On 02/02/2012 14:22, "Plüm, Rüdiger, VF-Group" wrote: > >> >> It has been apparent for some time that mod_ssl (and other applications) >> require >> a considerable effort to support new features in OpenSSL. >> >> >> A third method is to delegate the configuration completely to OpenSSL >> using a >> separate configuration file. So, we'd have an option to set the >> configuration >> file to use and then something like: >> >> int SSL_CTX_config(SSL_CTX *ctx, const char *config_name); > > -0 from mod_ssl perspective. How do you configure which configuration file to > use in this case? > If it is the system wide one I don't regard this as beneficial as a web > server operator might > not have write access to it. >
Sorry should've explained that bit. The configuration file to use wouldn't be hard coded. There would be a separate API which would allow an application to decide which configuration file to use. It could be either a system wide one or a local one dealing with mod_ssl only. Steve. -- Dr Stephen Henson. OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 +1 877-673-6775 [email protected]
