Hi Joe, do you know what version of Apache init_server() was introduced? I am looking at two versions that appear in RHEL6/7 (2.2.15, 2.4.6) and neither of them have this function, or even the header file mod_ssl_openssl.h. On a related note, do you know what version of Apache will ship with RHEL8? Thanks.
On 16 May 2018 at 18:55, Joe Orton <jor...@redhat.com> wrote: > On Mon, May 14, 2018 at 08:48:52AM +1000, zzz wrote: > > Basically my use case is I want to construct (or obtain) an SSL_CTX from > > another server for an authorization module - partly to avoid having to > deal > > directly with loading encrypted certificates myself. Allowing Apache to > "do > > it's thing" in that regard, and then pinching the loaded keypair/SSL_CTX > > from another server_rec saves a lot of hassle, and quite frankly makes it > > possible. > > > > So basically I would like to start a discussion of whether a similar > > function modssl_load_*server*_keypair() or modssl_load_server_sslctx() is > > possible. > > Hiya, have you looked at mod_ssl_openssl.h? The "init_server" optional > hook might do what you want, you get access to the SSL_CTX * for every > configured server_rec. Should be simple extract the keypair from there > using standard OpenSSL API calls, though be careful with refcounting. > > Regards, Joe >