Plüm, Rüdiger, VF-Group wrote: > Going through the follow ups the following question remains for me: > > Where did you address to adjust the > > SSLCARevocation{File,Path} and > SSLOCSP{Enable,DefaultResponder,OverrideResponder} > > settings in the case of an non SNI client connecting to the non default vhost?
By modifying ssl_callback_SSLVerify and ssl_callback_SSLVerify_CRL to use r->server as the server_rec (instead of conn->base_server), which makes sure that the correct mctx gets selected. These callbacks will be used during a renegotiation, which is triggered by ssl_hook_Access if the non-default vhost has more restrictive SSLVerify{Client,Depth} settings compared to the default vhost. Kaspar