On 01/10/2013 11:15, Dr Stephen Henson wrote: > > To handle ServerInfo properly in mod_ssl > IMHO you would need a new directive as there's no support for per-certificate > SSL_CONF commands: it wasn't intended to be used like that in its current > form. >
Though thinking about this some more there *could* be a way to handle per-certificate options for SSL_CONF. At the moment we have some flags setting the context of the commands: currently server or client. We could have an additional one to mean the command is a per-certificate command instead of per-SSL or per-SSL_CTX. That would need more work on the mod_ssl side to add the equivalent commands for each certificate and call them at the appropriate time. Though for just one per-certificate option it would be easier to just have a new directive. Steve. -- Dr Stephen Henson. OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 +1 877-673-6775 shen...@opensslfoundation.com