On 27.09.2013 20:58, Trevor Perrin wrote: > On Fri, Sep 27, 2013 at 9:16 AM, Kaspar Brand <httpd-dev.2...@velox.ch> wrote: >> It could probably be handled in >> ssl_engine_config.c:ssl_cmd_SSLOpenSSLConfCmd(), but this would again >> mean adding specific code for ServerInfoFile. > > If we're adding specific code for ServerInfoFile, would it make more > sense just to do a separate directive?
I would like to avoid that, as it would mean to extend modssl_pk_server_t (or some other struct) whenever an additional OpenSSL feature is added. See also this thread for some background: https://mail-archives.apache.org/mod_mbox/httpd-dev/201202.mbox/%3C4F2A9A20.7010502%40opensslfoundation.com%3E >> Define SR /path/to/server/root/ >> SSLOpenSSLConfCmd ServerInfoFile ${SR}relative/file/name > > Hmm, are you asking the web admin to define SR? That doesn't seem > much easier then just telling them to use the absolute name: > > SSLOpenSSLConfCmd ServerInfoFile /path/to/server/root/relative/file/name We could do that in the default httpd.conf file, similar to how it was done with http://svn.apache.org/r1401126 for DocumentRoot. If the ability to specify relative path names with SSLOpenSSLConfCmd is considered an absolutely essential feature, then OpenSSL could perhaps "standardize" its option names somewhat - e.g. by always naming those which take a file name argument with "...File". We could then handle such a case in mod_ssl as illustrated by the attached patch. Kaspar
Index: ssl_engine_config.c =================================================================== --- ssl_engine_config.c (revision 1527187) +++ ssl_engine_config.c (working copy) @@ -1820,9 +1820,15 @@ const char *ssl_cmd_SSLOpenSSLConfCmd(cmd_parms *cmd, void *dcfg, const char *arg1, const char *arg2) { - ssl_ctx_param_t *param; SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - param = apr_array_push(sc->server->ssl_ctx_param); + ssl_ctx_param_t *param = apr_array_push(sc->server->ssl_ctx_param); + const char *err; + + if (!strncmp(&arg1[strlen(arg1)-4], "File", 4) && + (err = ssl_cmd_check_file(cmd, &arg2))) { + return err; + } + param->name = arg1; param->value = arg2; return NULL;