On Mon, May 14, 2018 at 08:48:52AM +1000, zzz wrote: > Basically my use case is I want to construct (or obtain) an SSL_CTX from > another server for an authorization module - partly to avoid having to deal > directly with loading encrypted certificates myself. Allowing Apache to "do > it's thing" in that regard, and then pinching the loaded keypair/SSL_CTX > from another server_rec saves a lot of hassle, and quite frankly makes it > possible. > > So basically I would like to start a discussion of whether a similar > function modssl_load_*server*_keypair() or modssl_load_server_sslctx() is > possible.
Hiya, have you looked at mod_ssl_openssl.h? The "init_server" optional hook might do what you want, you get access to the SSL_CTX * for every configured server_rec. Should be simple extract the keypair from there using standard OpenSSL API calls, though be careful with refcounting. Regards, Joe
