On Wed, 20 Oct 2004 08:37:01 +0100, Joe Orton <[EMAIL PROTECTED]> wrote:
> On Wed, Oct 20, 2004 at 12:13:14AM -0700, Madhusudan Mathihalli wrote:
> > On Sat, 16 Oct 2004 07:58:57 +0100, Joe Orton <[EMAIL PROTECTED]> wrote:
> > > Changing just the _DN variable format with a config directive sounds OK.
> > > Adding new variables would be an alternative, but the names would
> > > probably get *really* ugly...
> > >
> > That is correct - I should've been more clear in my mail. What I
> > really meant was to give options like
> > DNFormat SSL_SERVER_S_DN default
> > DNFormat SSL_CLIENT_S_DN rfc2253
>
> Actually I do wonder whether just adding new variable names
>
> SSL_{SERVER,CLIENT}_{I,S}_2253DN
>
> is the best way. If you have other modules which are accessing the DNs
> directly from ssl_var_lookup you may not want to change the DN format
> for them, but you do for some script, or vice versa. Those names aren't
> so ugly, and it saves adding more config directives. What do you
> reckon?
>
Sure - I like the idea.
The one concern is that if we end up exporting both _DN and _2253DN
formats, it'll have a performance impact on Apache. As it stands now,
Apache is around 50% slower than Zeus (even with SPECweb2003).
I'll start working on the patch
Thanks
-Madhu
