On 17/10/2018 15:44, Joe Orton wrote: > On Wed, Oct 17, 2018 at 02:29:42PM +0200, jean-frederic clere wrote: >> One of the customer complains is that having the variables exposed like >> in StdEnvars has a huge performances cost (everything is exposed for >> each request) , he wants to check one variable and then decide in his >> code what are the other he needs to access and yes he wants to know what >> we can expose... > > That is all possible with ssl_var_lookup() today. What is it you're > trying to do that isn't possible (or efficient) today?
The customer is OK to use ssl_var_lookup(), I am good with that part ;-) > > The API which mod_ssl exposes is the list of SSL_ variable, a list of > (name,value) pairs. That some of those keys are listed in the > ssl_hook_Fixup_vars array and some are not is an implementation detail > which makes no sense to expose in the API. > > If you wanted a new API which exposes the available SSL variable *names* > without computing the values, that might makes sense but it is expensive > in the general case because you'd still need to parse the DNs. Good point, but it is still less expensive than using the StdEnvars logic. I have rollback my commit and I am reworking it the next days. Many thanks for the comments > > > -- Cheers Jean-Frederic
