>This depends how clean your patch currently is. When you changed lots of
>mod_ssl's internal code, you'll have problems, of course. But when you
patch
>is mainly a clean extension you can move it easily to a new module. Can you
>post your current version of your patch? Then I give you some
recommendations
>on how to convert them into a stand-alone mod_ocsp_ldap.c.
I extended ssl_engine_kernel.c, I have a routine calling in
ssl_callback_verify, some new function separated (clean), and some row in
ssl_engine_vars.c.
Don't care about the few rows in ssl_callback_verify, because I can reduce
it just to one instruction, calling to ocsp_responder.
fperr is still present just for my utility, I use the SSLLog as you see.
I send you everything attached, you already have the new directives and the
SSLRequire in http.conf (or you guess it).
I follow your suggestion and correct I/O instructions with openssl ones
(ap_pfopen).
Last problem is how to implement new directives in mod_ssl.c and
ssl_engine_config.c, like SSLLdapServers, SSLLdapDn and SSLLdapPwd.
Thanks again,
Andrea
eng_var.patch.tar.gz
eng_ker.patch.tar.gz
