On Sep 23, 2008, at 5:37 AM, David Shane Holden wrote:
Kaspar Brand wrote:
Making SNI support configurable at runtime also seems a more
attractive
solution to me - it would basically mean that in ssl_init_ctx(),
the SNI
callback is not registered unless it's explicitly configured. I
would
suggest using something like
SSLEnableSNI port [port] ...
which would be used as a per-server directive (i.e. not within
vhosts,
only globally) and enable SNI on the specified ports.
Attached is a proof of concept for such an "SSLEnableSNI" config
directive (for 2.2.x only).
Will need more fine-tuning, most likely, but I would appreciate to
get
feedback whether this is considered a feasible approach - thanks.
Kaspar
I managed to find some time to experiment with this patch against
2.2.9, and so far so good. It works as advertised. I'm eager to
see SNI included in Apache!
As we all know, this will not be in 2.2.10... Please recall that
things must be in -trunk before being viable for backport to 2.2.x.
