Cheers,

Stefan
Mime
View raw message