For when we revisit, or maybe for Michael -- In APU, the immediate problem with SSL is that apr_ldap_ssl_init happens before the certificate options are set. The underlying Tivoli toolkit wants info about the global_certs passed into that call.
autoconf for basic stuff, not really used because we bake it into httpd below: http://people.apache.org/~covener/patches/apuldap-itds1.diff replacement we use instead of apr_ldap_ssl_init for tivoli: http://people.apache.org/~covener/patches/tivoli_ssl_init.txt On Tue, Feb 18, 2014 at 3:42 PM, Graham Leggett <[email protected]> wrote: > On 18 Feb 2014, at 10:35 PM, Eric Covener <[email protected]> wrote: > >> I (IBM) have some patches in this area that didn't make it to APR or HTTPD :( >> >> Unortunately Tivoli SSL initialization doesn't fit into how APU >> initializes SSL and we are currently using hacks in both APU and >> HTTPD. > > I am about half way through the APR v2.0 replacement of the API. Not only is > the init really tricky, with every toolkit out there having a unique > variation, but the bind has a bunch of variation too. Then there is the > passing of binary objects which has toolkit specific definitions of lengths. > It has made coming up with an API quite a challenge. > > My current biggest challenge is a pile of work I have that needs doing, so > can't look at it now alas. > > Regards, > Graham > -- > -- Eric Covener [email protected]
