> On Jan 30, 2017, at 17:00, Willy Tarreau <w...@1wt.eu> wrote: > > Hi Grant, >> >> To work around this, without complicating the init code, do you think it is >> OK to directly call ssl_init_single_engine inside >> ssl_parse_glabal_ssl_engine? > > I still find this problematic. Normally what we have here are settings > that could possibly be overridden, and nothing in the config really is > processed in the middle of the parsing. However I'm seeing another > solution : in the cert load code you could have something like this > before proceeding : > > if (!engine_initialized) > ssl_init_engine(); > > This way we postpone engine initialization to the latest possible point, > and that should be OK since we normally don't put new global sections > after any proxy.
Sounds good to me. I will submit a version based on this. Thanks, Grant
