On 21/10/2013 05:09, Trevor Perrin wrote: > > Seems like a lot of work. For example, how would the generic > SSLConfCmd commands get hooked-up with passphrase handling for the key > files? >
BTW I've just added some experimental code to the OpenSSL master branch. It adds key/certificate support to SSL_CONF and a new function SSL_CONF_cmd_value_type. The Apache side isn't added yet but should be pretty straight forward. Even with the existing Apache certificate code it should be possible to handle a per-certificate server info directive. You'd just set the certificate again if you had more than one. For example: ... SSLOpenSSLConfCmd Certificate cert1.pem SSLOpenSSLConfCmd ServerInfoFile info1.pem SSLOpenSSLConfCmd Certificate cert2.pem SSLOpenSSLConfCmd ServerInfoFile info2.pem ... The point is that it will reload the certificate (which has been set before by the existing Apache certificate directives) and set it as the current certificate, which any subsequent options will use. Steve. -- Dr Stephen Henson. OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 +1 877-673-6775 shen...@opensslfoundation.com
