Kaspar Brand wrote:
Making SNI support configurable at runtime also seems a more attractive
solution to me - it would basically mean that in ssl_init_ctx(), the SNI
callback is not registered unless it's explicitly configured. I would
suggest using something like
SSLEnableSNI port [port] ...
which would be used as a per-server directive (i.e. not within vhosts,
only globally) and enable SNI on the specified ports.
Attached is a proof of concept for such an "SSLEnableSNI" config
directive (for 2.2.x only).
Will need more fine-tuning, most likely, but I would appreciate to get
feedback whether this is considered a feasible approach - thanks.
Kaspar
I managed to find some time to experiment with this patch against 2.2.9,
and so far so good. It works as advertised. I'm eager to see SNI
included in Apache!