On 30/01/2014 18:25, Kaspar Brand wrote: > On 29.01.2014 19:15, Graham Leggett wrote: >> On 29 Jan 2014, at 16:24, kbr...@apache.org wrote: >>> URL: http://svn.apache.org/r1562500 >>> Log: >>> propose SSLCertificate[Key]File/SSLCertificateChainFile overhaul for mod_ssl >> >> Would it be possible to do the same for the SSLProxy* directives? > > I think so. Without having looked at the details of the current > implementation, switching to OpenSSL's "standard" calls for loading > certs and keys (SSL_CTX_use_*_file) should be possible for the SSL > client case as well. Given that SSLProxyMachineCertificateFile, > SSLProxyMachineCertificateChainFile and SSLProxyMachineCertificatePath > are global-level-only directives, and that there is no > SSLProxyMachineCertificateKeyFile directive right now, it would probably > be a somewhat more intrusive change, compared to what has been done for > the server-side part so far. >
I wasn't sure of the details of the current implementation either. Would it be appropriate to have SSL_CONF usable with SSLProxy* too? Steve. -- Dr Stephen Henson. OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 +1 877-673-6775 shen...@opensslfoundation.com