On 22.10.2013 22:04, Dr Stephen Henson wrote: > Only bit I'm not completely sure about is the use of the SSL_CONF_CTX > structure > in modssl_ctx_t. It's done that way to avoid having to keep creating and > destroying the SSL_CONF_CTX for each directive but a quick test showed it was > creating several other SSL_CONF_CTX structures which were never used.
Right now, the SSL_CONF_CTX_* handling is in ssl_init_ctx_protocol, which is called once for each vhost (and each vhost has its own modssl_ctx_t), so the change you applied with r1534754 doesn't really change much as far as the SSL_CONF_CTX structure handling is concerned, I think. To prevent unnecessary SSL_CONF_CTX structures from being created, it should be sufficient to enclose that block with an "if (mctx->ssl_ctx_param->nelts > 0)" condition, IINM. Kaspar