On 04/02/2012 07:32, Kaspar Brand wrote: > On 02.02.2012 15:13, Dr Stephen Henson wrote: >> >> int SSL_CTX_config(SSL_CTX *ctx, const char *config_name); >> >> Where "config_name" is a named configuration option in the OpenSSL >> configuration >> file. This has the substantial advantage that there would >> then be one configuration file format used by all OpenSSL applications. >> The disadvantage is that it would look nothing like the existing Apache >> configuration format. > > Maybe mod_ssl could offer both - a directive for configuring via > key-value pairs for "simple" cases, and a config file based way for > complex setups. (In some way, it's what PHP currently does with the > php_value/php_admin_value directives and php.ini.) >
I agree some of the more complex operations might need nested configuration options (for example setting verification policies). It should be possible to setup most options for an SSL_CTX or SSL structure this way, including which key(s) and certificate(s) to use, though not sure mod_ssl would make use of that. > BTW: I would like to see SSL_set_config_string(), too - for those > mod_ssl options which can be set on a per-directory basis. > Yes I certainly plan to have an equivalent for SSL structures too. Steve. -- Dr Stephen Henson. OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 +1 877-673-6775 [email protected]
