Thank you all very much! I try and actually what you are saying later :)
On Tue, Feb 18, 2014 at 9:52 PM, Eric Covener <[email protected]> wrote: > For when we revisit, or maybe for Michael -- In APU, the immediate > problem with SSL is that apr_ldap_ssl_init happens before the > certificate options are set. The underlying Tivoli toolkit wants info > about the global_certs passed into that call. > > autoconf for basic stuff, not really used because we bake it into > httpd below: http://people.apache.org/~covener/patches/apuldap-itds1.diff > replacement we use instead of apr_ldap_ssl_init for tivoli: > http://people.apache.org/~covener/patches/tivoli_ssl_init.txt > > On Tue, Feb 18, 2014 at 3:42 PM, Graham Leggett <[email protected]> wrote: > > On 18 Feb 2014, at 10:35 PM, Eric Covener <[email protected]> wrote: > > > >> I (IBM) have some patches in this area that didn't make it to APR or > HTTPD :( > >> > >> Unortunately Tivoli SSL initialization doesn't fit into how APU > >> initializes SSL and we are currently using hacks in both APU and > >> HTTPD. > > > > I am about half way through the APR v2.0 replacement of the API. Not > only is the init really tricky, with every toolkit out there having a > unique variation, but the bind has a bunch of variation too. Then there is > the passing of binary objects which has toolkit specific definitions of > lengths. It has made coming up with an API quite a challenge. > > > > My current biggest challenge is a pile of work I have that needs doing, > so can't look at it now alas. > > > > Regards, > > Graham > > -- > > > > > > -- > Eric Covener > [email protected] >
