> -----Ursprüngliche Nachricht-----
> Von: Kaspar Brand
> Gesendet: Donnerstag, 2. April 2009 18:21
> An: dev@httpd.apache.org
> Betreff: Re: SNI in 2.2.x (Re: Time for 2.2.10?)
>
> Plüm, Rüdiger, VF-Group wrote:
> > Going through the follow ups the following question remains for me:
> >
> > Where did you address to adjust the
> >
> > SSLCARevocation{File,Path} and
> > SSLOCSP{Enable,DefaultResponder,OverrideResponder}
> >
> > settings in the case of an non SNI client connecting to the
> non default vhost?
>
> By modifying ssl_callback_SSLVerify and ssl_callback_SSLVerify_CRL to
> use r->server as the server_rec (instead of conn->base_server), which
> makes sure that the correct mctx gets selected. These
> callbacks will be
> used during a renegotiation, which is triggered by ssl_hook_Access if
> the non-default vhost has more restrictive SSLVerify{Client,Depth}
> settings compared to the default vhost.
>
Thanks for the pointer.
Regards
Rüdiger
