On 29.01.2014 19:15, Graham Leggett wrote: > On 29 Jan 2014, at 16:24, kbr...@apache.org wrote: >> URL: http://svn.apache.org/r1562500 >> Log: >> propose SSLCertificate[Key]File/SSLCertificateChainFile overhaul for mod_ssl > > Would it be possible to do the same for the SSLProxy* directives?
I think so. Without having looked at the details of the current implementation, switching to OpenSSL's "standard" calls for loading certs and keys (SSL_CTX_use_*_file) should be possible for the SSL client case as well. Given that SSLProxyMachineCertificateFile, SSLProxyMachineCertificateChainFile and SSLProxyMachineCertificatePath are global-level-only directives, and that there is no SSLProxyMachineCertificateKeyFile directive right now, it would probably be a somewhat more intrusive change, compared to what has been done for the server-side part so far. Kaspar