Ian G wrote: > > Nick Kew <[EMAIL PROTECTED]>wrote: >> ... >> It might be worth a --with-SNI configuration option, which >> would label it as an experimental feature. > > I imagine the use of SNI would need to be configured in > httpd.conf anyway, in the virtual host parts.
Making SNI support configurable at runtime also seems a more attractive solution to me - it would basically mean that in ssl_init_ctx(), the SNI callback is not registered unless it's explicitly configured. I would suggest using something like SSLEnableSNI port [port] ... which would be used as a per-server directive (i.e. not within vhosts, only globally) and enable SNI on the specified ports. Sander, would a run-time configuration option still receive +1 from you? This would only be needed for the 2.2.x backport, not for trunk, right? Kaspar