Plüm, Rüdiger, VF-Group wrote:
> Going through the follow ups the following question remains for me:
>
> Where did you address to adjust the
>
> SSLCARevocation{File,Path} and
> SSLOCSP{Enable,DefaultResponder,OverrideResponder}
>
> settings in the case of an non SNI client connecting to the non default vhost?
By modifying ssl_callback_SSLVerify and ssl_callback_SSLVerify_CRL to
use r->server as the server_rec (instead of conn->base_server), which
makes sure that the correct mctx gets selected. These callbacks will be
used during a renegotiation, which is triggered by ssl_hook_Access if
the non-default vhost has more restrictive SSLVerify{Client,Depth}
settings compared to the default vhost.
Kaspar
