> -----Ursprüngliche Nachricht----- > Von: Kaspar Brand > Gesendet: Donnerstag, 2. April 2009 18:21 > An: dev@httpd.apache.org > Betreff: Re: SNI in 2.2.x (Re: Time for 2.2.10?) > > Plüm, Rüdiger, VF-Group wrote: > > Going through the follow ups the following question remains for me: > > > > Where did you address to adjust the > > > > SSLCARevocation{File,Path} and > > SSLOCSP{Enable,DefaultResponder,OverrideResponder} > > > > settings in the case of an non SNI client connecting to the > non default vhost? > > By modifying ssl_callback_SSLVerify and ssl_callback_SSLVerify_CRL to > use r->server as the server_rec (instead of conn->base_server), which > makes sure that the correct mctx gets selected. These > callbacks will be > used during a renegotiation, which is triggered by ssl_hook_Access if > the non-default vhost has more restrictive SSLVerify{Client,Depth} > settings compared to the default vhost. >
Thanks for the pointer. Regards Rüdiger