On 29.04.2011 11:09, Ben Noordhuis wrote:
On Fri, Apr 29, 2011 at 10:27, Hardy Griech<nt...@mardys.de> wrote:
I'm trying to use mod_gnutls for TLS termination without success.
My first suggestion would be to use mod_ssl.
Forgot to mention: I've patched mod_gnutls for PSK usage.
I've also thought about patching mod_ssl to recognize PSKs but there are
several points against it:
- not easy to compile mod_ssl standalone. To be honest I have
problems compiling apache itself (on Debian testing)
- mod_ssl code is much larger than mod_gnutls
- mod_ssl (openssl?) does not obey the maximum fragmentation
length requested by the clients
Alternatively, compile Apache and mod_gnutls with -g -O0 and run it
with `gdb --args httpd -X -e debug`. Put a breakpoint on the
pre_connection hook and take it from there.
Thanks, I will give it a try.
Hardy
