On 22/10/2013 20:14, Trevor Perrin wrote: > On Mon, Oct 21, 2013 at 5:45 AM, Dr Stephen Henson > <[email protected]> wrote: >> On 21/10/2013 05:09, Trevor Perrin wrote: >>> >> >> BTW I've just added some experimental code to the OpenSSL master branch. It >> adds >> key/certificate support to SSL_CONF and a new function >> SSL_CONF_cmd_value_type. >> The Apache side isn't added yet but should be pretty straight forward. > > Cool, if you do the Apache side I'll try to follow your footsteps and > extend ServerInfo to work with SSL_CONF (in OpenSSL and Apache). >
http://svn.apache.org/r1534754 This needs the OpenSSL master branch. It doesn't (yet) work with 1.0.2-stable but I'll be backporting the functionality in the near future. I tested it against a new DH parameters directive and it seemed to work OK. Only bit I'm not completely sure about is the use of the SSL_CONF_CTX structure in modssl_ctx_t. It's done that way to avoid having to keep creating and destroying the SSL_CONF_CTX for each directive but a quick test showed it was creating several other SSL_CONF_CTX structures which were never used. Maybe there's a better way to handle that or just create the SSL_CONF_CTX on first use? Steve. -- Dr Stephen Henson. OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 +1 877-673-6775 [email protected]
