Hi Joe, no I was not particularly aware of init_server() but I will take a look. Thanks.
On 16 May 2018 at 18:55, Joe Orton <jor...@redhat.com> wrote: > On Mon, May 14, 2018 at 08:48:52AM +1000, zzz wrote: > > Basically my use case is I want to construct (or obtain) an SSL_CTX from > > another server for an authorization module - partly to avoid having to > deal > > directly with loading encrypted certificates myself. Allowing Apache to > "do > > it's thing" in that regard, and then pinching the loaded keypair/SSL_CTX > > from another server_rec saves a lot of hassle, and quite frankly makes it > > possible. > > > > So basically I would like to start a discussion of whether a similar > > function modssl_load_*server*_keypair() or modssl_load_server_sslctx() is > > possible. > > Hiya, have you looked at mod_ssl_openssl.h? The "init_server" optional > hook might do what you want, you get access to the SSL_CTX * for every > configured server_rec. Should be simple extract the keypair from there > using standard OpenSSL API calls, though be careful with refcounting. > > Regards, Joe >