On Tue, Oct 22, 2013 at 4:04 PM, Dr Stephen Henson < shen...@opensslfoundation.com> wrote:
> On 22/10/2013 20:14, Trevor Perrin wrote: > > On Mon, Oct 21, 2013 at 5:45 AM, Dr Stephen Henson > > <shen...@opensslfoundation.com> wrote: > >> On 21/10/2013 05:09, Trevor Perrin wrote: > >>> > >> > >> BTW I've just added some experimental code to the OpenSSL master > branch. It adds > >> key/certificate support to SSL_CONF and a new function > SSL_CONF_cmd_value_type. > >> The Apache side isn't added yet but should be pretty straight forward. > > > > Cool, if you do the Apache side I'll try to follow your footsteps and > > extend ServerInfo to work with SSL_CONF (in OpenSSL and Apache). > > > > http://svn.apache.org/r1534754 > > This needs the OpenSSL master branch. It doesn't (yet) work with > 1.0.2-stable > but I'll be backporting the functionality in the near future. > Support for "ServerInfoFile" still isn't in SSL_CONF_cmd()/SSL_CONF_cmd_value_type() in OpenSSL master or the 1.0.2 branch, right? (IOW, "SSLOpenSSLConfCmd ServerInfoFile info1.pem" is the planned interface in mod_ssl but not yet workable?) Or maybe I'm not looking at the right place in OpenSSL. Thanks! > > I tested it against a new DH parameters directive and it seemed to work OK. > > Only bit I'm not completely sure about is the use of the SSL_CONF_CTX > structure > in modssl_ctx_t. It's done that way to avoid having to keep creating and > destroying the SSL_CONF_CTX for each directive but a quick test showed it > was > creating several other SSL_CONF_CTX structures which were never used. Maybe > there's a better way to handle that or just create the SSL_CONF_CTX on > first use? > > Steve. > -- > Dr Stephen Henson. OpenSSL Software Foundation, Inc. > 1829 Mount Ephraim Road > Adamstown, MD 21710 > +1 877-673-6775 > shen...@opensslfoundation.com > -- Born in Roswell... married an alien... http://emptyhammock.com/
