On Sat, 12 Apr 2014 13:35:57 -0500 Xan Charbonnet <[email protected]> wrote:
> Hello all, > > First, thanks very much to everyone involved with Pound. I'm a big fan. > > Our customers are public libraries, and we host library catalogs for > them. Each customer has its own subdomain, eg, > libraryname.biblionix.com. We host catalogs for many libraries behind a > single Pound proxy via our *.biblionix.com wildcard certificate. That > certificate assures everybody that the site they're talking to really is > operated by Biblionix. > > Only problem is: the libraries' patrons have no idea who or what > Biblionix is. So that kind of authentication isn't particularly helpful. > > We're looking allowing libraries to have us host the catalog on their > subdomain, something like catalog.libraryname.org. SNI makes this > possible to do securely (and, therefore, at all). Of course it would > require that the library purchase a certificate that would be valid for > that subdomain, and it would require that they give us the certificate > and corresponding private key. > > Let's say that a significant number of libraries take us up on this, and > we now have several hundred .pem files. Two questions: > > 1) Will Pound be able to handle several hundred "Cert" entries? Are > there any major performance implications? > > 2) Feature request: It would be really cool to be able to give a > directory as an argument to "Cert", so that the Pound configuration > wouldn't have to change every time a new certificate were added. It > would be extra cool if Pound didn't even have to be restarted when the > contents of that directory changed. No, there are no performance issues, as all certificates are read once at start-up. You'll have a few more pattern matches to find the right certificate when a connection is created, but that is measured in microseconds. -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-32-512 30 19 -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
