Thomas, Peter wrote:
-----Original Message-----
From: Adam Hasselbalch Hansen [mailto:a...@one.com]
Sent: Tuesday, May 25, 2010 7:06 AM
To: dev@httpd.apache.org
Subject: Re: mod_ssl, SNI and dynamic virtual hosts
So what I'm attempting to get feedback on is whether or not
it will be possible or even feasible to move certificate
loading (as in the actual reading of certificate files) from
startup time to request time, and if so, what caveats if any
this may lead to.
Loading & processing server certificates, keys, trust chains, and CRLs
Request time doesn't make sense to me, unless it's implemented as a
"one-time cost" for the first use of a dynamic virtual host. Are these
virtual hosts truly dynamic? It seems that there would have to be some
a priori knowledge of the possible servers you might be hosting. Are you
Not in a consistent way. Dynamic hosts can (and will) be added or
removed from under Apache's nose without restarting it.
in fact proposing some mechanism whereby you provide a path generator as
in "certs/%s/server.crt" where Apache will look for the certificates
[and other files] defining the PKI environment for each dynamic virtual
host, and that further these files might not have been present on the
system at httpd's startup?
That is exactly what I am proposing.
Thank you,
--
Adam Hasselbalch Hansen
UNIX Systems Developer, CPH
e: a...@one.com, w: www.one.com