On Mon, May 14, 2018 at 08:48:52AM +1000, zzz wrote:
> Basically my use case is I want to construct (or obtain) an SSL_CTX from
> another server for an authorization module - partly to avoid having to deal
> directly with loading encrypted certificates myself. Allowing Apache to "do
> it's thing" in that regard, and then pinching the loaded keypair/SSL_CTX
> from another server_rec saves a lot of hassle, and quite frankly makes it
> possible.
> 
> So basically I would like to start a discussion of whether a similar
> function modssl_load_*server*_keypair() or modssl_load_server_sslctx() is
> possible.

Hiya, have you looked at mod_ssl_openssl.h?  The "init_server" optional 
hook might do what you want, you get access to the SSL_CTX * for every 
configured server_rec.  Should be simple extract the keypair from there 
using standard OpenSSL API calls, though be careful with refcounting.

Regards, Joe

Reply via email to