Hello all, First, thanks very much to everyone involved with Pound. I'm a big fan.
Our customers are public libraries, and we host library catalogs for them. Each customer has its own subdomain, eg, libraryname.biblionix.com. We host catalogs for many libraries behind a single Pound proxy via our *.biblionix.com wildcard certificate. That certificate assures everybody that the site they're talking to really is operated by Biblionix. Only problem is: the libraries' patrons have no idea who or what Biblionix is. So that kind of authentication isn't particularly helpful. We're looking allowing libraries to have us host the catalog on their subdomain, something like catalog.libraryname.org. SNI makes this possible to do securely (and, therefore, at all). Of course it would require that the library purchase a certificate that would be valid for that subdomain, and it would require that they give us the certificate and corresponding private key. Let's say that a significant number of libraries take us up on this, and we now have several hundred .pem files. Two questions: 1) Will Pound be able to handle several hundred "Cert" entries? Are there any major performance implications? 2) Feature request: It would be really cool to be able to give a directory as an argument to "Cert", so that the Pound configuration wouldn't have to change every time a new certificate were added. It would be extra cool if Pound didn't even have to be restarted when the contents of that directory changed. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
