On 11.12.2013 08:16, [email protected] wrote: > Author: jkaluza > Date: Wed Dec 11 07:16:28 2013 > New Revision: 1550060 > > URL: http://svn.apache.org/r1550060 > Log: > mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all > configured SSL CA certificates to stdout the same way as DUMP_CERTS does.
In addition to what Rüdiger noted (on 13 December): are -DDUMP_CERTS and -DDUMP_CA_CERTS supposed to be mutually exclusive? Right now, specifying both will have the effect of only outputting the certs (due to the early return in line 1937). Another idea is to interleave server and CA cert information and output them by the vhost_id, e.g.: foo.example.net:443 Server: /usr/local/apache2/conf/server-foo.crt CA: /usr/local/apache2/conf/ssl.crt/ca-bundle-foo.crt bar.example.net:443 Server: /usr/local/apache2/conf/server-bar.crt CA: /usr/local/apache2/conf/ssl.crt/ca-bundle-bar.crt ... And third, could we document -DDUMP_CERTS and -DDUMP_CA_CERTS on this occasion (either in server/main.c or docs/man/httpd.8)? Kaspar
