mod_ssl's server_rec configurations (SSLSrvConfigRec) are shared between vhost
and base server *iff* there are no SSL* directives used inside a VirtualHost.
This is not really a good idea since mod_ssl modifies these recs in its
post_config hook. This looks currently harmless, e.g. setting sc->vhost_id n
times (but the vhost_id is wrong for all but the last). With adding
certificate/keys in post-config (mod_md) this sharing can no longer happen.
To be precise: this is a side effect of a global "SSLEngine" config. The
old-skool "SSLEngine on" in each vhost will cause every server_rec to have its
own SSLSrvConfigRec instance and things work.
Now, I would like both cases to work. Does anyone have a recommendation? My
current thoughts go like (pseudo code):
if (server != base_server && sslconf(server) == sslconf(base_server)) {
newconf = conf_merge(new_server_conf(), sslconf(base_server));
ap_set_module_config(server, newconf);
}
Is there some better way?
Cheers,
Stefan
