On 10/08/2008 09:56 PM, Jim Jagielski wrote: > > On Sep 23, 2008, at 5:37 AM, David Shane Holden wrote: > >> Kaspar Brand wrote: >>>> Making SNI support configurable at runtime also seems a more attractive >>>> solution to me - it would basically mean that in ssl_init_ctx(), the >>>> SNI >>>> callback is not registered unless it's explicitly configured. I would >>>> suggest using something like >>>> >>>> SSLEnableSNI port [port] ... >>>> >>>> which would be used as a per-server directive (i.e. not within vhosts, >>>> only globally) and enable SNI on the specified ports. >>>> >>> >>> Attached is a proof of concept for such an "SSLEnableSNI" config >>> directive (for 2.2.x only). >>> >>> Will need more fine-tuning, most likely, but I would appreciate to get >>> feedback whether this is considered a feasible approach - thanks. >>> >>> Kaspar >>> >> I managed to find some time to experiment with this patch against >> 2.2.9, and so far so good. It works as advertised. I'm eager to see >> SNI included in Apache! >> > > As we all know, this will not be in 2.2.10... Please recall that > things must be in -trunk before being viable for backport to 2.2.x.
I must admit that I lost a little bit of track of the exact status of SNI in trunk. It would be very cool if Joe could point out the remaining issues with the trunk version of SNI so that it can be worked on. I guess Kaspar would be happy to supply at least some of the needed patches. I will then try to do my very best to review this. Regards RĂ¼diger
