Hi Apache folks, I've been working with Ben Laurie on a "ServerInfoFile" feature for OpenSSL 1.0.2.
Using a call to OpenSSL's "SSL_CTX_use_serverinfo_file()" the user can specify a file of PEM blocks containing TLS ServerHello extension data. The extensions will be returned if the client sends a corresponding ClientHello. This allows support of Certificate Transparency (RFC 6962), TACK (draft-perrin-tls-tack), and similar things. The feature is checked in to the 1.0.2 branch [1], so we'd like to expose it through Apache. The patch is pretty simple. I suppose more tests or docs might be needed (?), which I'm happy to write. Anyways, is this something Apache is interested it? Does the patch look correct? [2] Trevor [1] https://github.com/openssl/openssl/tree/OpenSSL_1_0_2-stable [2] https://issues.apache.org/bugzilla/show_bug.cgi?id=55593